Contents
ICISS 2008
4th International Conference on Information Systems Security,
Hyderabad, India, December 16-20, 2008.
[posted here 4/7/08]
The ICISS 2008 encourages submissions from academia, industry and government
addressing theoretical and practical problems in information and
systems security and related areas. Topics of interest include but are
not limited to:
- Application Security
- Authentication and Access Control
- Biometric Security
- Data Security
- Digital Forensics and Diagnostics
- Digital Rights Management
- Distributed System Security
- Formal Methods in Security
- Intrusion Detection, Prevention and Response
- Intrusion Tolerance and Recovery
- Key Management and Cryptographic Protocols
- Language-based Security
- Malware Analysis and Mitigation
- Network Security
- Operating System Security
- Privacy and Anonymity
- Security in P2P, Sensor and Ad Hoc Networks
- Software Security
- Vulnerability Detection and Mitigation
- Web Security
For more information, please see
http://www.seclab.cs.sunysb.edu/iciss08/.
Inscrypt 2008
4th International Conferences on Information Security and Cryptology,
Beijing, China, December 14-17, 2008.
[posted here 7/14/08]
Authors are invited to submit full papers presenting new research results
related to cryptology, information security and their applications. All
submissions must describe original research that is not published or
currently under review by another conference or journal. Areas of interest
include, but are not limited to:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architectures
- Provable Security
- Secure Multiparty Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MACs
- Block Cipher Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Prevention and Detection of Malicious Codes
For more information, please see
http://www.inscrypt.cn/inscrypt/.
DSSC 2008
1st International Workshop on Dependable and Secure Services Computing,
Held in conjunction with IEEE APSCC 2008,
Yilan, Taiwan, December 9-12, 2008.
[posted here 6/9/08]
Service-Oriented Computing (SOC) is an emerging paradigm that puts Technology,
Business, and People altogether. Since SOC is reshaping the modern business model
and services industry, security and dependability are becoming crucial issues.
The prime goal of DSSC lies in associating Services Computing with higher level of dependability
and security. More specifically, we aim to provide a platform for researchers in the
dependability and security communities to interact with researchers in the SOC
community, so that efficacious cross pollination of ideas could occur between
these areas. We encourage submissions from both industry and academia.
The topics of interest of ISC include, but are not limited to, the
following:
System and Service Dependability
- Architectural and Operating System Support for Services Computing
- Self-Reconfiguration Systems for Services Computing
- Architectural and System-Level Synthesis
- System Dependability Modeling and Prediction
- Scalable Techniques for Providing High Availability and Reliability
- Verification and Validation Methodology for Services Computing
- Time-Critical Services
- Safety-Critical Services
- Resource Management for Services Computing
- Automated Failure Management
- Middleware for Services Computing
Security Issues and Concerns
- Service Authentication
- Service Authorization
- Privacy And Anonymity in Services Computing
- Intrusion Detection in Services Computing
- Specification And Querying of Security Constraints
- Cryptographic Protocols for Services Computing
- Role Based Access Control for Services Computing
- Identity Assertion and Service Auditing
- Services and XML Based Security Standards
- Access Control for Services Computing
- Formal Methods for Security Deployment
- Secure Service Deployment
- Credential and Role Mapping for Services Computing
Quality of Service
- Performance Analysis, Evaluation, and Prediction
- Benchmarking of Management Technologies
- Service Auditing
- Service Resource Provisioning
- QoS Negotiation and Cost of Services (CoS)
- Empirical Studies and Benchmarking of QoS
- Autonomic Management of Service Levels
- Monitoring for (Composed) Services
- Return on Investment (ROI) Analysis
- Validation of Service and Quality Claims
- SLA and Policy Specification and Enactment
- QoS-Aware Selection Model for Semantic Web Services
- Real-Time Supply Chain Integration
Applications of Dependable and Secure Services
- E-Commerce Dependability
- Firewall Technologies
- Open/Dynamic Grid Service Architectures
- Grid Service Deployment and Service Registries
- Grid Computing and Services On-Demand
- Peer-to-Peer Virtual Repository
- Mobile, Ad-Hoc, and Peer-To-Peer Services
- Secure Web Services
For more information, please see
http://6book.niu.edu.tw/DSSC08.
ACSAC 2008
24th Annual Computer Security Applications Conference,
Anaheim, California, December 8-12, 2008.
[posted here 4/21/08]
ACSAC is an internationally recognized forum where practitioners, researchers,
and developers in information system security meet to learn and to exchange
practical ideas and experiences. Papers offering novel contributions in
any aspect of computer and application security are solicited. Papers may
present technique, applications, or practical experience, or theory that
has a clear practical impact. Papers are encouraged on technologies and
methods that have been demonstrated to be useful for improving information
systems security and that address lessons from actual application.
Topics of interest include, but are not limited to:
- access control
- applied cryptography
- audit and audit reduction
- biometrics
- boundary control devices
- certification and accreditation
- database security
- defensive information warfare
- denial of service protection
- electronic commerce security
- enterprise security
- forensics
- identification and authentication
- identity management
- incident response planning
- information survivability
- insider threat protection
- integrity
- intellectual property rights protection
- intrusion detection
- malware
- multimedia security
- operating systems security
- peer-to-peer security
- privacy and anonymity
- product evaluation criteria and compliance
- risk/vulnerability assessment
- secure location services
- security engineering and management
- security in IT outsourcing
- service oriented architectures
- software assurance
- trust management
- virtualization security
- voip security
For more information, please see
http://www.acsac.org.
NSP 2008
1st International Workshop on Network Security and Privacy,
Held in conjunction with the IEEE IPCCC 2008,
Austin, Texas, USA, December 7-9, 2008.
[posted here 9/15/08]
This workshop provides a forum for academia, industry, and government agencies
to discuss the challenges involved in network security and privacy. The workshop
will identify and define new network security vulnerabilities, fundamental privacy
issues and potential solutions. Contributions of all types including case studies
and research, addressing the main focus or one of following non-exclusive list of
topics are equally welcome:
- Anonymous communications
- BGP security
- Botnets and counter-measures
- Covert Channels
- Denial of service attacks
- DNS security
- Email spam
- Firewall and traffic monitoring
- Honeypot/honeynet
- Internet Worms and Virus
- On-line Frauds
- Malware and Spyware
- Network forensic
- Network intrusion detection and prevention
- Network security policy
- Phishing attacks
- P2P security
- RFID security
- Security Testbeds, benchmarks, prototypes and experimental studies
- Security and privacy in wireless and sensor networks
- Social network privacy and security
- User authentication and authorization
- Web security
For more information, please see
http://www.ipccc.org/ipccc2008/main.php?page=6#workshop4.
MidSec 2008
1st International Workshop on Middleware Security,
Held in conjunction with the 9th ACM International Middleware Conference (MIDDLEWARE 2008),
Leuven, Belgium, December 2, 2008.
[posted here 6/2/08]
Modern applications are more and more predominantly built around distributed programming
paradigms. Event-based systems, mobile agent frameworks, peer-to-peer networks, grid
computing, and Web service applications are examples of architectures that are used by a
large share of the present software base. These paradigms expose applications to new,
ever-growing security threats. For this reason, middleware platforms have always been
mindful about offering out-of-the-box security services like communication encryption,
user authentication, and access control. Such features are now considered commodities in many
middleware platforms, e.g., CORBA, Java EE, and .NET. However, focused research is still
necessary to address advanced areas of security. Examples are identity management, privacy
and anonymity, accountability, application protection, and so on.
The goal of this workshop is to provide a venue for the security and the middleware communities
to collaborate and create new momentum for the topic area.
Original submissions are welcome from both academic and industry experts.
The topics of interest include, but are not limited to:
- Middleware security: middleware software is an asset on its own and has to be protected.
- Security co-design: trade-off and co-design between application-based and middleware-based security.
- Context-sensitive security middleware: advanced security services and features offered by the middleware
layer to pervasive and situated systems.
- Policy-based management: innovative support for policy-based definition and enforcement of security concerns.
- Security features: interaction between security-specific and other middleware features, e.g., context-awareness.
- Advanced identification and authentication mechanisms: e.g., means to capture application-specific
constraints in defining and enforcing access control rules.
- Availability: protection of availability of middleware services.
- Security in agent-based platforms: protection for mobile code and platforms.
- Security in aspect-based middleware: mechanisms for isolating and enforcing security aspects.
- Middleware-oriented security patterns: identification of patterns for sound, reusable security.
- Middleware-level security monitoring and measurement: metrics and mechanisms for quantification
and evaluation of security enforced by the middleware.
For more information, please see
http://www.cs.kuleuven.be/conference/MidSec2008/.
Globecom-CCNS 2008
Computer and Communications Network Security Symposium,
Held in conjunction with the IEEE Global Communications Conference (GLOBECOM 2008),
New Orleans, LA, USA, November 30 - December 4, 2008.
[posted here 1/7/08]
The Computer and Communications Network Security Symposium will
address all aspects of the modelling, design, implementation,deployment, and management of
computer/network security algorithms, protocols,architectures, and systems.
Furthermore, contributions devoted to the evaluation, optimization, or
enhancement of security mechanisms for current technologies as well as
devising efficient security and privacy solutions for emerging technologies
are solicited. Topics of interest include:
- Secure PHY, MAC, Routing and Upper Layer Protocols
- Secure Cross Layer Design
- Authentication Protocols and Services Authorization
- Confidentiality
- Data and System Integrity
- Availability of Secure Services
- Key Distribution and Management
- PKI and Security Management
- Trust Models and Trust Establishment
- Identity Management and Access Control
- Deployment and Management of Computer/Network Security Policies
- Monitoring Design for Security
- Distributed Intrusion Detection Systems and Countermeasures
- Traffic Filtering and Firewalling
- IPv6 security, IPSec
- Virtual Private Networks (VPNs)
- Prevention, Detection and Reaction Design
- Revocation of Malicious Parties
- Light-Weight Cryptography
- Quantum Cryptography and QKD
- Applications of Cryptography and Cryptanalysis in communications security
- Security and Mobility
- Mobile Code Security
- Network traffic Analysis Techniques
- Secure Naming and Addressing (Privacy and Anonymity)
- Application/Network Penetration Testing
- Advanced Cryptographic Testbeds
- Network Security Metrics and Performance Evaluation
- Operating System(OS) Security and Log Analysis Tools
- Security Modelling and Protocol Design
- Security Specification Techniques
- Self-Healing Networks
- Smart Cards and Secure Hardware
- Biometric Security: Technologies, Risks and Vulnerabilities
- Information Hiding and Watermarking
- Vulnerability, Exploitation Tools, and Virus/Worm Analysis
- Distributed Denial-Of-Service (DDOS) Attacks and Countermeasures
- DNS Spoofing and Security
- Critical infrastructure Security
- Single- and Multi-Source Intrusion Detection and Response (Automation)
- Web, E-commerce, M-commerce, and E-mail Security
- New Design for Unknown Attacks Detection
For more information, please see
http://www.comsoc.org/confs/globecom/2008/symposium/compcom.html.
IWSEC 2008
3rd International Workshop on Security,
Kagawa, Japan, November 25-27, 2008.
[posted here 1/17/08]
The aim of IWSEC2008 is to contribute to security research and
development addressing the topics from traditional theory and tools
on security to other up-to-date issues.
Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security
For more information, please see
http://www.iwsec.org.
ALICS 2008
Workshop on Applications of Logic in Computer Security,
Held in conjunction with the 15th International Conference on Logic for
Programming, Artificial Intelligence and Reasoning (LPAR 2008),
Doha, Qatar, November 22, 2008.
[posted here 8/11/08]
ALICS is intended to be an informal workshop devoted to the applications of
logic in computer security. This workshop is intended for presentation and discussion
of work in progress and the discussion of emerging and foundational ideas. We are
interested in all aspects of the application of logic to computer security.
Applications of interest include security policy, access control, security protocols,
information flow, but we are also interested in new and as yet untried applications of
logic to different areas of computer security. We are also interested in discussion
papers that raise fundamental questions and/or suggest new lines of research in this area.
Work that has already appeared or is under consideration by other venues is welcome.
For more information, please see
http://chacs.nrl.navy.mil/projects/ALICS08/.
TrustCom 2008
The 2008 International Symposium on Trusted Computing,
Central South University, Zhang Jia Jie, China, November 18-20, 2008.
[posted here 4/28/08]
This symposium, held in conjunction with The 9th International Conference
for Young Computer Scientists (ICYCS 2008), brings together researchers and
engineers from academia, government and industry working on topics of
trusted computing with regard to security, safety, privacy, reliability,
dependability, survivability, availability, and fault tolerance aspects
of computer systems and networks. The aim is to provide a forum for them
to present and discuss emerging ideas and trends in this highly challenging
research field. Main topics of interest include, but are not limited to:
- Semantics, metrics and models of trust
- Trust establishment, propagation, and management
- Trusted computing platform
- Trusted network computing
- Trusted operating system
- Trusted software
- Trusted database
- Trusted services and applications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Cryptography and security protocols
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks
For more information, please see
http://trust.csu.edu.cn/conference/trustcom2008/.
SERENE 2008
RISE/EFTS Joint International Workshop
on Software Engineering for REsilieNt systEms,
Newcastle upon Tyne, UK, November 17-19, 2008.
[posted here 4/21/08]
The SERENE 2008 workshop is an international forum for researchers and practitioners
interested in the advances in Software Engineering for Resilient Systems. SERENE 2008
views resilient systems as open distributed systems that have capabilities to
dynamically adapt, in a predictable way, to unexpected and harmful events,
including faults and errors. Engineering such systems is a challenging issue
which needs urgent attention from and combined efforts by people working in various
domains. Achieving this objective is a very complex task, since it implies reasoning
explicitly and in a consistent way about systems functional and non-functional
characteristics. SERENE advocates the idea that resilience should be explicitly included
into traditional software engineering theories and practices and should become an
integral part of all steps of software development. As current software engineering
practices tend to either capture only normal behaviour, or to deal with all abnormal
situations only at the late development phases, new software engineering methods and
tools need to be developed to support explicit handling of abnormal situations
through the whole software life cycle. Moreover, every phase of the software
development process needs to be enriched with the phase-specific resilience means.
The following constitutes a list of the key software engineering domains that
the SERENE workshop will focus on. This list should not, however, be considered as
closed or technically restrictive:
- Formal and semi-formal modelling of resilience properties
- Re-engineering for resilience
- Software development processes for resilience
- Requirement engineering processes for resilience
- Model Driven Engineering of resilient systems
- Verification and validation of resilient systems
- Error and fault handling in the software life-cycle
- Resilience through exception handling in the software life-cycle
- Frameworks and design patterns for resilience
- Software architectures for resilience
- Component-based development and resilience
- System structuring for resilience
- Atomic actions
- Dynamic resilience mechanisms
- Resilience prediction
- Resilience metadata
- Reasoning and adaptation services for improving and ensuring resilience
- Intelligent and adaptive approaches to engineering resilient systems
- Engineering of self-healing autonomic systems
- Dynamic reconfiguration for resilience
- Run-time management of resilience requirements
- CASE tools for developing resilient systems
For more information, please see
http://serene2008.uni.lu.
