Contents
INTRUST 2009
The International Conference on Trusted Systems,
Beijing, P. R. China, December 17-19, 2009.
[posted here 4/27/09]
INTRUST 2009 is the first International Conference on the theory,
technologies and applications of trusted systems. It is devoted to all aspects of
trusted computing systems, including trusted modules, platforms, networks,
services and applications, from their fundamental features and functionalities to
design principles, architecture and implementation technologies. The goal of the
conference is to bring academic and industrial researchers, designers, and
implementers together with end-users of trusted systems, in order to foster the
exchange of ideas in this challenging and fruitful area.
INTRUST 2009 solicits original papers on any aspect of the theory, advanced development
and applications of trusted computing, trustworthy systems and general trust
issues in modern computing systems. The conference will have an academic track
and an industrial track. This call for papers is for contributions to both of
the tracks. Submissions to the academic track should emphasize theoretical and
practical research contributions to general trusted system technologies, while
submissions to the industrial track may focus on experiences on the
implementation and deployment of real-world systems.
Topics of relevance include but are not limited to:
- Fundamental features and functionalities of trusted systems
- Primitives and mechanisms for building a chain of trust
- Design principles and architectures of trusted modules and platforms
- Implementation technologies for trusted modules and platforms
- Cryptographic aspects of trusted systems, including cryptographic
algorithms and protocols, and their implementation and application in
trusted systems
- Scalable safe network operation in trusted systems
- Mobile trusted systems, such as trusted mobile platforms, sensor networks,
mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc.
- Storage aspects for trusted systems
- Applications of trusted systems, e.g. trusted email, web services
and various e-commerce services
- Trusted intellectual property protection: metering, watermarking
and digital rights management
- Software protection for trusted systems
- Authentication and access control for trusted systems
- Key, identity and certificate management for trusted systems
- Privacy aspects for trusted systems
- Attestation aspects for trusted systems, such as measurement
and verification of the behavior of trusted systems
- Standards organizations and their contributions to trusted systems,
such as TCG, ISO/IEC, IEEE 802.11, etc.
- Emerging technologies for trusted systems, such as RFID, memory spots, etc.
- Trust metrics and robust trust inference in distributed systems
- Usability and reliability aspects for trusted systems
- Trust modeling, economic analysis and protocol design for
rational and malicious adversaries
- Virtualisation for trusted systems
- Limitations of trusted systems
- Security analysis of trusted systems, including formal
method proofs, provable security and automated analysis
- Security policies for, and management of, trusted systems
- Intrusion resilience and revocation aspects for trusted systems
- Scalability aspects of trusted systems
- Compatibility aspects of trusted systems
- Experiences in building real-world trusted systems
- Socio-economic aspects of trusted systems
For more information, please see
http://www.tcgchina.org.
ICISS 2009
5th International Conference on Information Systems Security,
Kolkata, India, December 14-18, 2009.
[posted here 4/27/09]
The conference series ICISS (International Conference on Information Systems Security),
held annually, provides a forum for disseminating the latest research results in
information and systems security. The ICISS 2009 encourages submissions addressing
theoretical and practical problems in information and systems security and related areas.
We especially like to encourage papers in domains that have not been represented much
in the past at the conference, such as database security/privacy, usability aspects of
security, operating systems security, and sensor networks security. Papers that
introduce and address unique security challenges or present thought-provoking
ideas are also welcome.
For more information, please see
http://www.eecs.umich.edu/iciss09/.
Inscrypt 2009
5th China International Conference on Information Security and Cryptology,
Beijing China, December 12 - 15, 2009.
[posted here 6/8/09]
Inscrypt 2009 seeks high-quality research contributions in the form of
well developed papers. Topics of interest encompass research advances in ALL
areas of cryptology, information security and their applications, include:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Database Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architectures
- Provable Security
- Secure Multiparty Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MACs
- Block Cipher Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Prevention and Detection of Malicious Codes
For more information, please see
http://www.inscrypt.cn/.