STM 2008
4th International Workshop on Security and Trust Management,
Held in conjunction with the IFIP TM 2008,
Trondheim, Norway, November 16-17, 2008.
[posted here 4/14/08]
STM08 is the fourth international workshop under the auspices of
the Security and Trust Management working group of ERCIM (European Research
Consortium in Informatics and Mathematics). STM 2008 has at least the
following aims: (1) To investigate the foundations and applications of security and trust in ICT;
(2) To study the deep interplay between trust management and common security issues such as
confidentiality, integrity and availability; (3) To identify and promote new areas of
research connected with security management, e.g. dynamic and mobile coalition management
(e.g., P2P, MANETs, Web/GRID services); (4) To identify and promote new areas of research
connected with trust management, e.g. reputation, recommendation, collaboration etc.;
and (5)To provide a platform for presenting and discussing emerging ideas and trends.
Topics of interest include but are not limited to:
- Semantics and computational models for security and trust
- Security and trust management architectures, mechanisms and policies
- Software engineering for security, trust and privacy
- Networked systems security
- Privacy and anonymity
- Identity management
- ICT for securing digital as well as physical assets
- Cryptography
For more information, please see
http://www.isac.uma.es/stm08.
TrustCol 2008
3rd International Workshop on Trusted Collaboration,
Held in conjunction with IEEE CollaborateCom,
The Regal Sun Resort, Orlando, Florida, USA, November 13-16, 2008.
[posted here 9/8/08]
The ongoing, rapid developments in information systems technologies and
networking have enabled significant opportunities for streamlining decision
making processes and maximizing productivity through distributed collaborations
that facilitate unprecedented levels of sharing of information and computational
resources. Emerging collaborative environments need to provide efficient support
for seamless integration of heterogeneous technologies such as mobile devices
and infrastructures, web services, grid computing systems, online social networks,
various operating environments, and diverse COTS products. Such heterogeneity
introduces, however, significant security and privacy challenges for distributed
collaborative applications. Balancing the competing goals of collaboration and
security is difficult because interaction in collaborative systems is targeted
towards making people, information, and resources available to all who need it
whereas information security seeks to ensure the availability, confidentiality,
and integrity of these elements while providing it only to those with proper
trustworthiness. The key goal of this workshop is to foster active interactions
among diverse researchers and practitioners, and generate added momentum towards
research in finding viable solutions to the security and privacy challenges
faced by the current and future collaborative systems and infrastructures.
We solicit unpublished research papers that address theoretical issues and practical
implementations/experiences related to security and privacy solutions for collaborative
systems. Topics of interest include, but are not limited to:
- Secure dynamic coalition environments
- Secure distributed multimedia collaboration
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Security frameworks and architectures for trusted collaboration
- Secure interoperation in multidomain collaborative environments
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
For more information, please see
http://www.sis.uncc.edu/~mshehab/trustcol08/.
IWDW 2008
7th International Workshop on Digital Watermarking,
Busan, Korea, November 10-12, 2008.
[posted here 6/16/08]
IWDW 2008 is the seventh of a series of international work-shops focusing on
digital watermarking and relevant techniques. It will provide an excellent opportunity
for researchers and practitioners to present as well as to keep abreast with the latest
developments in watermarking technologies. IWDW 2008 aims to provide a high quality
forum for dissemination of research results. Areas of interest include, but
are not limited to:
- Mathematical modeling of embedding and detection
- Information theoretic, stochastic aspects of data hiding
- Security issues, including attacks and counter-attacks
- Combination of data hiding and cryptography
- Optimum watermark detection and reliable recovery
- Estimation of watermark capacity
- Channel coding techniques for watermarking
- Large-scale experimental tests and benchmarking
- New statistical and perceptual models of content
- Reversible data hiding
- Data hiding in special media
- Data hiding and authentication
- Steganography and steganalysis
- Data forensics
- Copyright protection, DRM, and forensic watermarking
- Visual cryptography
For more information, please see
http://multimedia.korea.ac.kr/iwdw2008.
IS 2008
3rd International Symposium on Information Security,
Monterrey, Mexico, November 10-11, 2008.
[posted here 4/21/08]
The goal of this symposium is to bring together researchers from the academia and practitioners
from the industry in order to address information security issues. The symposium will provide
a forum where researchers shall be able to present recent research results and describe
emerging technologies and new research problems and directions related to them. The
symposium seeks contributions presenting novel research in all aspects of information
security. Topics of interest may include one or more of the following (but are not limited to)
themes:
- Access Control and Authentication
- Accounting and Audit
- Biometrics for Security
- Buffer Overflows
- Computer Forensics
- Cryptographic Algorithms and Protocols
- Databases and Data Warehouses Security
- Honey Nets
- Identity and Trust Management
- Intrusion Detection and Prevention
- Information Filtering and Content Management
- Information Hiding and Watermarking
- Mobile Code Security
- Multimedia Security
- Network Security
- Privacy and Confidentiality
- Public-Key Infrastructure
- Privilege Management Infrastructure
- Risk Assessment
- Security Issues in E-Activities
- Security and Privacy Economics
- Security in RFID Systems
- Security and Trustiness in P2P Systems and Grid Computing
- Security in Web Services
- Smart Card Technology
- Software Security
- Usability of Security Systems and Services
- Vulnerability Assessment
For more information, please see
http://www.cs.rmit.edu.au/fedconf/index.html?page=is2008cfp.
SKM 2008
Workshop on Secure Knowledge Management,
Richardson, Texas, USA, November 3-4, 2008.
[posted here 5/5/08]
Knowledge management is the methodology for systematically gathering, organizing,
and disseminating information. It essentially consists of processes and tools to
effectively capture and share data as well as use the knowledge of individuals
within an organization. Knowledge Management Systems (KMS) promote sharing
information among employees and should contain security features to prevent
any unauthorized access. Security is becoming a major issue revolving around
KMS. Security methods may include authentication or passwords, cryptography
programs, intrusion detection systems or access control systems. Issues
include insider threat (protecting from malicious insiders), infrastructure
protection (securing against subversion attacks) and establishing correct
policies and refinement and enforcement. Furthermore KMS content is much
more sensitive than raw data stored in databases and issues of privacy
also become important.
Since the attacks in 2001, many organizations, especially the US government,
have increased their concern about KMS. With the advent of intranets and
web-access, it is even more crucial to protect corporate knowledge as numerous
individuals now have access to the assets of a corporation. Therefore, we need
effective mechanisms for securing data, information, and knowledge as well as the
applications. The proposed workshop in Secure Knowledge Management will help in
raising the awareness of academics and practitioners in this critical area of
research and develop important questions that need to be tackled by the research community.
Topics of interest include, and are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion
Markup Language, B2B Circles of Trust)
- Return of Investment on Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains,
Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security (Securing and Sharing What We Know:
Privacy, Trust and Knowledge Management, Identity Security Guarantee, Building
Trust and Security in the B2B Marketplace)
- Security and Privacy in Knowledge Management
- Wireless security in the context of Knowledge Management
For more information, please see
http://cs.utdallas.edu/skm2008/call_for_papers.htm.
CSAW 2008
2nd Computer Security Architecture Workshop,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 6/2/08]
The design and evaluation of Security Architectures is of fundamental importance
to security. And yet, many of our fundamental architectures were created when
security was less appreciated and less well understood. Since it is notoriously
difficult to add security after the fact, our systems are far too susceptible
to attack. Moreover, architectures, because they are broad based, are difficult
to understand and this is a specialized workshop in which Security Architecture
experts will gather. As far as we know, this workshop is unique in its focus
on Security Architectures. The workshop topics include, but are not limited to:
- Authorization
- Authentication
- Network security
- Distributed systems
- Operating systems
- Privacy
- Applications and security frameworks
- Specialized applications such as voting systems
- Hardware/software co-design for security
- Analysis of architectures
- System composability (properties, pitfalls, analysis & reasoning
- Assurance techniques
- Case studies
- Usability issues
For more information, please see
http://www.rites.uic.edu/csaw/.
STC 2008
3rd ACM Workshop on Scalable Trusted Computing,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 3/31/08]
Built on the continuous success of ACM STC'06 and STC'07, this
workshop focuses on fundamental technologies of trusted computing
and its applications in large-scale systems -- those involving
large number of users and parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as
well as practitioners to disseminate and discuss recent advances
and emerging issues. Topics of interests include but not limited to:
- security policies and models of trusted computing
- architecture and implementation technologies for trusted platform
- limitations, alternatives and tradeoffs regarding trusted computing
- trust in authentications, users and computing services
- hardware based trusted computing
- software based trusted computing
- pros and cons of hardware based approach
- remote attestation of trusted devices
- censorship-freeness in trusted computing
- cryptographic support in trusted computing
- case study in trusted computing
- applications of trusted computing
- intrusion resilience in trusted computing
- access control for trusted computing
- principles for handling scales
- scalable trust supports and services
- trusted embedded computing and systems
- trusted computing in networks and distributed systems
- virtualization and trusted computing
For more information, please see
http://www.sisa.samsung.com/innovation/stc08.
VMSec 2008
1st ACM Workshop on Virtual Machine Security,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 4/21/08]
This workshop, the first of its kind to deal exclusively with virtual machine security,
will tackle the important research topics in virtualization security. Virtualization
has seen an explosion in growth in deployment, implementations, and applications.
Virtualization holds unique properties that make it attractive for security including
isolation, compartmentalization, live state capture, and replay. Virtualization
has been used to study malicious software as well as to prevent malicious software
infection. In addition, virtualization itself is now the subject of attack. This workshop
aims to bring together leading researchers in the fields of virtualization and security
to present the latest work on these topics. Scope and topics include:
- Applications of virtualization for security
- Security and integrity of virtual machines
- Detecting virtualization
- Evading virtualization
- Trapping malicious code via virtualization
- Economic implications of virtualization
- Attacks and vulnerabilities against virtualization environments
- Honey Nets and Honey Client architectures, systems, and results
- Management and control of virtual machine farms for security
- Forensics using virtualization
- Enhancing privacy and anonymity using virtualization
- Measuring security and performance of virtualization
- Instrumentation and control of virtualization
- Performance optimization of virtual machines
- Performance and security analysis of lightweight virtualization
- Virtualization for mobile devices
- Vulnerabilities in virtualization environments
For more information, please see
http://csis.gmu.edu/VMSec/.
DIM 2008
4th ACM Workshop on Digital Identity Management,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Fairfax, VA, USA, October 31, 2008.
[posted here 3/3/08]
As the competitive edge of the global economy is shifting to
"services" delivered over the Internet, we need a way of making
identity available on-demand to the services in an open, scalable,
and secure manner. Identity for services is a holistic concern
that must satisfy technology, regulatory and business needs for
existing and emerging markets, such as Software as a Service (SaaS)
and Service Oriented Architectures (SOA). Identity services should
introduce consistency, efficiency and scalability in IT infrastructures
built on the Internet to form the new "identity layer". Also, it
should be easy for developers to incorporate identity services as part
of distributed application logic.
To fully achieve the potential benefits of identity managed as a set
of services, such as cost-effectiveness and shorter deployment times,
several security and privacy challenges must be addressed. Such
challenges arise because of the complex and distributed systems across
different organizations involved in identity service offerings. The goal
of the workshop is to lay the foundation and agenda for further research
and development in this area. Under the broad umbrella of "Services and
Identity", we encourage both researchers and practitioners to participate
and submit papers on topics including, but not limited to the following:
- Identity management for SaaS
- SOA for identity
- Scalability issues in identity management
- Resilient identity service provisioning
- Dynamic mutual trust negotiation
- SLA for identity services
- Identity based access control
- Migration to identity services
- Identity service discovery
- Virtual directories
- Identity management process assurance
- Identity life-cycle
- Externalization of identity
- Risk management for identity
- Identity oracles
- Translation and resolution of namespaces
- Network transport as a service
- Privacy and hosted services
- Mobile identities
- Balance between de-centralization of identity and centralization of controls
- Privacy preservation during orchestration of services in multiple domains
For more information, please see
http://www2.pflab.ecl.ntt.co.jp/dim2008.
CRiSIS 2008
3rd International Conference on Risks and Security of Internet and Systems,
Tozeur, Tunisia, October 28-30, 2008.
[posted here 2/18/08]
The topics addressed by CRiSIS’2008 range from the analysis of faults,
risks, attacks and vulnerabilities to system survivability and adaptability,
passing through security policies and models, security and dependability
mechanisms and privacy enhancing technologies.
Topics include but are not limited to:
Models for specification, design and validation of security and dependability
- Security and trust models
- Models for security policies
- Formal methods, verification and certification
- UML and MDA for dependable systems
- Architectures for secure and dependable systems
- Self-protecting models and architectures
- Designing business models with security management
Management of security and dependability
- Management of risks, attacks and vulnerabilities
- Risk analysis, security and quality assurance
- Awareness of risks, attacks and vulnerabilities
- Metrology and security management
- Key management Infrastructure (PKI) and trust management
- Monitoring and management of faults
- Planning and executing of repair actions
- Adaptability management
Security and dependability techniques and mechanisms
- Authentication, authorization and audit
- Privacy protection and anonymization
- Intrusion detection and fraud detection
- Traceability and forensics
- Biometrics, watermarking, cryptography and security protocols
- Access and information flow controls
- Use of smartcards and personal devices
- Firewalls and intrusion detection systems
- Viruses, worms and malicious codes
- Attack data acquisition (honeypots) and network monitoring
- Adaptation of security policies
Secure and dependable systems
- Security and dependability of operating systems and network components
- Security of services oriented applications
- Security dependability of distributed and grid applications
- Fault tolerance of Internet applications
- Reflective middleware
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system, wireless networks, VPN and embedded systems
- Security of new generation networks, security of Voice-over-IP and multimedia
- Self-protecting, self-stabilizing and self-healing systems
Secure and dependable applications
- Security in Electronic payment
- Security of electronic voting
- Security in e-health
- Dependability in e-learning
For more information, please see
http://www.redcad.org/crisis2008/.
AISec 2008
1st ACM Workshop on AISec,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/3/08]
The ubiquitous nature of information and communication today is often cited as the cause of
many security and privacy problems including identity and reputation management, viruses/worms
and phishing/pharming. There is strong evidence, however, that this abundance of information
and communication has at least as many security and privacy benefits as costs. Consider for
example, the use of machine learning algorithms to detect network intrusions, crowd-based
approaches to anonymous communication and the use of data mining algorithms to determine
content sanitization. All of these efforts benefit from recent advances in AI, which have
often been driven by increases in the amount of available data.
To fully realize the security and privacy benefits of today's ubiquitous information, the
security community needs expertise in the tools and techniques for managing that information,
namely, artificial intelligence technology, and the AI community needs an understanding of
security and privacy problems. To facilitate an exchange of ideas between these two communities,
we are holding the first workshop in "AISec" in conjunction with the 15th ACM Conference on
Computer and Communications Security (CCS), the new field of security and privacy solutions
that leverage AI technologies. The topics of interest include but are not limited to:
- Spam detection
- Fraud detection
- Botnet detection
- Intrusion detection
- Malware identification
- Insider threat detection
- Privacy-preserving data mining
- Inference detection and control
- Phishing detection and prevention
- Design and analysis of CAPTCHAs
- AI approaches to trust and reputation
- Machine learning techniques for optimizing user experience
- Vulnerability testing through intelligent probing (e.g. fuzzing)
- Content-driven security policy management & access control
- Techniques and methods for generating training and test set
For more information, please see
http://www.aisec.info.
StorageSS 2008
4th International Workshop on Storage Security and Survivability,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 5/5/08]
The 4th ACM International Workshop on Storage Security and
Survivability (StorageSS 2008) will bring together researchers in
storage systems, computer and network security, and cryptography. We
encourage paper submissions from both research and industry presenting
novel ideas on all theoretical and practical aspects of protecting
data in storage and file systems. TOPICS OF INTEREST include, but aren't
limited to:
- storage protection tradeoffs
- storage protection deployment (including case studies)
- smart storage for security and/or survivability
- analysis of covert storage channels and leaks
- mobile storage protection
- novel backup protection techniques
- protection using versioning
- storage encryption techniques (modes of operation, fast software/hardware encryption)
- key management techniques
- encrypted keyword search and database query
- security analysis of deployed file/volume encryptor, encrypted disc
- tamper-evident storage protection techniques
- immutable storage protection techniques, provenance
- storage threat models
- storage intrusion detection systems
- security for long-term / archival storage
- privacy and trust issues in (untrusted) remote/hosted storage
- TPM and storage security
For more information, please see
http://storagess.org/2008/.
DRM 2008
8th ACM Workshop on Digital Rights Management,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/10/08]
The ACM Workshop on Digital Rights Management is an international forum that
serves as an interdisplinary bridge between areas that can be applied to solving
the problem of Intellectual Property protection of digital content. These include:
cryptography, software and computer systems design, trusted computing, information
and signal processing, intellectual property law, policy-making, as well as business
analysis and economics. Its purpose is to bring together researchers from the above
fields for a full day of formal talks and informal discussions, covering new
results that will spur new investigations regarding the foundations and
practices of DRM.
For more information, please see
http://www.ece.unm.edu/DRM2008/.
QOP 2008
4th International Workshop on Quality of Protection,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 3/3/08]
In the last few decades, Information Security has gained numerous standards, industrial
certifications, and risk analysis methodologies. However, the field still lacks the strong, quantitative,
measurement-based assurance that we find in other fields. For example, Networking researchers
have created and utilize Quality of Service (QoS), Service Level Agreements (SLAs), and performance
evaluation measures. Empirical Software Engineering has made similar advances with software measures:
processes to measure the quality and reliability of software exist and are appreciated in industry.
Security looks different. Even a fairly sophisticated standard such as
ISO17799 has an intrinsically qualitative nature. Notions such as Security Metrics, Quality of
Protection (QoP) or Protection Level Agreement (PLA) have surfaced in the literature, but they
still have a qualitative flavor. Furthermore, many recorded security incidents have a non-IT cause.
As a result, security requires a much wider notion of "system" than do most other fields in
computer science. In addition to the IT infrastructure, the "system" in security includes users,
work processes, and organizational structures. The goal of the QoP Workshop is to help security
research progress towards a notion of Quality of Protection in Security comparable to the
notion of Quality of Service in Networking, Software Reliability, or measures in Empirical
Software Engineering. The topics of interest include but are not limited to:
- Industrial experience
- Security risk analysis
- Security measures
- Reliability analysis
- Security quality assurance
- Measurement-based decision making and risk management
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories
- Measurement theory
- Formal theories of security measures
- Security measurement and monitoring
- Experimental validation of models
- Simulation and statistical analysis
- Stochastic modeling
For more information, please see
http://qop-workshop.org.
WPES 2008
7th ACM Workshop on Privacy in the Electronic Society,
Held in conjunction with the 15th ACM Conference on Computer and Communication Security (CCS 2008),
Alexandria, VA, USA, October 27, 2008.
[posted here 4/21/08]
The need to consider privacy has been widely recognized in society at large,
with resulting impact on government, commerce, education, health care, entertainment,
and other sectors. This workshop discusses the problems related to privacy in the global
interconnected society and their possible solutions. The workshop seeks submissions from
academia and industry presenting novel research on all theoretical and practical
aspects of electronic privacy, as well as experimental studies of fielded systems.
We encourage submissions from other communities such as law and business that present
these communities' perspectives on technological issues. Topics of interest include,
but are not limited to:
- anonymity, pseudonymity, and unlinkability
- privacy and confidentiality management
- business models with privacy requirements
- privacy in electronic records
- protection from correlation, inference, and linking attacks
- privacy in health care and public administration
- electronic communication privacy
- public records and personal privacy
- information dissemination control
- privacy and virtual identity
- privacy-aware access control
- personally identifiable information
- privacy in the digital business
- privacy policy enforcement
- privacy enhancing technologies
- privacy and data mining
- privacy policies and their enforcement
- relationships between privacy and security
- privacy and anonymity in Web transactions
- user profiling
- privacy in social networks
- wireless privacy
- privacy threats
- economics of privacy
- privacy and human rights
- RFIDs and privacy
- privacy in mobile computing
- privacy in outsourced computing
- privacy in electronic voting
For more information, please see
http://dais.cs.uiuc.edu/wpes08.
CCS 2008
15th ACM Conference on Computer and Communications Security,
Alexandria, Virginia, USA, October 27-31, 2008.
[posted here 3/24/08]
The annual ACM Computer and Communications Security
Conference is a leading international forum for
information security researchers, practitioners,
developers, and users to explore cutting-edge ideas and
results, and to exchange techniques, tools, and
experiences. We invite submissions from academia,
government, and industry presenting novel research on all
theoretical and practical aspects of computer security, as
well as case studies and implementation experiences.
The conference seeks submissions from academia,
government, and industry presenting novel research on all
theoretical and practical aspects of computer and
communications security, as well as case studies and
implementation experiences. Papers should have relevance
to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make a
convincing argument for the practical significance of the
results. All topics related to computer and communications
security are of interest. Authors interested in submitting
but unsure if their topic is in scope should assume that
it probably is in scope but should contact the program
chairs if further guidance is desired.
For more information, please see
http://www.sigsac.org/ccs/CCS2008/.
SIS 2008
3rd International Workshop on Secure Information Systems,
Wisla, Poland, October 20-22, 2008.
[posted here 4/21/08]
The SIS workshop is envisioned as a forum to promote the exchange of
ideas and results addressing complex security issues that arise in
modern information systems. We aim at bringing together a community of
security researchers and practitioners working in such divers areas as
networking security, antivirus protection, intrusion detection,
cryptography, security protocols, and others. We would like to promote
an integrated view at the security of information systems.
Covered topics include (but are not limited to):
- Access control
- Adaptive security
- Cryptography
- Copyright protection
- Cyberforensics
- Honeypots
- Information hiding
- Intrusion detection
- Network security
- Privacy
- Secure commerce
- Security exploits
- Security policies
- Security protocols
- Security services
- Security evaluation and prediction
- Software protection
- Trusted computing
- Threat modeling
- Usability and security
- Viruses and worms
- Zero-configuration security mechanisms
For more information, please see
http://www.sis.imcsit.org/.
ICICS 2008
10th International Conference on Information and Communications Security,
Birmingham, UK, October 20-22, 2008.
[posted here 3/24/08]
The event, which started in 1997, brings together individuals involved in multiple
disciplines of Information and Communications Security, in order to
foster the exchange of ideas. ICICS 2008 will be organised by the School
of Computer Science, University of Birmingham, in co-operation with HP
Laboratories (Bristol, UK) and the International Communications and
Information Security Association (ICISA).
Original papers on all aspects of information and communications
security are solicited for submission to ICICS 2008. Areas of interest
include, but are not limited to:
- Access control
- Anti-malware
- Anonymity
- Applied cryptography
- Authentication and authorization
- Biometric security
- Data and system integrity
- Database security
- Distributed systems security
- Electronic commerce
- Fraud control
- Grid security
- Information hiding and watermarking
- Intellectual property protection
- Intrusion detection
- Key management and key recovery
- Language-based security
- Operating system security
- Network security
- Risk evaluation and security certification
- Security for mobile computing
- Security models
- Security protocols
- Trusted computing
For more information, please see
http://events.cs.bham.ac.uk/icics08/.
NPSec 2008
4th workshop on Secure Network Protocols,
Held in conjunction with the 16th IEEE International Conference on Network Protocols (ICNP 2008),
Orlando, Florida, USA, October 19, 2008.
[posted here 5/5/08]
NPSec focuses on two general areas. The first focus is on the development and
analysis of secure or hardened protocols for the operation (establishment and maintenance)
of network infrastructure, including such targets as secure multidomain, ad hoc, sensor
or overlay networks, or other related target areas. This can include new protocols,
enhancements to existing protocols, protocol analysis, and new attacks on existing
protocols. The second focus is on employing such secure network protocols to create
or enhance network applications. Examples include collaborative firewalls, incentive
strategies for multiparty networks, and deployment strategies to enable secure
applications. NPSec 2008 particularly welcomes new ideas on security in the context
of future Internet design, such as architectural considerations for future Internet
security and new primitives for supporting secure network protocol and application
design. Topics of interest include but are not limited to:
- security in future Internet architectures
- secure and/or resilient network protocols, e.g. (internetworking/routing, MANETs,
LANs and WLANs, mobile/cellular data networks, p2p and other overlay networks,
federated trust systems, sensor networks)
- vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
- key distribution/management
- intrusion detection and response
- incentive systems for p2p systems and MANETs routing
- secure protocol configuration and deployment
For more information, please see
http://www.netsec.colostate.edu/npsec08/.
NSS 2008
IFIP International Workshop on Network and System Security,
Shanghai, China, October 18-19, 2008.
[posted here 3/24/08]
While the attack systems have become more easy-to-use, sophisticated,
and powerful, interest has greatly increased in the field of building
more effective, intelligent, adaptive, active and high performance
defense systems which are distributed and networked. We will focus our program
on issues related to Network and System Security, such as authentication,
access control, availability, integrity, privacy, confidentiality,
dependability and sustainability of computer networks and systems.
The aim of this workshop is to provide a leading edge forum to foster
interaction between researchers and developers with the network and
system security communities, and to give attendees an opportunity to
interact with experts in academia, industry and governments. NSS 2008
will feature new results, challenging research questions,
novel approaches and innovative directions in network and system security.
Contributions are solicited in all areas of network and system security
research and applications. Topics include, but not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Simulation and Tools
- Security Theory and Tools in Network Systems
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://nss.cqu.edu.au.
eCrime 2008
3rd APWG eCrime Researchers Summit,
Atlanta, GA, USA, October 15-16, 2008.
[posted here 5/12/08]
Original papers on all aspects of electronic crime are solicited for submission to eCrime '08.
Topics of relevance include but are not limited to:
- Phishing, pharming, click-fraud, crimeware, extortion and emerging attacks.
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention.
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures.
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures.
- Spoofing of different types, and applications to fraud.
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques.
- Honeypot design, data mining, and forensic aspects of fraud prevention.
- Design and evaluation of user interfaces in the context of fraud and network security.
- Best practices related to digital forensics tools and techniques, investigative procedures,
and evidence acquisition, handling and preservation.
For more information, please see
http://www.ecrimeresearch.org/.
SecPri-WiMob 2008
1st International Workshop on Security and Privacy in Wireless and
Mobile Computing, Networking and Communications,
Held in conjunction with the 4th IEEE International Conference on Wireless and Mobile
Computing, Networking and Communications (WiMob 2008),
Avignon, France, October 12, 2008.
[posted here 4/14/08]
Wireless and Mobile communication networks offer organizations and users several
benefits, such as portability, mobility and flexibility, while increasing
everyday business productivity, and reducing installation cost. However, although
Wireless and Mobile communication environments eliminate many of the problems
associated with traditional wired networks, the new security and privacy risks
introduced by such environments need to be reduced by exploiting appropriate
security measures and safeguards, ensuring an acceptable level of overall
residual hazard. The objectives of the SecPri-WiMob 2008 Workshop are to bring
together researchers from research communities in Wireless and Mobile Computing,
Networking and Communications, Security and Privacy, with the goal of
fostering interaction. We welcome the submission of papers from the full
spectrum of issues related with Security and Privacy in Wireless and Mobile
Computing, Networking and Communications. Papers may focus on protocols,
architectures, methods, technologies, applications, practical experiences,
simulation results and analysis, theory and validation on topics include,
but not limited to:
- Cryptographic Protocols for Mobile and Wireless Networks
- Key Management in Mobile and Wireless Computing
- Reasoning about Security and Privacy
- Privacy and Anonymity in Mobile and Wireless Computing
- Public Key Infrastructure in Mobile and Wireless Environments
- Economics of Security and Privacy in Wireless and Mobile environments
- Security Architectures and Protocols in Wireless LANs
- Security Architectures and Protocols in B3G/4G Mobile Networks
- Security and Privacy features into Mobile and Wearable devices
- Location Privacy
- Ad hoc Networks Security
- Sensor Networks Security
- Wireless Ad Hoc Networks Security
- Role of Sensors to Enable Security
- Security and Privacy in Pervasive Computing
- Trust Establishment, Negotiation, and Management
- Secure PHY/MAC/routing protocols
- Security under Resource Constraints (bandwidth, computation constraints, energy)
For more information, please see
http://www.aegean.gr/SecPri_WiMob_2008.
PiLBA 2008
International Workshop on Privacy in Location-Based Applications,
Held in conjunction with the the 13th European Symposium on Research in Computer Security (ESORICS 2008),
Malaga, Spain, October 10, 2008.
[posted here 4/7/08]
Although data security and privacy issues have been extensively investigated
in several domains, the current available techniques are not readily applicable
for privacy protection in location based applications (LBA). An example application
is a Location Based Service, which is typically invoked through mobile devices
that can include location and movement information in service requests. Other
location based applications use similar data, possibly stored in a moving object
database, to solve various kinds of optimization problems, to perform statistical
analysis of specific phenomena, as well as to predict potentially critical
situations. While location data can be very effective for better services and
can enable new kind of services, it poses serious threats to the privacy of
users. LBA in travel, logistics, health care, and other industries already exist
and are poised to proliferate. Examples include the identification of resources
close to the user (e.g., the closest pharmacy), and the identification of the
optimal route to reach a destination from the user's position considering
traffic conditions and possibly other constraints. One of the critical issues
for a wide-spread deployment of these applications is how to conciliate the
effectiveness and quality of these services with privacy concerns. They bring
unique challenges mostly due to the richness of location and time information
that is necessarily connected to location based applications. The research in
this field involves aspects of spatio-temporal reasoning, query processing,
system security, statistical inference, and anonymization techniques. Several
research groups have been working in the recent years to identify privacy
attacks and defense techniques in this domain. Topics of interest include
everything involving privacy aspects arising
in the design, development and deployment of location-based applications.