SCC 2009
Workshop on Security in Cloud Computing,
Chengdu, Sichuan, China, December 12 – 14, 2009.
[posted here 7/27/09]
Cloud Computing has attracted attention from both industry and academics
since 2007. As the extension of Grid Computing and Distributed Computing,
Cloud Computing aims to provide users more flexible services in a transparent manner –
all services are allocated in a “cloud” that actually is a collect of devices and
resources connected through the Internet. Before it is accepted widely, one of
the most impending tasks is the security, privacy and reliabilities provided
by the services in the cloud. SCC’09 will bring researchers and experts together
to present and discuss the latest developments and technical solutions
covering various aspects of security issues in Cloud Computing.
The topics include but not limited to:
- Emerging threats to cloud-based services
- Security model for new services
- Cloud-aware web service security
- Information hiding in Cloud Computing
- Securing distributed data storage in cloud
- Privacy and security in Cloud Computing
- Forensics
- Robust network architecture
- Cloud Infrastructure Security
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for cloud-aware services
- User authentication in cloud-aware services
- Security for emerging cloud programming models
For more information, please see
http://bingweb.binghamton.edu/~ychen/SCC09.htm.
UbiSafe 2009
2nd IEEE International Symposium on Ubisafe Computing,
Chengdu, China, December 12-14, 2009.
[posted here 2/2/09]
The UbiSafe-09 Symposium provides a forum for engineers and scientists in academia,
industry, and government to address all safety related profound challenges including
technical, social, legal and ethical issues, and to present and discuss their ideas,
theories, technologies, systems, tools, applications, work in progress and
experience on all aspects of UbiSafe computing.
UbiSafe emphasizes the SAFE aspects for ubiquitous, pervasive, AmI, mobile,
universal, embedded, wearable, augmented, invisible, hidden, context-aware,
sentient, proactive, autonomic, or whatever it is called, computing. UbiSafe
computing is focused on theories and technologies for ubiquitous artifacts to
function safely for different purposes; for ubiquitous systems to work safely
in various situations; and for ubiquitous environments to behave safely with
all people. A series of challenges exist to let people benefit from ubiquitous
services, and simultaneously guarantee their safety in making ubiquitous safe
artifacts, systems, and environments.
For more information, please see
http://cs.okstate.edu/ubisafe09/.
CANS 2009
8th International Conference on Cryptography and Network Security,
Kanazawa, Ishikawa, Japan, December 12-14, 2009.
[posted here 2/2/09]
The main goal of this conference is to promote research on all
aspects of network security, as well as to build a bridge between
research on cryptography and on network security. We therefore
welcome scientific and academic papers with this focus. Areas of interest
for CANS 2009 include, but are not limited to:
- Ad Hoc and Sensor Network Security
- Access Control for Networks
- Anonymity and Pseudonymity
- Authentication Services
- Cryptographic Protocols and Schemes
- Denial of Service Protection
- Digital Rights Management
- Fast Cryptographic Algorithms
- Identity and Trust Management
- Information Hiding and Watermarking
- Internet and Router Security
- Intrusion Detection and Prevention
- Mobile and Wireless Network Security
- Multicast Security
- Phishing and Online Fraud Prevention
- Peer-to-Peer Network Security
- PKI
- Security Modeling and Architectures
- Secure Protocols (SSH, SSL, ...) and Applications
- Spam Protection
- Spyware Analysis and Detection
- Virtual Private Networks
For more information, please see
http://www.rcis.aist.go.jp/cans2009/.
ACSA 2009
2009 FTRG International Workshop on Advances in Cryptography, Security
and Applications for Future Computing,
Jeju, Korea, December 11-12, 2009.
[posted here 6/29/09]
ACSA-09 focuses on advances in Cryptography, Security and Applications for Future Computing.