Examples are the following:
- Formal models of attacks and defenses in LBA
- Anonymization/Pseudonymization in LBA
- Sensitive data obfuscation in LBA
- Authorization and Access Control involving spatio-temporal data
- Publication of micro-data acquired through LBA
- Privacy preserving data mining on geographically referenced data
- Statistical approaches to privacy preservation in LBA
- Trust Management in LBA
- Applied Cryptography for LBA
For more information, please see
http://pilba.dico.unimi.it.
NordSec 2008
13th Nordic Workshop on Secure IT Systems,
Copenhagen, Denmark, October 9-10, 2008.
[posted here 4/28/08]
The NordSec workshops are focused on applied computer security and are intended
to encourage interchange and cooperation between research and industry.
NordSec 2008 is organized by the Technical University of Denmark. NordSec 2008
has a special focus on "Security for the Citizens"; papers and extended abstracts
on this topic are especially welcome. Topics include,
but are not limited to, the following areas of computer security:
- Applied Cryptography
- Commercial Security Policies and Enforcement
- Communication and Network Security
- Computer Crime and Information Warfare
- Hardware and Smart Card Applications
- Internet and Web Security
- Intrusion Detection
- Language-based Techniques for Security
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy and Anonymity
- Security Education and Training
- Security Evaluations and Measurements
- Security Management and Audit
- Security Models
- Security Protocols
- Social-Engineering and Phishing
- Software Security, Attacks, and Defenses
- Trust and Trust Management
For more information, please see
http://lbt.imm.dtu.dk/nsd08/nordsec08/.
FAST 2008
5th International Workshop on Formal Aspects in Security & Trust,
Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008),
Malaga, Spain, October 9-10, 2008.
[posted here 5/12/08]
The fifth International Workshop on Formal Aspects in Security and Trust (FAST2008)
aims at continuing the successful efforts of the previous FAST workshops, fostering
the cooperation among researchers in the areas of security and trust. As computing
and network infrastructures become increasingly pervasive, and as they carry
increasing economic activity, society needs well matched security and trust
mechanisms. These interactions increasingly span several enterprises and involve
loosely structured communities of individuals. Participants in these activities
must control interactions with their partners based on trust policies and business
logic. Trust-based decisions effectively determine the security goals for shared
information and for access to sensitive or valuable resources. FAST focuses on
the formal models of security and trust that are needed to state goals and
policies for these interactions. We also seek new and innovative techniques
for establishing consequences of these formal models. Implementation
approaches for such techniques are also welcome.
Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed Trust Management Systems
- Digital Assets Protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and Trust aspects in ubiquitous computing
- Validation/Analysis tools and techniques
- Web/Grid Services Security/Trust/Privacy
- Security and Risk Assessment
- Resource and Access Control
- Case studies
For more information, please see
http://www.iit.cnr.it/FAST2008/.
WDFIA 2008
3rd International Annual Workshop on Digital Forensics and Incident Analysis,
Held in conjunction with the 13th European Symposium on Research in Computer Security (ESORICS 2008),
University of Malaga, Malaga, Spain, October 9, 2008.
[posted here 2/18/08]
The field of digital forensics is rapidly evolving and continues to gain
significance in both the law enforcement and the scientific community.
Being intrinsically interdisciplinary, it draws upon a wide range of subject areas
such as information & communication technologies, law, social sciences and
business administration. The workshop aims to provide a forum for researchers
and practitioners to present original, unpublished research results and innovative
ideas. We welcome the submission of papers from the full spectrum of issues relating
to the theory and practice of digital forensics and incident analysis.
Areas of special interest include, but are not limited to:
- Digital forensics tools and applications
- Incident response and investigation
- Forensic standards and procedures
- Portable electronic device forensics
- Network forensics
- Data hiding and recovery
- Network traffic analysis, traceback and attribution
- Data mining and e-discovery and their corporate use
- Legal, ethical and policy issues related to digital forensics
- Digital evidence visualisation and presentation
- Integrity of digital evidence and live investigations
- Digital evidence chain of custody, storage and preservation
- Multimedia analysis
- Digital forensics case studies
- The Trojan defence
- Forensics issues of malicious code
- Best practices and case studies
- Anti-forensics
For more information, please see
http://www.aegean.gr/wdfia08.
ESORICS 2008
13th European Symposium on Research in Computer Security,
Malaga, Spain, October 6-8, 2008.
[posted here 1/18/08]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Thirteenth European Symposium
on Research in Computer Security (ESORICS 2008). Organized in a series
of European countries, ESORICS is confirmed as the European research event
in computer security. The symposium started in 1990 and has been held on
alternate years in different European countries and attracts an international
audience from both the academic and industrial communities. From 2002
it has been held yearly. The Symposium has established itself as one of the
premiere, international gatherings on Information Assurance.
Papers may present theory, technique, applications, or practical
experience on topics including:
- Access control
- Anonymity
- Authentication
- Authorization and delegation
- Cryptographic protocols
- Data integrity
- Dependability
- Information flow control
- Smartcards
- System security
- Digital right management
- Accountability
- Applied cryptography
- Covert channels
- Cybercrime
- Denial of service attacks
- Formal methods in security
- Inference control
- Information warfare
- Steganography
- Transaction management
- Data and application security
- Intellectual property protection
- Intrusion tolerance
- Peer-to-peer security
- Language-based security
- Network security
- Non-interference
- Privacy-enhancing technology
- Pseudonymity
- Subliminal channels
- Trustworthy user devices
- Identity management
- Security as quality of service
- Secure electronic commerce
- Security administration
- Security evaluation
- Security management
- Security models
- Security requirements engineering
- Security verification
- Survivability
- Information dissemination control
- Trust models and trust management policies
For more information, please see
http://www.isac.uma.es/esorics08.
NSPW 2008
New Security Paradigm Workshop,
Olympic Valley, CA, USA, September 22-25, 2008.
[posted here 1/14/08]
The computers of the world are under siege. Denial of service attacks
plague commercial sites, large and small. Major companies are hacked
for consumer credit card numbers. Phishing attacks for personal
information are commonplace, and million-machine botnets are a
reality. Our tools for combating these threats--cryptography,
firewalls, access controls, vulnerability scanners, malware and
intrusion detectors--are insufficient. We need radical new solutions,
but most security researchers propose only incremental improvements.
Since 1992, the New Security Paradigm Workshop (NSPW) has been a home for
research that addresses the fundamental limitations of current work in
information security. NSPW welcomes papers that present a significant shift
in thinking about difficult security issues, build on such a recent shift,
offer a contrarian view of accepted practice or policy, or address non-technological
aspects of security. Our program committee particularly looks for new approaches
to information security, early thinking on new topics, innovative solutions to
long-time problems, and controversial issues which might not be accepted at
other conferences but merit a hearing. We discourage papers that represent
completed or established works, or offer incremental improvements to
well-established models. NSPW expects a high level of scholarship from contributors,
including awareness of prior work produced before the World Wide Web.
For more information, please see
http://www.nspw.org.
SecureComm 2008
4th International Conference on Security and Privacy for Communication Networks,
Istanbul, Turkey, September 22-25, 2008.
[posted here 3/3/08]
Securecomm seeks high-quality research contributions in the form of well developed papers.
Topics of interest encompass research advances in ALL areas of secure communications and networking.
Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography)
will be considered only if a clear connection to private or secure communication/networking is
demonstrated. Securecomm brings together security and privacy experts in academia, industry and
government as well as practitioners, standards developers and policy makers.
Topics of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and
overlay network systems, Web 2.0
For more information, please see
http://www.securecomm.org.
SOSOC 2008
International Workshop on Security in Opportunistic and SOCial Networks,
Held in conjunction SecureComm 2008,
Istanbul, Turkey, September 22, 2008.
[posted here 6/2/08]
Opportunistic Networks are considered as an evolution of the Mobile Ad-hoc
Networking paradigm, in which the assumption of an existing end-to-end
connectivity is relaxed. The evolving topologies are expected to resemble
the actual social networks of the communicating users and information on
their characteristics can be a powerful aid for any network operation.
Online services that assist social networks (facebook, linkedin, xing, etc.)
in consequence are able to provide additional information on contacts and their
relations. The lack of end-to-end connectivity and the use of personal information
for the networking operations raise entirely new privacy concerns and require new
reflections on security problems. The aim of this workshop is to encompass research
advances in all areas of security, trust and privacy in Opportunistic and Social
Networks. Topics of interest include but are not limited to:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- reputation systems for opportunistic/social networks
- new security issues, new attack paradigms
- new requirements for software security
- malware analysis in opportunistic/social networks
For more information, please see
http://www.sosoc.org.
SECOVAL 2008
4th International Workshop on the Value of Security through Collaboration,
Held in conjunction SecureComm 2008,
Istanbul, Turkey, September 22, 2008.
[posted here 6/2/08]
Security is usually centrally managed, for example in a form of policies duly executed by
individual nodes. The SECOVAL workshop covers the alternative trend of using collaboration
and trust to provide security. Instead of centrally managed security policies, nodes
may use specific knowledge (both local and acquired from other nodes) to make security-related
decisions. For example, in reputation-based schemes, the reputation of a given node
(and hence its security access rights) can be determined based on the recommendations of
peer nodes. As systems are being deployed on ever-greater scale without direct connection
to their distant home base, the need for self management is rapidly increasing.
Interaction after interaction, as the nodes collaborate, there is the emergence of a
digital ecosystem. By guiding the local decisions of the nodes, for example, with
whom the nodes collaborate, global properties of the ecosystem where the nodes operate
may be guaranteed. Thus, the security property of the ecosystem may be driven by self-organizing
mechanisms. Depending on which local collaboration is preferred, a more trustworthy ecosystem
may emerge. While papers will be considered that address any of the topics of security through
collaboration from previous years (e.g., benefits from collaboration, methods of creating or
measuring trust, self-organizing coalitions and risk analysis), the focus of the workshop
will be around mobile application domains. Topics of interest to the workshop include,
but are not limited to:
- Mobile collaborative security
- Data sharing and anonymization case studies
- Metrics of utility, anonymization strength and information loss
- Identification of data sources and types useful to share for
collaborative computer security
- Context-aware trust and reputation management
- Insights from industry and case studies
For more information, please see
http://www.secoval.org/.
WIFISEC 2008
1st International workshop on Wireless and Mobile Security,
Held in conjunction with the 2nd IEEE International Conference and Exhibition on
Next Generation Mobile Applications, Services, and Technologies (NGMAST 2008),
Cardiff, Wales, UK, September 16-19, 2008.
[posted here 3/10/08]
As Mobile and Wireless networks are becoming increasingly prevalent, the problem of
ensuring that those networks are secure is an increasingly important issue.
The issue of securing the different types of mobile and wireless networks,
their operation and use is the focus of this workshop. Mobile and Wireless Networking
environments eliminate many of the problems associated with traditional wired
networks. However, the security and privacy risks introduced by such environments
need to be addressed by exploiting appropriate security measures and techniques.
Topics include but are not limited to:
- Key Management in wireless/mobile environments
- Intrusion detection, detection of malicious behaviour
- Denial of service
- User privacy, location privacy
- Authentication and Access control
- Anonymity, prevention of traffic analysis
- Dependable wireless networking
- Identity theft and phising in mobile networks
- Charging in wireless networks
- Security in vehicular networks
- Cross-layer design for security
- Monitoring and surveillance
- Identity theft and ciphering in mobile networks
- Vulnerability and attacker modelling
- Incentive-aware secure protocol design
- Routing Path Security in Ad-Hoc Networks
- Public Cryptography in Wireless Networks
For more information, please see
http://www.comp.glam.ac.uk/wifisec/.
ISC 2008
Information Security Conference,
Taipei, Taiwan, September 15-18, 2008.
[posted here 1/7/08]
ISC aims to attract high quality papers in all technical aspects of
information security. The topics of interest of ISC include, but
are not limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Attacks and Prevention of Online Fraud
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols and Functions
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- Economics of Security and Privacy
- Formal Methods in Security
- Foundations of Computer Security
- Identity and Trust Management
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection, Tolerance and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Private Searches
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security in Information Flow
- Security for Mobile Code
- Security of Grid Computing
- Security of eCommerce, eBusiness and eGovernment
- Security Modeling and Architectures
- Security Models for Ambient Intelligence environments
- Trusted Computing
- Usable Security
- Special Session on AES
For more information, please see
http://isc08.twisc.org/.
RAID 2008
11th International Symposium on Recent Advances in Intrusion Detection,
Cambridge, Massachusetts, USA, September 15-17, 2008.
[posted here 1/7/08]
This symposium, the 11th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID) International
Symposium series furthers advances in intrusion defense by promoting the
exchange of ideas in a broad range of topics. As in previous years, all
topics related to intrusion detection, prevention and defense systems
and technologies are within scope, including but not limited to the
following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
For more information, please see
http://www.ll.mit.edu/IST/RAID2008/.
VizSEC 2008
5th Workshop on Visualization for Cyber Security,
Held in conjunction with the 11th International Symposium on Recent Advances in
Intrusion Detection (RAID 2008),
Cambridge, MA USA, September 15, 2008.
[posted here 3/24/08]
As a result of previous VizSec workshops, we have seen both the application of existing
visualization techniques to security problems and the development of novel security
visualization approaches. However, VizSec research has focused on helping human
analysts to detect anomalies and patterns, particularly in computer network defense.
Other communities, led by researchers from the RAID Symposia, have researched
automated methods for detecting anomalies and malicious activity. The theme for
this year's workshop will be on bridging the gap between visualization and
automation, such as leveraging the power of visualization to create rules for
intrusion detection and defense systems. We also solicit papers that report results
on visualization techniques and systems in solving all aspects of cyber security
problems, including:
- Visualization of Internet routing
- Visualization of packet traces and network flows
- Visualization of intrusion detection alerts
- Visualization of attack tracks
- Visualization of security vulnerabilities
- Visualization of attack paths
- Visualization of application processes
- Visualization for forensic analysis
- Visualization for correlating events
- Visualization for computer network defense training
- Visualization for offensive information operations
- Visualization for building rules
- Visualization for feature selection
- Visualization for cryptology
- Visualization for detecting anomalous activity
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems
For more information, please see
http://vizsec.org/workshop2008/.
InSPEC 2008
International Workshop on Security and Privacy in Enterprise Computing,
Held in conjunction with the 12th IEEE International EDOC Conference (EDOC 2008),
Munich, Germany, September 15, 2008.
[posted here 4/7/08]
Several technologies have emerged for enterprise computing. Today, services
are becoming the new building blocks of enterprise systems and service-oriented
architectures are combining them in a flexible and novel way. These technological
trends are accompanied by new business trends due to globalization that involve
innovative forms of collaborations. All of these trends bring with them new
challenges to the security and privacy of enterprise computing. New concepts
for solving these challenges require the combination of many disciplines from
computer science and information systems, such as cryptography, networking,
distributed systems, process modeling and design, access control, privacy etc.
It is the goal of this workshop to provide a forum for exchange of novel research
in these areas among the experts from academia and industry. Topics include:
Security and privacy in workflow systems
- Access control architectures
- Modeling of security and privacy constraints
- Automatic security augmentation
- Secure/Trusted virtual domains
Security and privacy in service-oriented architectures
- Secure composition of services
- Semantic aware security
- Security services
- Trustworthy computation
Identity Management
- Security and Privacy
- Applications to compliance
- Effective use in business IT systems
Data sharing
- Cryptographic protection during data sharing
- Privacy-preserving distributed applications
- Efficient multi-party computations
- Privacy and data sharing policies
Security and privacy in management information systems
- Novel secure applications
- Secure and private data analytics
- Flexible and seamless security architectures
- Secure operating system design
Collaborations
- Secure and private supply chains
- Security and privacy in virtual organizations
- Private social network and Web 2.0 applications
- Security and privacy in outsourcing
For more information, please see
http://ra.crema.unimi.it/inspec2008/.
SCN 2008
6th Conference on Security and Cryptography for Networks,
Amalfi, Italy, September 10-12, 2008.
[posted here 3/31/08]
Security and privacy are increasing concerns in computer networks such as the
Internet. The availability of fast, reliable, and cheap electronic communication
offers the opportunity to perform electronically and in a distributed way a wide range
of transactions of a most diverse nature. SCN 2008 aims at bringing together researchers
in the field of cryptography and security in communication networks to foster
cooperation and exchange of ideas. Original papers on all technical aspects of
cryptography and security are solicited for submission to SCN 2008.
Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and state of the art
- Identification
For more information, please see
http://scn.dia.unisa.it/.
CARDIS 2008
8th Smart Card Research and Advanced Application Conference,
Royal Holloway, University of London, Egham, Surrey, UK, September 8-11, 2008.
[posted here 11/26/07]
Since 1994, CARDIS has been the foremost international conference dedicated to smart
card research and applications. Submissions across a broad range of smart card
development phases are encouraged, from exploratory research and proof-of-concept
studies to practical applications and deployment of smart card technology.
As a response to the growing development of contactless applications and RFID
systems, a special interest is also devoted to low cost cryptographic mechanisms
and physical security of constrained devices. Topics of interest include,
but are not limited to:
- From smart cards to smart devices (hardware, form factor, display)
- Software environments for smart cards and devices (OS, VM, API)
- Smart cards and devices networking and high-level data models
- Smart cards and devices applications, development and deployment
- Person representation and biometrics using smart technologies
- Identity, privacy and trust issues for smart technologies
- High-speed, small-footprint implementations of cryptographic algorithms
- Attacks and countermeasures in hardware and software
- Cryptographic protocols for smart cards and devices
- Biometrics and smart cards
- Formal modeling of environments and applications
- Interplay of TPMs and smart cards
- Security of RFID systems
For more information, please see
http://www.scc.rhul.ac.uk/CARDIS/.
SEC 2008
23rd International Information Security Conference,
Co-located with IFIP World Computer Congress 2008,
Milan, Italy, September 8-10, 2008.
[posted here 9/27/07]
The conference seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have
practical relevance to the construction, evaluation, application, or operation
of secure systems. Theoretical papers must make convincing argument for the
practical significance of the results.
Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models
For more information, please see
http://sec2008.dti.unimi.it.
OSSCoNF 2008
1st Workshop on Open Source Software for Computer and Network Forensics,
Held in conjunction with the 4th International Conference on Open Source Systems (OSS 2008),
Milan, Italy, September 7-10, 2008.
[posted here 2/25/08]
OSSCoNF aims at creating an informal, but selected academic venue to discuss
the benefits (and drawbacks, if any) of using Free, Libre, and Open Source
Software (FLOSS) for computer and network forensics, incident management and
digital investigations. The main topics of interest for the workshop are:
- FLOSS tools for Evidence Management
- Tools for acquisition, collection, and storage of digital evidence
- Tools for identification, authentication, integrity preservation of digital evidence
- FLOSS tools for Analysis and Identification of Evidence
- Tools for the analysis and search of digital evidence
- Tools for cybercrime scenarios reconstruction, correlation and data mining applied to digital forensics
- Tools for analysis of embedded or non-traditional devices such as cellphones, cameras...
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches for proprietary tools
- FLOSS tools for the automation of the forensic process and case management
For more information, please see
http://conferenze.dei.polimi.it/ossconf.
Pairing 2008
2nd International Conference on Pairing-based Cryptography,
Egham, UK, September 1-3, 2008.
[posted here 11/12/07]
Pairing-based cryptography is an extremely active area of research which
has allowed elegant solutions to a number of long-standing open problems
in cryptography (such as efficient identity-based encryption).
New developments continue to be made at a rapid pace. The aim of "Pairing"
conference is thus to bring together leading researchers and practitioners
from academia and industry, all concerned with problems related to
pairing-based cryptography. Authors are invited to submit papers describing
their original research on all aspects of pairing-based cryptography,
including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security
For more information, please see
http://www.pairing-conference.org/.
SecCo 2008
6th International Workshop on Security Issues in Concurrency,
Toronto, Canada, August 23, 2008.
[posted here 4/21/08]
Emerging trends in concurrency theory require the definition of models and
languages adequate for the design and management of new classes of applications,
mainly to program either WANs (like Internet) or smaller networks of mobile and
portable devices (which support applications based on a dynamically reconfigurable
communication structure). Due to the openness of these systems, new critical
aspects come into play, such as the need to deal with malicious components
or with a hostile environment. Current research on network security issues
(e.g. secrecy, authentication, etc.) usually focuses on opening cryptographic
point-to-point tunnels. Therefore, the proposed solutions in this area are
not always exploitable to support the end-to-end secure interaction
between entities whose availability or location is not known beforehand.
The aim of the workshop is to cover the gap between the security and the
concurrency communities. More precisely, the workshop promotes the exchange of ideas,
trying to focus on common interests and stimulating discussions on central research
questions. In particular, we look for papers dealing with security issues (such as
authentication, integrity, privacy, confidentiality, access control, denial of service,
service availability, safety aspects, fault tolerance, trust, language-based security)
in emerging fields like web services, mobile ad-hoc networks, agent-based infrastructures,
peer-to-peer systems, context-aware computing, global/ubiquitous/pervasive computing.
For more information, please see
http://www.lsv.ens-cachan.fr/SecCo08/.
PODC 2008
27th Annual ACM SIGACT-SIGOPS Symposium on the Principles of
Distributed Computing,
Toronto, Canada, August 18-21, 2008.
[posted here 11/26/07]
PODC solicits papers on all areas of distributed systems. We encourage submissions
dealing with any aspect of distributed computing from the theoretical or
experimental viewpoints. The common goal is to improve understanding of
principles underlying distributed computing. Topics of interest include
the following subjects in distributed systems:
- distributed algorithms: design and analysis
- communication networks: architectures, services, protocols, applications
- multiprocessor and multi-core architectures and algorithms
- shared and transactional memory, synchronization protocols, concurrent programming
- fault-tolerance, reliability, availability, self organization
- Internet applications, social networks, recommender systems
- distributed operating systems, middleware platforms, databases
- distributed computing with selfish agents
- peer-to-peer systems, overlay networks, distributed data management
- high-performance, cluster, and grid computing
- mobile computing, autonomous agents, location- and context-aware distributed systems
- security in distributed computing, cryptographic protocols
- sensor, mesh, and ad hoc networks
- specification, semantics, verification, and testing of distributed systems
For more information, please see
http://www.podc.org/podc2008.
DFRWS 2008
8th Annual Digital Forensic Research Workshop,
Baltimore, MD, USA, August 11-13, 2008.
[posted here 12/17/07]
DFRWS brings together leading researchers, developers, practitioners, and
educators interested in advancing the state of the art in digital forensics
from around the world. As the most established venue in the field, DFRWS is the
preferred place to present both cutting-edge research and perspectives on best
practices for all aspects of digital forensics. As an independent organization,
we promote open community discussions and disseminate the results of our work to
the widest audience. We invite original contributions as research papers, panel
proposals, Work-in-Progress talks, and demo proposals. All papers are evaluated
through a double-blind peer-review process, and those accepted will be published
in printed proceedings by Elsevier. Topics of Interest include:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis,
traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (“file carving”)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/2008/.
ICITS 2008
International Conference on Information Theoretic Security,
Calgary, Canada, August 10-13, 2008.
[posted here 11/26/07]
This is the second conference in a series of conferences that is
aimed to bring together the leading researchers in the area of information
and quantum theoretic security. This series of conferences is a successor to
the 2005 IEEE Information Theory Workshop on Theory and Practice in
Information-Theoretic Security (ITW 2005). The first ICITS conference was
held in Madrid, after Eurocrypt 2007. Conference proceedings will be published
by Springer Verlag in the Lecture Notes in Computer Science. The topics of interest
are on work on any aspect of information theoretical security, this means security
based on information theory. This includes, but is not limited to the following
topics:
- Information theoretic analysis of security
- Private and Reliable Networks
- Anonymity
- Public Key Cryptosystems using Codes
- Authentication Codes
- Quantum Cryptography
- Conventional Cryptography using Codes
- Quantum Information Theory
- Fingerprinting
- Randomness extraction
- Ideal Ciphers
- Secret Sharing
- Information Hiding
- Secure Multiparty Computation
- Key Distribution
- Traitor Tracing
- Oblivious Transfer
- Data hiding and Watermarking
For more information, please see
http://iqis.org/events/icits2008.
IWSSE 2008
2nd International Workshop on Security in Software Engineering,
Held in conjunction with the IEEE COMPSAC 2008,
Turku, July 28 – August 1, 2008.
[posted here 1/15/08]
Secure software engineering has become an emerging interdisciplinary area
across software engineering, programming languages, and security engineering.
Secure software engineering focuses on developing secure software and
understanding the security risks and managing these risks throughout the
life-cycle of software. The purpose of the workshop is to bring together
researchers and practitioners who work closely in this area to create a
forum for reporting and discussing recent advances in improving security
in software engineering and inspiring collaborations and innovations on
new methods and techniques to advance software security in our practices.
Researchers and practitioners worldwide are invited to present their
research expertise and experience, and discuss the issues and challenges
in security from software engineering perspective.
Submissions of quality papers in the following non-exhaustive list of
topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
For more information, please see
http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html.
USENIX-Security 2008
17th USENIX Security Symposium,
San Jose, California, USA, July 28-August 1, 2008.
[posted here 10/1/07]
On behalf of the 17th USENIX Security Symposium (USENIX Security '08) program committee, we are inviting you to
submit high-quality papers in all areas relating to systems and network security.
Please note that the USENIX Security Symposium is primarily a systems security conference.
Papers whose contributions are primarily new cryptographic algorithms or protocols,
cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this
conference. Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security
For more information, please see
http://www.usenix.org/sec08/cfpa/.
EVT 2008
USENIX/ACCURATE Electronic Voting Technology Workshop,
Held in conjunction with the 17th USENIX Security Symposium,
San Jose, CA, USA, July 28-29, 2008.
[posted here 2/11/08]
EVT '08 seeks to bring together researchers from a variety of disciplines,
ranging from computer science and human-computer interaction experts through
political scientists, legal experts, election administrators, and voting
equipment vendors. EVT seeks to publish original research on important problems
in all aspects of electronic voting. We welcome papers on voting topics
including but not limited to:
- Voter registration and pre-voting
- Vote collection
- Vote tabulation
- Post-election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including ADA, HAVA, intellectual property, and nondisclosure
agreements on voting system evaluations
- Issues with and evolution of voting technology standards
For more information, please see
http://www.usenix.org/evt08/cfpa.
CSET 2008
Workshop on Cyber Security Experimentation and Test,
Held in conjunction with the USENIX Security Symposium 2008,
San Jose, CA, USA, July 28, 2008.
[posted here 5/12/08]
The workshop aims to gather both researchers who use testbeds for security
experimentation and testbed developers, to share their ideas and results, and to
discuss open problems in this area. While we particularly invite papers that deal
with security experimentation, we are also interested in papers that address general
testbed/ experiment issues that have implications on security experimentation such
as: traffic and topology generation, large-scale experiment support, experiment
automation, etc. We are further interested in educational efforts that involve
security experimentation. Please see workshop URL for a more detailed listing
of topics.
For more information, please see
http://www.usenix.org/event/cset08/.
SOUPS 2008
Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008.
[posted here 10/15/07]
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy. The program will feature
technical papers, a poster session, panels and invited talks, discussion
sessions, and in-depth sessions (workshops and tutorials).
We invite authors to submit original papers describing research or experience
in all areas of usable privacy and security. Topics include, but are not
limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or security
testing of usability features
- lessons learned from deploying and using usable privacy
and security features
For more information, please see
http://cups.cs.cmu.edu/SOUPS/.
SMPE 2008
2nd International Symposium on Security and Multimodality in Pervasive Environments,
Held in conjunction with the 5th ACM Annual International Conference on Mobile and
Ubiquitous Systems: Computing, Networking and Services (MOBIQUITOUS 2008),
Trinity College Dublin, Ireland, July 21-25, 2008.
[posted here 2/4/08]
Pervasive computing environments present specific peculiarities with
respect to aspects like security and multimodality. As a matter of fact,
the accessibility level of a virtual environment can definitively be improved
by natural interfaces and multimodal interaction systems, which offer users
the freedom to select from multiple modes of interaction with services and
permit to break down barriers about human-computer interaction making
communication intuitive and spontaneous. On the other hand, while enlarging
and easing the ways to access to the environment, security threads arise
and the environment must be properly equipped in order to protect itself
from malicious attacks and/or from wrong actions performed by inexpert
users. Topics include:
- Trust and reputation management in UE
- Security applications and services in pervasive
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing
For more information, please see
http://www.na.icar.cnr.it/smpe08/.
DEON 2008
9th International Conference on Deontic Logic in Computer Science,
Luxembourg, July 15-18, 2008.
[posted here 12/10/07]
The biennial DEON conferences are designed to promote interdisciplinary cooperation
amongst scholars interested in linking the formal-logical study of normative concepts
and normative systems with computer science, artificial intelligence, philosophy, organization
theory and law. DEON2008 has a special focus on logical approaches to deontic notions
in computer science in security and trust, encompassing applications in e-commerce as
well as traditional areas of computer security. Topics of interest in this special
theme include, but are not limited to:
- digital rights management
- electronic contracts, including service level agreements and digital media licenses
- authorization
- access control
- security
- privacy policies
- business processes
- regulatory compliance
For more information, please see
http://deon2008.uni.lu.
ACISP 2008
13th Australasian Conference on Information Security and Privacy,
Wollongong, Australia, July 14-16, 2008.
[posted here 9/10/07]
ACISP 2008 is the main computer security and cryptography conference organized
in Australia that provides an avenue for discussion and exchange of ideas for
researchers from academia and industry. Original papers pertaining to all aspects
of information security and privacy are solicited for submission to the ACISP 2008.