It is intended to foster state-of-the-art research in the area of cryptography, security and
its applications for Future Computer Science (FCS). The FCS represents an interdisciplinary
field with roots in mathematics and engineering with applications in future computing
environments including ubiquitous, pervasive, grid, and P2P computing. It aims to solve
the various problems of advanced computing and communication services using mathematics
and computer science in future computing environments. The reliable security solutions
that rely on in depth cryptography are required as a countermeasure, such as data confidentiality,
data integrity, authentication, non-repudiation, and access control services. Original contributions,
not currently under review to another journal or conference, are solicited
in relevant areas including, but not limited to, the following:
- Mathematical and Algorithmic Foundations of Applied Cryptography for FCS
- Authentication and Non-repudiation for FCS
- Design and Analysis of Cryptographic Algorithms and Protocols for FCS
- Pairing Based Cryptography for FCS
- Provable Security for Cryptographic Primitives Suitable for FCS
- Information Security with Mathematical Emphasis for FCS
- Identity and Trust Management for FCS
- Database and System Security for FCS
- Intrusion Detection, Tolerance and Prevention for FCS
- Access control and DRM for FCS
- Information assurance for FCS
- New Security Issues for FCS
For more information, please see
http://www.ftrg.org/acsa2009/.
MPIS 2009
2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems,
Jeju, Korea, December 10-12, 2009.
[posted here 6/29/09]
This workshop on Multimedia, Information Privacy and Intelligent Computing Systems
is intended to foster the dissemination of state-of-the-art research in the area
of multimedia and intelligent computing including multimedia signal processing,
information security, soft computing such as neural network, fuzzy theory and genetic
algorithm, and novel applications of intelligent computing in multimedia. As a follow-up
to the workshop, we plan to publish high quality papers, covering the various theories
and practical applications related to multimedia and intelligent computing.
We invite new and original submissions addressing theoretical and practical topics in
information technology and intelligent computing fields.
For more information, please see
http://www.ftrg.org/MPIS2009/.
F2GC 2009
2nd International Workshop on Forensics for Future Generation
Communication environments,
Jeju, Korea, December 10-12, 2009.
[posted here 6/29/09]
Future Generation Communication environments (FGC) are advanced
communication and networking environments where all applications
and services are focused on users. In addition, the FGC has emerged
rapidly an exciting new paradigm to provide reliable and comfortable
life services. Furthermore, the benefits of FGC will only be realized if
security issues can be appropriately addressed. Specially, forensics for
FGC is very important in the security fields.
This workshop is intended to foster state-of-the-art research forensics
in the area of FGC including information and communication technologies,
law, social sciences and business administration.
Topics of interest include but are not limited to following:
- Digital forensics tools in FGC
- Digital Evidence Management in FGC
- Digital Evidence Analytics in FGC
- Digital Forensics Surveillance Technology and Procedures in FGC
- Digital evidence visualisation and communication for FGC
- Digital evidence storage and preservation in FGC
- Incident response and investigation in FGC
- Forensic procedures in FGC
- Portable electronic device forensics for FGC
- Network forensics in FGC
- Data hiding and recovery in FGC
- Network traffic analysis, traceback and attribution in FGC
- Legal, ethical and policy issues related to digital forensics in FGC
- Integrity of digital evidence and live investigations
- Multimedia analysis in FGC
- Trends and Challenges for FGC
- Evidence Protection in FGC
- Forensics case studies in FGC
For more information, please see
http://www.ftrg.org/F2GC2009/.
ReConFig 2009
International Conference on ReConFigurable Computing and FPGAs,
Special Track on Reconfigurable Computing for Security and Cryptography,
Cancun, Mexico, December 9-11, 2009.
[posted here 6/8/09]
Reconfigurable hardware offers unique opportunities for the design and
implementation of secure applications in embedded and high-end computing
platforms. High performance, carefully-controlled execution, and physical
isolation are just a few of the advantages that hardware brings over software.
At the same time, new challenges appear, such as the protection of intellectual
property in a reconfigurable fabric, and the protection of soft-hardware
against malicious tampering. This special track seeks the latest innovations
in reconfigurable computing for security and cryptography.
Topics of interest include the following:
- Hardware Implementation of Novel Cryptographic Algorithms and Protocols
- Reconfigurable Cryptographic Primitives
- Special-Purpose Hardware for Cryptanalysis
- Hardware Support for Trustworthy Software Execution
- True and Pseudo Random Generators
- Circuit Identification and Physical Unclonable Functions
- Efficient Methods for Protection of Hardware IPs
- FPGA Design Security
- Fault Attacks and Side-channel Attacks
- Hardware Tamper Resistance and Tamper Evidence
- Hardware Trojan Detection and Resistance
- Design Flows for Hardware-based Secure Systems
- Performance Evaluation of Secure Reconfigurable Hardware
For more information, please see
http://www.reconfig.org.
ICPADS 2009
15th IEEE International Conference on Parallel and Distributed Systems,
Shenzhen, China, December 8-11, 2009.
[posted here 5/4/09]
Following the previous successful events, ICPADS 2009 will be held in Shenzhen,
China. The conference provides an international forum for scientists, engineers, and
users to exchange and share their experiences, new ideas, and latest research results
on all aspects of parallel and distributed systems.
Topics of particular interest include, but are not limited to:
- High Performance Computational Biology and Bioinformatics
- Parallel and Distributed Applications and Algorithms
- High Performance Computational Biology and Bioinformatics
- Multi-core and Multithreaded Architectures
- Power-aware Computing
- Distributed and Parallel Operating Systems
- Resource Management and Scheduling
- Peer-to-Peer Computing
- Cluster and Grid Computing
- Web-based Computing and Service-Oriented Architecture
- Communication and Networking Systems
- Wireless and Mobile Computing
- Ad Hoc and Sensor Networks
- Security and Privacy
- Dependable and Trustworthy Computing and Systems
- Real-Time and Multimedia Systems
- Performance Modeling and Evaluation
For more information, please see
http://www.comp.polyu.edu.hk/conference/icpads09/.
ACSAC 2009
25th Annual Computer Security Applications Conference,
Honolulu, Hawaii, USA, December 7-11, 2009.
[posted here 2/16/09]
We solicit papers offering novel contributions in computer and application
security. Papers should present techniques or applications with practical
experience. Papers are encouraged on technologies and methods that have been
demonstrated to improve information systems security and that address lessons
from actual application. We are especially interested in papers that address
the application of security technology, the implementation of systems, and
lessons learned. Suggested topics:
- access control
- applied cryptography
- audit and audit reduction
- biometrics
- certification and accreditation
- cybersecurity
- database security
- denial of service protection
- distributed systems security
- electronic commerce security
- enterprise security management
- forensics
- identification & authentication
- identify management
- incident response planning
- information survivability
- insider threat protection
- integrity
- intellectual property rights
- intrusion detection
- mobile and wireless security
- multimedia security
- operating systems security
- peer-to-peer security
- privacy and data protection
- product evaluation/compliance
- risk/vulnerability assessment
- securing cloud infrastructures
- security engineering and management
- security in IT outsourcing
- service oriented architectures
- software assurance
- trust management
- virtualization security
- VOIP security
- Web 2.0/3.0 security
For more information, please see
http://www.acsac.org.
ASIACRYPT 2009
15th Annual International Conference on the Theory and Application of
Cryptology and Information Security,
Tokyo, Japan, December 6-10, 2009.
[posted here 4/27/09]
Original research papers on all technical aspects of cryptology are solicited
for submission to ASIACRYPT 2009, the annual International Conference on Theory
and Application of Cryptology and Information Security.
The conference is sponsored by the International Association for Cryptologic
Research (IACR) in cooperation with Technical Group on
Information Security (ISEC) of the Institute of Electronics, Information
and Communication Engineers (IEICE).
For more information, please see
http://asiacrypt2009.cipher.risk.tsukuba.ac.jp.