Papers may present theory, techniques, applications and practical experiences on
a variety of topics. Topics of interest include, but are not limited to:
- access control
- authentication and identi?cation
- authorization
- biometrics
- computer forensics
- copyright protection
- cryptography
- database security
- electronic surveillance
- evaluation and certification
- intrusion detection
- key management
- key establishment protocols
- legal and privacy issues
- mobile system security
- network and communication security
- secure electronic commerce
- secure operating systems
- secure protocols
- smart cards
- malware and viruses
For more information, please see
http://www.uow.edu.au/conferences/acisp%202008/index.html.
IFIP-DAS 2008
22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
London, UK, July 13-16, 2008.
[posted here 12/10/07]
The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security
provides a forum for presenting original unpublished research results, practical
experiences, and innovative ideas in data and applications security. Papers and panel
proposals are also solicited. Proceedings will be published by Springer as the
next volume in the Research Advances in Database and Information Systems Security
series. Papers may present theory, techniques, applications, or practical
experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
For more information, please see
http://seclab.dti.unimi.it/~ifip113/2008/.
DIMVA 2008
5th Conference on Detection of Intrusions and Malware & Vulnerability Assessment,
Paris, France, July 10-11, 2008.
[posted here 11/19/07]
The annual DIMVA conference serves as a premier forum for advancing the state of
the art in intrusion detection, malware detection, and vulnerability assessment.
Each year DIMVA brings together international experts from academia, industry and
government to present and discuss novel research in these areas. DIMVA is organized
by the special interest group Security - Intrusion Detection and Response of the German
Informatics Society (GI). DIMVA's scope includes, but is not restricted to the
following areas:
Intrusion Detection
- Approaches
- Implementations
- Prevention and response
- Result correlation
- Evaluation
- Potentials and limitations
- Operational experiences
- Evasion and other attacks
- Legal and social aspects
Malware
- Techniques
- Detection
- Prevention and containment
- Evaluation
- Trends and upcoming risks
- Forensics and recovery
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection
- Vulnerability prevention
- Classification and evaluation
For more information, please see
http://www.dimva.org/dimva2008/.
ACSF 2008
3rd Conference on Advances in Computer Security and Forensics,
Liverpool, UK, July 10-11, 2008.
[posted here 3/3/08]
The purpose of this conference is to bring together academics, researchers, IT managers, system
administrators, security specialists, forensic practitioners and other interested parties to
share the latest developments in research and applications from both fields. The conference
affords academics, researchers and practitioners the opportunity to share views and experiences
in these fields. The topics below are for guidance only and not as an exhaustive list:
- Incident Response and Management
- Legal issues in computer forensics
- Mobile phone and PDA forensics
- Collecting digital evidence
- Network forensics
- Computer forensics case studies
- Storage media and file forensic techniques
- Multimedia source identification
- Data carving and data mining
- Fraud investigation techniques
- Intrusion Detection Systems
- Wireless and ad hoc network security
- Mobile agents for secure systems
- Mobile device and mobile phone security
- Network Security
- Viruses, hostile code and Denial of Service
- Trusted computing
- Trust and resilience
- Privacy and anonymity
- Access control, auditing and accountability
For more information, please see
http://www.cms.livjm.ac.uk/acsf3/.
HAISA 2008
2nd International Conference on Human Aspects of Information Security & Assurance,
Plymouth, United Kingdom, July 8-10, 2008.
[posted here 9/17/07]
The symposium welcomes papers addressing research and case studies in relation to
any aspect of information security that pertains to the attitudes, perceptions and
behaviour of people, and how human characteristics or technologies may be positively
modified to improve the level of protection. Indicative themes include:
- Information security culture
- Awareness and education methods
- Enhancing risk perception
- Public understanding of security
- Usable security
- Psychological models of security software usage
- User acceptance of security policies and technologies
- User-friendly authentication methods
- Biometric technologies and impacts
- Automating security functionality
- Non-intrusive security
- Assisting security administration
- Impacts of standards, policies, compliance requirements
- Organizational governance for information assurance
- Simplifying risk and threat assessment
- Understanding motivations for misuse
- Social engineering and other human-related risks
- Privacy attitudes and practices
- Computer ethics and security
For more information, please see
http://www.haisa.org.
ICIMP 2008
3rd International Conference on Internet Monitoring and Protection,
Bucharest, Romania, June 29 - July 5, 2008.
[posted here 12/10/07]
The International Conference on Internet Monitoring and Protection (ICIMP 2008)
initiates a series of special events targeting security, performance, vulnerabilities in
Internet, as well as disaster prevention and recovery. Dedicated events focus on measurement,
monitoring and lessons learnt in protecting the user. ICIMP 2008 Tracks include:
- TRASI: Internet traffic surveillance and interception
- IPERF: Internet performance
- RTSEC: Security for Internet-based real-time systems
- DISAS: Disaster prevention and recovery
- EMERG: Networks and applications emergency services
- MONIT: End-to-end sampling, measurement, and monitoring
- REPORT: Experiences & lessons learnt in securing networks and applications
- USSAF: User safety, privacy, and protection over Internet
- SYVUL: Systems vulnerabilities
- SYDIA: Systems diagnosis
- CYBER-FRAUD: Cyber fraud
- BUSINESS: Business continuity
- RISK: Risk assessment
- TRUST: Privacy and trust in pervasive communications
- RIGHT: Digital rights management
- BIOTEC: Biometric techniques
For more information, please see
http://www.iaria.org/conferences2008/ICIMP08.html.
FCC 2008
4th Workshop on Formal and Computational Cryptography,
Carnegie Mellon University, Pittsburgh, PA, USA, June 26, 2008.
[posted here 4/28/08]
Since the 1980s, two approaches have been developed for analyzing security protocols.
One of the approaches is based on a computational model that considers issues of
computational complexity and probability. Messages are modeled as bitstrings and
security properties are defined in a strong form, in essence guaranteeing security
with high probability against all probabilistic polynomial-time attacks. However,
it is difficult to prove security of large, complex protocols in this model. The
other approach relies on a symbolic model of protocol execution in which messages
are modelled using a term algebra and cryptographic primitives are treated as
perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the
corresponding decryption key. This abstraction enables significantly simpler and
often automated analysis of complex protocols. Since this model places strong
constraints on the attacker, a fundamental question is whether such an analysis
implies the strong security properties defined in the computational model.
This workshop focuses on approaches that combine and relate symbolic and computational
protocol analysis. Over the last few years, there has been a spate of research results
in this area. One set of results establish correspondence theorems between the two models,
in effect showing that for a certain class of protocols and properties, security
in the symbolic model implies security in the computational model. In other work,
researchers use language-based techniques such as process calculi and protocol
logics to reason directly about the computational model. Several projects are
investigating ways of mechanizing computationally sound proofs of protocols. T
he workshop seeks results in this area of computationally sound protocol analysis:
foundations and tools.
For more information, please see
http://www.di.ens.fr/~blanchet/fcc08/.
WEIS 2008
Workshop on the Economics of Information Security,
Hanover, New Hampshire, USA, June 25-27, 2008.
[posted here 2/18/08]
The 2008 Workshop on the Economics of Information Security invites original
research papers focused on the economics of information security and the
economics of privacy. We encourage economists, computer scientists, business
school researchers, law scholars, security and privacy specialists, as well as
industry experts to submit their research and attend the Workshop. Suggested topics
include (but are not limited to) empirical and theoretical economic studies of:
- Optimal investment in information security
- Privacy, confidentiality and anonymity
- Cybertrust and reputation systems
- Intellectual property protection
- Information access and provisioning
- Risk management and cyberinsurance
- Security standards and regulation
- Behavioral security and privacy
- Cyberterrorism policy
- Organizational security and metrics
- Psychology of risk and security
- Phishing, spam, and cybercrime
- Vulnerability discovery, disclosure, and patching
For more information, please see
http://weis2008.econinfosec.org.
ATC 2008
5th International Conference on Autonomic and Trusted Computing,
Oslo, Norway, June 23-25, 2008.
[posted here 10/29/07]
Computing systems including hardware, software, communication and networks are
growing dramatically in both scale and heterogeneity, becoming overly complex.
Such complexity is getting even more critical with the ubiquitous permeation of
embedded devices and other pervasive systems. To cope with the growing and
ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable
computing and communication systems that exhibit self-awareness, self-configuration,
self-optimization, self-healing, self-protection and other self-x operations to
the maximum extent possible without human intervention or guidance.
Organic Computing (OC) additionally emphasizes natural-analogue concepts like
self-organization and controlled emergence.
Trusted/Trustworthy Computing (TC) aims at making computing and communication
systems as well as services available, predictable, traceable, controllable,
assessable, sustainable, dependable, persist-able, security/privacy protect-able,
etc. ATC-08 addresses the most innovative research and development in these
challenging areas and includes all technical aspects related to
autonomic/organic computing (AC/OC) and trusted computing (TC).
Topics of interest include, but are not limited to:
- AC/OC Theory and Models (
Nervous/organic models, negotiation, cooperation, competition,
self-organization, emergence, etc.)
- AC/OC Architectures and Systems (Autonomic elements & their relationship,
frameworks, middleware, observer/controller architectures, etc.)
- AC/OC Components and Modules (Memory, storage, database, device, server,
proxy, software, OS, I/O, etc.)
- AC/OC Communication and Services (Networks, self-organized net, web service,
grid, P2P, semantics, agent, transaction, etc.)
- AC/OC Tools and Interfaces (Tools/interfaces for AC/OC system development,
test, monitoring, assessment, supervision, etc.)
- Trust Models and Specifications (Models and semantics of trust,
distrust, mistrust, over-trust, cheat, risk, reputation, reliability, etc.)
- Trust-related Security and Privacy (Trust-related secure architecture,
framework, policy, intrusion detection/awareness, protocols, etc.)
- Trusted Reliable and Dependable Systems (Fault-tolerant systems,
hardware redundancy, robustness, survivable systems, failure recovery, etc.)
- Trustworthy Services and Applications (Trustworthy Internet/web/grid/P2P
e-services, secured mobile services, novel applications, etc.)
- Trust Standards and Non-Technical Issues (Trust standards and issues related
to personality, ethics, sociology, culture, psychology, economy, etc.)
For more information, please see
http://www.ux.uis.no/atc08/.
CSF 2008
21st IEEE Computer Security Foundations Symposium,
Pittsburgh, PA, USA, June 23-25, 2008.
[posted here 10/22/07]
The IEEE Computer Security Foundations (CSF) series brings together researchers in
computer science to examine foundational issues in computer security. Over the
past two decades, many seminal papers and techniques have been presented first at
CSF. The CiteSeer Impact page (http://citeseer.ist.psu.edu/impact.html ) lists CSF
as 38th out of more than 1200 computer science venues, top 3.11% in impact based
on citation frequency. New theoretical results in computer security are welcome.
Also welcome are more exploratory presentations, which may examine open questions
and raise fundamental concerns about existing theories. Panel proposals are sought
as well as papers. Possible topics include, but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management
For more information, please see
http://www.cylab.cmu.edu/CSF2008/.
USENIX 2008
2008 USENIX Annual Technical Conference,
Boston, MA, USA, June 22-27, 2008.
[posted here 12/24/07]
Authors are invited to submit original and innovative papers to the Refereed Papers
Track of the 2008 USENIX Annual Technical Conference. We seek high-quality submissions
that further the knowledge and understanding of modern computing systems, with an
emphasis on implementations and experimental results. We encourage papers that break
new ground or present insightful results based on practical experience.
The USENIX conference has a broad scope; specific topics of interest include
but are not limited to:
- Architectural interaction
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization
- Web technology
- Wireless, sensor, and mobile systems
For more information, please see
http://www.usenix.org/events/usenix08/.
W2Trust 2008
Web 2.0 Trust Workshop (No Proceedings),
Held in conjunction with the IFIP-TM 2008,
Trondheim, Norway, June 21, 2008.
[posted here 3/31/08]
Web 2.0 has emerged as the adopted suite of technologies by developers,
users and business. The new web 2.0 paradigm provides the technology that enables government,
businesses and users to interact and integrate services and data and benefit
The Wisdom of the Crowds. Because of strong collaborative nature of Web 2.0 applications,
mechanisms for trust management are crucial for its healthy development. Trust in Web 2.0 opens
several new vistas for researchers and practitioners. In particular, approaches to trust management
designed for Web 1.0 need to be revisited. In Web 1.0 Trust was mostly related to e-commerce
and security of the portal. The main trust issues were related to the website content,
and authenticity of the source which posted data. With the advent of the Web 2.0 the
issue of trust has shifted from the people or companies that run a site to focus more on
the people that populate it. This new technology in fact enables users to interact and
collaborate seamlessly. For example, using social networks users are engaging with each
other at a one to one level in several ways, for business, pleasure, for knowledge
sharing and so forth. The predominant issue is now whether one can trust the people on
a site, since the content is being generated by anyone and then being rated by anyone.
How to ensure that what other users write is true, authentic and will not misused is an
open challenge. Trust evaluations are however fundamental to help users making the best
decisions when sharing resources and data. Thus, the success of Web 2.0 strongly depends
on the development of efficient, adequate and scalable trust models.
We solicit papers, case studies, and participation from researchers, systems architects,
vendor engineers, and users. Suggested topics include but are not limited to:
- Secure Mashup Technologies
- Trust in Data Aggregation and Integration
- Trust in Service Oriented Architecture
- Security in Social Networks
- Trust in New Technologies Such as AJAX
- Trust models in Social Networks
- Web Services Security
- Trust in Grid Environments
For more information, please see
http://www.sis.uncc.edu/~mshehab/W2Trust/index.html.
IFIP-TM 2008
Joint iTrust and PST conferences on Privacy, Trust Management and Security,
Trondheim, Norway, June 18-20, 2008.
[posted here 10/15/07]
The mission of the IFIPTM 2008 conference is to share research solutions to
problems of Trust, Security and Privacy and to identify new issues and
directions for future research and development work. IFIPTM 2008 invites
research submissions on all topics related to Trust, Security and Privacy,
including but not limited to those listed below:
- Security and trust for composite applications
- Trust models, formalization, specification, analysis and reasoning
- Engineering of trustworthy and secure software
- The ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security and privacy for software as a service (SaaS)
- Security and trust for Web 2.0 mashups
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Security, trust and privacy for service oriented architectures
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Intrusion detection systems and technologies
- Operating systems security
- Network security (anti-virus, anti-DoS-tools, firewalls etc.)
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Distributed trust and reputation management systems
- Human computer interaction and privacy, security & trust
- Applications of trust and reputation management in e-services
For more information, please see
http://www.ntnu.no/videre/konferanse/IFIPTM08/.
ICDCS 2008
28th International Conference on Distributed Computing Systems,
Beijing, China, June 17-20, 2008.
[posted here 8/13/07]
ICDCS is an IEEE Computer Society sponsored premier conference with a wide
coverage of topics in Distributed Computing. It has a long history of
significant achievements and worldwide visibility.
The conference provides a forum for engineers and scientists in academia,
industry and government to present their latest research findings in
any aspects of distributed and parallel computing. Topics of particular
interest include, but are not limited to:
- Theoretical Foundations
- Data Management and Data Centers
- Distributed Cyber-Physical Systems
- Reliability and Dependability
- Security and Privacy
- Network Architectures and Protocols
- Operating Systems and Middleware
- Cyber-Infrastructure for Distributed Computing
- Sensor Networks and Applications
- Wireless and Mobile Computing
- Multimedia Systems
- Web-Based Distributed Computing
For more information, please see
http://www.engin.umd.umich.edu/icdcs/.
PLAS 2008
3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
Tucson, Arizona, USA, June 8, 2008.
[posted here 2/25/08]
PLAS aims to provide a forum for exploring and evaluating ideas on the use
of programming language and program analysis techniques to improve the
security of software systems. Strongly encouraged are proposals of new,
speculative ideas; evaluations of new or known techniques in practical settings;
and discussions of emerging threats and important problems. The scope of PLAS
includes, but is not limited to:
- Language-based techniques for security
- Verification of security properties in software
- Automated introduction and/or verification of security enforcement mechanisms
- Program analysis techniques for discovering security vulnerabilities
- Compiler-based security mechanisms, such as host-based intrusion
detection and in-line reference monitors
- Specifying and enforcing security policies for information flow
and access control
- Model-driven approaches to security
- Applications, examples, and implementations of these techniques
For more information, please see
http://research.ihost.com/plas2008/.
NYS-IA 2008
3rd Annual Symposium on Information Assurance,
Albany, NY, USA, June 4-5, 2008.
[posted here 1/7/08]
Authors are invited to submit original and unpublished papers to the
3rd Annual Symposium on Information Assurance, which will be jointly held with
the 11th Annual NYS Cyber Security Conference. This two day event attracts practitioners,
researchers, and vendors providing opportunities for business and intellectual engagement
among attendees. The conference program will be organized into topics not limited to:
- Security Policy Implementation & Compliance
- Computer & Network Forensics
- Information Security Risk Management
- Network Security and Intrusion Detection
- Economics of Information Security
- Reverse Engineering of Viruses and Worms
- Security Metrics for Evaluating Security
- Botnet Detection and Prevention
- Computer Crime Data Analytics
- Security in Wireless and Ad hoc Networks
- Internet-based Terrorism and Espionage
- Adaptive & Resilient Security Models
- Digital Rights Management
- Biological Models of Security
- Privacy & Security
- Distributed Systems Security
- Security Glossaries and Ontologies
- Database Security and Data Integrity
- Trust Modeling and Management
- Curriculum Development in Information Security
For more information, please see
http://www.albany.edu/iasymposium.
SHPCS 2008
Workshop on Security and High Performance Computing Systems,
Held in conjunction with the 2008 International Conference on High Performance Computing & Simulation (HPCS 2008)
and the 22nd European Conference on Modelling and Simulation (ECMS 2008),
Nicosia, Cyprus, June 3-6, 2008.
[posted here 12/10/07]
This workshop addresses relationships between security and high performance systems in three
directions. First, it considers how to add security properties (authentication, confidentiality,
integrity, non-repudiation, access control) to high performance computing systems.
Second, it covers how to use high performance computing systems to solve security problems.
Third, it investigates the tradeoffs between maintaining high performance and achieving security
in computing systems and solutions to balance the two objectives. In all these directions,
various performance analyses or monitoring techniques can be conducted to show the efficiency
of a security infrastructure. This workshop covers (but is not limited to) the following topics:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Smartcards
- Trust Management Policies
- Trust Models
For more information, please see
http://www.diiga.univpm.it/~spalazzi/nicosia/.
ACNS 2008
6th International Conference on Applied Cryptography and Network Security,
New York, New York, USA, June 3-6, 2008.
[posted here 8/13/07]
ACNS is an annual conference concentrating on current developments that
advance the areas of applied cryptography and its application to systems
and network security.
Original papers on all aspects of applied cryptography and network security
are solicited for submission to ACNS'08. Topics of relevance include
but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key
and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing,
naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc)
networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see
http://acns2008.cs.columbia.edu/.
SSDU 2008
2nd International Symposium on Service, Security and its Data management
technologies in Ubi-comp,
Held in conjunction with the 3rd International Conference on Grid and Pervasive
Computing (GPC 2008),
Kunming, China, May 25-28, 2008.
[posted here 1/14/08]
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new
paradigm with user-centric environment to provide computing and
communication services at any time and anywhere. In order to realize
their advantages, it requires integrating security, services and data management
to be suitable for Ubi-com. However, there are still many problems and
major challenges awaiting for us to solve such as the security risks in
ubiquitous resource sharing, which could be occurred when data resources are
connected and accessed by anyone in Ubi-com. Therefore, it will be needed
to explore more secure and intelligent mechanism in Ubi-com. Topics include:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RF-ID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com
For more information, please see
http://grid.hust.edu.cn/gpc2008/.
Oakland 2008
29th IEEE Symposium on Security and Privacy,
The Claremont Resort, Berkeley/Oakland, California, USA, May 18-21, 2008.
[posted here 8/13/07]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for
the presentation of developments in computer security and electronic privacy, and
for bringing together researchers and practitioners in the field.
Previously unpublished papers offering novel research contributions in any
aspect of computer security or electronic privacy are solicited for submission
to the 2008 symposium. Papers may represent advances in the theory, design,
implementation, analysis, or empirical evaluation of secure systems, either
for general use or for specific application domains. The Symposium is also
open to the submission of co-located half-day or one-day workshops.
Topics of particular interest include, but are not limited to:
- Access control and audit
- Anonymity and pseudonymity
- Application-level security
- Biometrics
- Cryptographic protocols
- Database security
- Denial of service
- Distributed systems security
- Formal methods for security
- Information flow
- Intrusion detection and prevention
- Language-based security
- Malicious code prevention
- Network security
- Operating system security
- Peer-to-peer security
- Privacy
- Risk analysis
- Secure hardware and smartcards
- Security engineering
- Security policy
- User authentication
For more information, please see
http://www.ieee-security.org/TC/SP2008/oakland08.html.
SADFE 2008
3rd International Workshop on Systematic Approaches to Digital Forensic Engineering,
Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008),
The Claremont Resort, Oakland, CA, USA, May 22, 2008.
[posted here 1/14/08]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International
Workshop promotes systematic approaches to cyber crime investigation, by furthering
the advancement of digital forensic engineering as a disciplined practice. Digital
forensic engineering is characterized by the application of scientific and
mathematical principles to the investigation and establishment of facts or
evidence, either for use within a court of law or to aid understanding of cyber
crimes or cyber-enabled crimes. To advance the state of the art, SADFE 2008
solicits broad-based, innovative digital forensic engineering technology,
techno-legal and practice-related submissions in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence discovery,
collection, and storage.
- Principle-based Digital Forensic Processes: systematic engineering processes
supporting digital evidence management which are sound on scientific, technical
and legal grounds.
- Digital Evidence Analytics: advanced digital evidence analysis, correlation,
and presentation.
- Forensic-support technologies: forensic-enabled and proactive
monitoring/response.
For more information, please see
http://conf.ncku.edu.tw/sadfe/sadfe08/.
W2SP 2008
2nd Workshop on Web 2.0 Security and Privacy,
Held in conjunction with the 2008 IEEE Symposium on Security and Privacy (SP 2008),
The Claremont Resort, Oakland, CA, USA, May 22, 2008.
[posted here 1/14/08]
The goal of this one day workshop is to bring together researchers and
practitioners from academia and industry to focus on understanding Web 2.0
security and privacy issues, and establishing new collaborations in these areas.
Web 2.0 is about connecting people and amplifying the power of working together.
The mixing of technology and social interaction is occurring in the context of
a wave of technologies supporting rapid development of these interpersonal and
business interactions. Many of the new web technologies rely on the composition
of content and services from multiple sources, resulting in complex technology
compositions (mash-ups). The content composition trend is likely to continue.
The lure of these technologies is the promise of simpler ways to compose
software service and content, at lower cost. However, there are issues with
respect to management of identities, reputation, privacy, anonymity, transient
and long term relationships, and composition of function and content, both
on the server side and at the client (web browser). While the security
and privacy issues are not new, these issues are increasingly becoming
acute as the technologies are adopted and adapted to appeal to wider
audiences. Some of these technologies deliberately bypass existing
security mechanisms. This workshop is intended to discuss the limitations
of the current technologies and explore alternatives.
The scope of W2SP 2008 includes, but is not limited to:
- Identity, privacy, reputation and anonymity
- End-to-end security architectures
- Security of content composition
- Security and privacy policy definition and modeling of content composition
- Provenance and governance
- Usable security and privacy models
- Static and dynamic analysis for security
- Security as a service
- Click fraud
- Software as a service
- Web services/feeds/mashups
- Next generation browser technology
For more information, please see
http://www.ieee-security.org/TC/SP2008/oakland08.html.
WISTP 2008
Workshop in Information Security Theory and Practices 2008:
Smart Devices, Convergence and Next Generation Networks,
Sevilla, Spain, May 13-16, 2008.
[posted here 12/17/07]
With the rapid technological development of information technologies and with
the transition from the common to the next generation networks, computer systems
and especially embedded systems are becoming more mobile and ubiquitous,
increasingly interfacing with the physical world. Ensuring the security of these
complex and yet, resource constraint systems has emerged as one of the most pressing
challenges. Another important challenge is related to the convergence of these new
technologies. The aim of this second workshop is to bring together researchers
and practitioners in related areas and to encourage interchange and cooperation
between the research community and the industrial/consumer community.
Topics of interest include, but are not limited to:
Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- New Applications for Secure RFID Systems
- RFID Systems Security
- Smart Card Security
- Smart Devices Applications
- Wireless Sensor Node Security
Convergence: Security Architectures, Protocols, Policies and Management for Mobility
- Critical Infrastructure (e.g. for Medical or Military Applications) Security
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing Security
- Industrial and Multimedia Applications
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Localization Systems Security (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human) Security
- Mobile Commerce Security
- Public Administration and Governmental Services
- Privacy Enhancing Technologies
- Security Models and Architecture
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Protocols (for Identification and Authentication, Confidentiality and Privacy, and Integrity)
- Security Measurements
Next Generation Networks
- Ad Hoc Networks Security
- Delay-Tolerant Network Security
- Domestic Network Security
- Peer-to-Peer Networks Security
- Security Issues in Mobile and Ubiquitous Networks
- Security of GSM/GPRS/UMTS Systems
- Sensor Networks Security
- Vehicular Network Security
- Wireless Communication Security: Bluetooth, NFC, WiFi, WiMAX, WiMedia, others
For more information, please see
http://wistp2008.xlim.fr/.
ISPEC 2008
4th Information Security Practice and Experience Conference,
Sydney, Australia, April 21-23, 2008.
[posted here 8/21/07]
As applications of information security technologies become pervasive, issues
pertaining to their deployment and operation are becoming increasingly important.
ISPEC is an annual conference that brings together researchers and practitioners to
provide a confluence of new information security technologies, their applications
and their integration with IT systems in various vertical sectors.
Topics of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Information security in vertical applications
- Legal and regulatory issues
- Network security
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security in e-commerce and e-business and other applications
- Security policy
- Security standards activities
- Trusted Computing
- Trust model and management
- Usability aspects of information security systems
For more information, please see
http://www.uow.edu.au/conferences/ISPEC%202008/index.html/.
UPSEC 2008
Workshop on Usability, Psychology, and Security,
Co-located with the 5th USENIX Symposium on Networked Systems Design & Implementation (NSDI 2008),
San Francisco, California, USA, April 14, 2008.
[posted here 11/19/07]
Information security involves both technology and people. To design and deploy secure
systems, we require an understanding of how users of those systems perceive,
understand, and act on security risks and threats. This one-day workshop will
bring together an interdisciplinary group of researchers, systems designers,
and developers to discuss how the fields of human computer interaction, applied psychology,
and computer security can be brought together to inform innovations in secure systems
design. We seek to deepen the conversation about usable security to go beyond the user
interface, toward developing useful and usable systems of humans and technology.
Topics include but are not limited to:
- Error detection and recovery
- Human perception and cognitive information processing
- Identity and impression management
- Individual and cultural differences
- Information seeking and evaluation
- Judgment and decision-making
- Learning, training, and experience
- Mental models
- Models of privacy, sharing, and trust
- Organizational, group, and individual behavior
- Risk perception, risk analysis, and risk communication
- Security behavior study methodology
- Social engineering
- Social influence and persuasion
- System proposals and design approaches
- Threat evaluation
- Usability
- User motivation and incentives for secure behavior
For more information, please see
http://www.usenix.org/upsec08/cfp.
CT-RSA 2008
RSA Conference 2008: Cryptographers' Track,
San Francisco, California, USA, April 8-11, 2008.
[posted here 8/13/07]
The RSA Conference is the largest, regularly-staged computer security event,
with over 350 vendors, and thousands of attendees. The Cryptographers' Track (CT-RSA)
is a research conference within the RSA Conference. CT-RSA has begun in 2002, and
has become an established venue for presenting cryptographic research papers.
The conference proceedings will be published in Springer’s Lecture Notes in
Computer Science (LNCS) series and should be available at the conference.
Special academic discount for registration will be available, as well as a
waiver for speakers presenting papers accepted to CT-RSA 08.
Original research papers pertaining to all aspects of cryptography are solicited.
Submissions may present applications, techniques, theory, and practical
experience on topics including, but not limited to:
- public-key encryption
- symmetric-key encryption
- digital signatures
- hash functions
- cryptographic protocols
- tamper-resistance
- fast implementations
- elliptic-curve cryptography
- quantum cryptography
- formal security models
- network security
- e-commerce
For more information, please see
http://ct-rsa08.cs.columbia.edu/.
WiSec 2008
1st ACM Conference on Wireless Network Security,
Alexandria, Virginia, USA, March 31 - April 2, 2008.
[posted here 6/6/07]
As wireless communications are becoming ubiquitous, their security is
gaining in importance. The ACM Conference on Wireless Network
Security (WiSec) aims at exploring attacks on wireless networks as
well as techniques to thwart them.
Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attacker modeling
- Incentive-aware secure protocol design
- Jamming
- Cross-layer design for security
- Monitoring and surveillance
- Computationally efficient cryptographic primitives
For more information, please see
http://discovery.csc.ncsu.edu/WiSec08/.
EUROSEC 2008
European Workshop on System Security,
Held in conjunction with the Annual ACM SIGOPS EuroSys conference (EUROSYS 2008),
Glasgow, Scotland, March 31, 2008.
[posted here 1/14/08]
The workshop aims to bring together researchers, practitioners, system
administrators, system programmers, and others interested in the latest
advances in the security of computer systems and networks. The focus of the
workshop is on novel, practical, systems-oriented work.
EuroSec seeks contributions on all aspects of systems security.
Topics of interest include (but are not limited to):
- new attacks, evasion techniques, and defenses
- operating system security
- hardware architectures
- "trusted computing" and its applications
- identity management, anonymity
- small trusted computing bases
- mobile systems security
- measuring security
- malicious code analysis and detection
- web security
- systems-based forensics
- systems work on fighting spam/phishing
For more information, please see
http://www.cs.vu.nl/eurosec08/.
SAC-TRECK 2008
23rd ACM Symposium on Applied Computing,
Track: Trust, Recommendations, Evidence and other Collaboration Know-how,
Fortaleza, Ceará, Brazil, March 16-20, 2008.
[posted here 6/6/07]
Computational models of trust and online reputation mechanisms have been gaining momentum.
The goal of the ACM SAC 2008 TRECK track remains to review the set of applications that
benefit from the use of computational trust and online reputation. Computational trust
has been used in reputation systems, risk management, collaborative filtering,
social/business networking services, dynamic coalitions, virtual organisations and
even combined with trusted computing hardware modules. The TRECK track covers all
computational trust applications, especially those used in real-world applications.
The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust-enhanced collaborative applications
- Trust and identity management
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Pervasive computational trust and use of context-awareness
- Autonomic and adaptive trust
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Automated collaboration and trust negotiation
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust engines
- User-studies and user interfaces of computational trust applications
For more information, please see
http://www.trustcomp.org/treck/.
IFIP-CIP 2008
2nd Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Arlington, Virginia, USA, March 16–19, 2008.
[posted here 10/9/07]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active
international community of researchers, infrastructure operators and policy-makers
dedicated to applying scientific principles, engineering techniques and public policy
to address current and future problems in information infrastructure protection.
Following the success of the inaugural conference in March 2007, the Second Annual
IFIP WG 11.10 International Conference on Critical Infrastructure Protection
will again provide a forum for presenting original, unpublished research results
and innovative ideas related to all aspects of critical infrastructure protection.
The conference will be limited to eighty participants to facilitate interactions
among researchers and intense discussions of research and implementation issues.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org/.
APE 2008
1st International Workshop on Advances in Policy Enforcement,
Held in conjunction with the 3rd International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 10/8/07]
The problem of complying with increasingly complex requirements is gaining importance
in organizations of all sizes. Such requirements stipulate how organizations must
perform a number of accountable actions with regard to, e.g., accounting -- Basel II
and SOX -- and the treatment of personal information -- HIPAA, Fair Information
Practices and negotiated privacy preferences. From a technical standpoint, these
requirements are mere policies whose modeling (expression), adherence (enforcement),
and verification (audit) dictate the workflow of organizations. The goal of this workshop
is to bring together researchers and practitioners working on innovative methods for
policy enforcement and its a posteriori audit. The focus of the workshop is primarily
technological, yet it encourages papers with a multidisciplinary character, encompassing
for instance economic, legal, and sociological aspects, as well as papers more purely
focused on information technology. Submission topics include, but are not limited to:
- A posteriori policy enforcement
- Complementing a priori and a posteriori approaches to enforcement
- Usage control
- Audit strategies
- Forensics and legal issues
- Provable enforcement
- Accountability and liability
- Secure logging mechanisms
- Expression of security and privacy requirements
- Monitoring techniques
- Implementation experiences
For more information, please see
http://www.telematik.uni-freiburg.de/ape/.
PSAI 2008
Workshop on Privacy and Security by means of Artificial Intelligence,
Held in conjunction with the third International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Spain, March 4–7, 2008.
[posted here 9/27/07]
In this workshop, we aim to convene researchers in the areas of Security, Data Privacy
and Artificial Intelligence. We seek to collect the most recent advances in artificial
intelligence techniques (i.e. neural networks, fuzzy systems, multi-agent systems,
genetic algorithms, image analysis, clustering, etc), which are applied to the
protection of privacy and security.
Topics of interest include, but are not limited to:
- Statistical Disclosure Control
- Location-based services
- Statistical databases
- Homeland security
- Robotics
- Cryptography and security protocols
- Intrusion detection systems
- Denial of service attacks
by means of
- Pattern recognition
- Image analysis
- Evolutionary computation
- Neural networks
- Multi-agent systems
- Clustering
- Case-based reasoning
- Fuzzy logic
For more information, please see
http://crises-deim.urv.cat/psai/.
DAWAM 2008
3rd International Workshop on Dependability Aspects on Data WArehousing and Mining applications,
Held in conjunction with the third International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Spain, March 4–7, 2008.
[posted here 9/17/07]
The goals of this workshop are to bring together users, engineers and
researchers (from industry and academy) alike to present their recent
work, discuss and identify problems, synergize different views of
techniques and policies, and brainstorm future research directions on
various dependability aspects of data warehousing and data mining
applications. Topics related to any of dependability aspects in data warehousing
and mining, theory, systems and applications are of interest. These
include, but are not limited to the following areas:
- Dependability and fault tolerance
- High Availability and Disaster Recovery
- Survivability of evaluative systems
- Reliability and Robustness Issues
- Accuracy and reliability of responses
- Reliable and Failure Tolerant Business Process Integration
- Reliable Event Management and Data Stream Processing
- Failure Tolerant and trustworthy Sensor Networks
- Highly available data warehouses for business processes integration
- Handling different or incompatible formats, and erroneous data
- Privacy and security policies and social impact of data mining
- Privacy preserving data integration
- Access control techniques and secure data models
- Encryption & Authentication
- Pseudonymization and Encryption
- Anonymization and pseudonymization
- Trust management, and security
- Security in Aggregation and Generalization
- User Profile Based Security
- Secure multi-party computation
- Secondary use of personal data, clinic data, credit record
- Fraud and misuse detection
- Intrusion detection and tolerance
- Data mining applications for terrorist detection
- Private queries by a (semi-trusted) third party
- Query authentication, logging, auditing, access control and authorization policies
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=35.
SecSE 2008
2nd International Workshop on Secure Software Engineering,
Held in conjunction with the 3rd International Conference on Availability, Reliability and Security (ARES 2008),
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 9/12/07]
In our modern society, software is an integral part of everyday life, and we
expect and depend upon software systems to perform correctly. Software security
is about ensuring that systems continue to function correctly also under
malicious attack. As most systems now are web-enabled, the number of attackers
with access to the system increases dramatically and thus the threat scenario
changes. The traditional approach to secure a system includes putting up defence
mechanisms like IDS and firewalls, but such measures are no longer sufficient by
themselves. We need to be able to build better, more robust and more secure systems.
Even more importantly, however, we should strive to achieve these qualities in all
software systems, not just the ones that need special protection.
This workshop will focus on techniques, experiences and lessons learned for
engineering secure and dependable software. Suggested topics include,
but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
For more information, please see
http://www.ares-conference.eu/conf/index.php?option=com_content&task=view&id=10&Itemid=11.
ARES 2008
3rd International Conference on Availability, Reliability and Security,
Barcelona, Catalonia, Spain, March 4-7, 2008.
[posted here 9/12/07]
The Third International Conference on Availability, Reliability and Security
(“ARES – The International Security and Dependability Conference”) will bring
together researchers and practitioners in the area of IT-Security and Dependability.
ARES will highlight the various aspects of security – with special focus on
secure internet solutions, trusted computing, digital forensics, privacy and
organizational security issues. ARES aims at a full and detailed discussion of
the research issues of security as an integrative concept that covers amongst
others availability, safety, confidentiality, integrity, maintainability
and security in the different fields of applications.
Topics of interest include, but are not limited to:
- Process based Security Models and Methods
- Authorization and Authentication
- Availability and Reliability
- Common Criteria Protocol
- Cost/Benefit Analysis
- Cryptographic protocols
- Dependability Aspects for Special Applications (e.g. ERP-Systems, Logistics)
- Dependability Aspects of Electronic Government (e-Government)
- Dependability administration
- Dependability in Open Source Software
- Designing Business Models with security requirements
- Digital Forensics
- E-Commerce Dependability
- Failure Prevention
- IPR of Security Technology
- Incident Response and Prevention
- Information Flow Control
- Internet Dependability
- Interoperability aspects
- Intrusion Detection and Fraud Detection
- Legal issues
- Mobile Security
- Network Security
- Privacy-enhancing technologies
- RFID Security and Privacy
- Risk planning, analysis & awareness
- Safety Critical Systems
- Secure Enterprise Architectures
- Security Issues for Ubiquitous Systems
- Security and Privacy in E-Health
- Security and Trust Management in P2P and Grid applications
- Security and privacy issues for sensor networks, wireless/mobile devices and applications
- Security as Quality of Service
- Security in Distributed Systems / Distributed Databases
- Security in Electronic Payments
- Security in Electronic Voting
- Software Engineering of Dependable Systems
- Software Security
- Standards, Guidelines and Certification
- Survivability of Computing Systems
- Temporal Aspects of Dependability
- Trusted Computing
- Tools for Dependable System Design and Evaluation
- Trust Models and Trust Management
- VOIP/Wireless Security
For more information, please see
http://www.ares-conference.eu/conf/.
IDtrust 2008
7th Symposium on Identity and Trust on the Internet,
Gaithersburg, MD, USA, Mar 4-6, 2008.
[posted here 8/27/07]
This symposium brings together academia, government, and industry to explore
all aspects of identity and trust. Previously known as the PKI R&D Workshop (2002-2007),
our new name reflects interest in a broader set of tools and the goal of an identity
layer for the Internet. We aim to get practitioners in different sectors together to
apply the lessons of real-world deployments to the latest research and ideas on the
horizon. In addition to peer-reviewed papers, we facilitate discussions among panels
of invited experts and symposium participants.
We solicit technical papers and panel proposals from researchers, systems architects,
vendor engineers, and users. Suggested topics include but are not limited to:
- Reports of real-world experience
- Identity management protocols
- Identity metasystems, frameworks, and systems
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking,
trust fabric and mechanisms of “invited networks”
- Identity management of devices
- Federated approaches to trust
- Trust management across security domains
- Standards related to identity and trust
- Policy
- Attribute management, attribute-based access control
- Trust path building and certificate validation
- Improved usability of identity and trust systems
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, etc.
- Use of PKI in emerging technologies (e.g., sensor networks)
- Application domain requirements
For more information, please see
http://middleware.internet2.edu/idtrust/2008/.
NDSS 2008
15th Annual Network & Distributed System Security Symposium,
San Diego, California, USA, February 10 - 13, 2008.
[posted here 8/13/07]
The symposium fosters information exchange among research scientists and
practitioners of network and distributed system security services.
This year’s symposium continues our theme of “theory meets practice” so we
encourage submission both from traditional academic researchers as well as
industrial practitioners of applied security with innovative insights.
Submissions are solicited in, but not limited to, the following areas:
- Integrating security in Internet protocols: routing, naming, TCP/IP, multicast,
network management, and the Web.
- Intrusion prevention, detection, and response: systems, experiences and architectures.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Virtual private networks.
- Security for emerging technologies: sensor networks, specialized testbeds,
wireless/mobile (and ad hoc) networks, personal communication systems.
- ID systems, peer-to-peer and overlay network systems.
- Secure electronic commerce: e.g., payment, barter, EDI, notarization,
timestamping, endorsement, and licensing.
- Supporting security mechanisms and APIs; audit trails; accountability.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management.
- Fundamental services on network and distributed systems: authentication,
data integrity, confidentiality, authorization, non-repudiation, and availability.
- Integrating security services with system and application security facilities and
protocols: e.g., message handling, file transport/access, directories,
time synchronization, data base management, boot services, mobile computing.
- Public key infrastructure, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing,
electronic voting, groupwork, etc.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.
- Security of Web-based applications and services.
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/08/cfp.shtml.
FC 2008
12th International Conference on Financial Cryptography and Data Security,
Cozumel, Mexico, January 28-31, 2008.
[posted here 6/25/07]
Financial Cryptography and Data Security is a major international forum for research, advanced
development, education, exploration, and debate regarding information assurance in the context
of finance and commerce. The conference covers all aspects of securing transactions and systems.
Submissions focusing on both theoretical (fundamental) and applied real-world deployments are
solicited. The goal of the conference is to bring security/cryptography researchers and
practitioners together with economists, bankers, implementers, and policy-makers.
Topics include (but are not limited to):
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Biometrics
- Certification and Authorization
- Commercial Applications
- Transactions and Contracts
- E-Cash and Payment Systems
- Incentive and Loyalty Systems
- Digital Rights Management
- Regulation and Reporting
- Fraud Detection
- Game Theoretic Security
- Identity Theft
- Spam, Phishing
- Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micro-payments
- Monitoring, Management and Operations
- Reputation Systems
- RFID/Contact-less Payment Systems
- Risk Assessment and Management
- Secure Banking, Financial Web Services
- Securing New Computation Paradigms
- Security and Risk Perceptions
- Security Economics
- Smartcards and Secure Tokens
- Trust Management
- Underground-Market Economics
- Virtual Economies
- Voting systems
For more information, please see
http://fc08.ifca.ai.
IFIP-DF 2008
4th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Kyoto, Japan, January 27-30, 2008.
[posted here 6/18/07]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international
community of scientists, engineers and practitioners dedicated to advancing the state of
the art of research and practice in the emerging field of digital forensics.
The Fourth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a
forum for presenting original, unpublished research results and innovative ideas related to
the extraction, analysis and preservation of all forms of electronic evidence.
Technical papers are solicited in all areas related to the theory and practice of digital
forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic proceses and workflow models
- Digital forensic case studies
- Legal, ethical and policy isues related to digital forensics
For more information, please see
http://www.ifip119-kyoto.org.
SeMIC 2008
1st International Workshop on Security for Mobile Wireless Communications,
Held in conjunction with the 3rd International Conference on COMmunication
System softWAre and MiddlewaRE (COMSWARE 2008),
Bangalore, India, January 6, 2008.
[posted here 9/3/07]
Mobile Wireless Communications enable the exchange of information in a real, or
near real-time manner, without the constraint of a fixed point of access.
Reliable and secure communications combined with constant and universal network
availability, are key elements for the successful commercialization of the
applications that utilize the wireless technology.
However, new security challenges emerge due to the dynamic network topology,
the open nature of the wireless medium, the resource constraints of the mobile
devices and, possibly, the lack of a pre-deployed infrastructure. The workshop
seeks submissions from the academia and industry, that present novel approaches
on addressing security issues for mobile wireless communications.
Topics of interest include, but are not limited to:
- Authentication and access control
- Secure MAC/PHY protocols for mobile networks
- Cooperation, fairness and incentive -based security
- Key management for wireless/mobile environments
- Trust establishment
- Intrusion detection in mobile networks
- Accountability for malicious behavior and resource misuse
- Revocation of malicious parties
- Secure location services
- Privacy, anonymity and prevention of traffic analysis
- Security in cognitive radios
- Security in vehicular networks
- Anti-Jamming techniques, and DoS Countermeasures
- Vulnerability modeling and threat analysis
- Security & privacy in RFID systems
- Secure routing
For more information, please see
http://www.comsware.org/workshop_SeMIC08.htm.