WIFS 2009
1st IEEE International Workshop on Information Forensics and Security,
London, UK, December 6-9, 2009.
[posted here 1/19/09]
The IEEE International Workshop on Information Forensics and Security (WIFS) is
the first workshop to be organized by the IEEE’s Information Forensics and Security Technical Committee.
Our aspiration is to create a venue for knowledge exchange that encompasses a broad range
of disciplines and facilitates the exchange of ideas between various disparate communities
that constitute information security. By so doing, we hope that researchers will identify
new opportunities for collaboration across disciplines and gain new perspectives.
Appropriate topics of interest include, but are not limited to:
- Biometrics: emerging modalities, recognition techniques, multimodal
decision, attacks and countermeasures
- Computer security: intrusion detection, vulnerability analysis,
system security
- Cryptography for multimedia content: perceptual hash function, multimedia
encryption, signal processing in the encrypted domain, traitor tracing codes,
key distribution
- Data hiding: watermarking, steganography and steganalysis, legacy system enhancement
- Digital Rights Management (DRM): DRM primitives (secure clocks, proximity detection,
etc), DRM architectures, DRM interoperability
- Forensic analysis: device identification, data recovery,
validation of forensic evidence
- Network security: privacy protection, network tomography and surveillance,
system recovery from security/privacy failure
- Non technical aspects of security: legal, ethical, social
and economical issues
- (Video) surveillance: arrays of sensors design and analysis, content tracking,
events recognition, large crowd behaviour analysis
- Secure Applications: e-voting, e-commerce
For more information, please see
http://www.wifs09.org.
MidSec 2009
2nd Workshop on Middleware Security,
Held in conjunction with the 10th ACM/IFIP/USENIX International
Middleware Conference (MIDDLEWARE 2009),
Urbana Champaign, Illinois, USA, November 30, 2009.
[posted here 6/15/09]
Modern applications are predominantly built around the distributed programming
paradigm. Client-server applications, grids, peer-to-peer networks and event-based
systems are examples of architectures that are used by a large share of the
present software base. These paradigms expose applications to numerous,
ever-growing security threats. However, many areas of security are still only
partially addressed w.r.t. middleware. Examples are identity management,
privacy and anonymity, accountability, application protection, and so on.
While more conventional research results in the above-mentioned areas of
middleware security are appreciated, this year the MidSec workshop will
particularly welcome papers in the area of security measures for lightweight
composition. Papers are sought after from two complementary angles: middleware
platforms and software architectures. Mashup editors provide an easy-to-use
facility that brings the power of software composition at the fingertips of
any Internet-connected user. The mashup model is catching the enterprise
world as well; it all started with situational applications and it is
currently spreading further. Ready or not, here it comes. We are about to
face times where application composition will be less and less rigid and hence
will more and more resemble organized chaos. Enforcing sound security principles
in such a muddled environment is an interesting research challenge for both the
middleware and the software architecture communities. On one hand, software
architectures modeling techniques must provide suitable abstractions to represent
and address the above (and many other) security concerns. On the other hand,
middleware platforms should support such abstractions in a natural, usable way.
The topics of interest for papers include, but are not limited to:
- Middleware security and privacy
- Security and privacy in agent-based platforms
- Context-sensitive security middleware
- Security and privacy in aspect-based middleware
- Security and privacy in service-oriented architectures
- Middleware-level security monitoring and measurement
- Middleware-driven lightweight secure composition
- Architecture-driven lightweight secure composition
- Security and privacy in enterprise mashups
- Usability and security in lightweight composition
For more information, please see
http://www.cs.kuleuven.be/conference/MidSec2009/.
IWNS 2009
International Workshop on Network Steganography,
Held in conjunction with the International Conference on Multimedia Information
Networking and Security (MINES 2009),
Wuhan, Hubei, China, November 18-20, 2009.
[posted here 4/27/09]
Network steganography is part of information hiding focused on modern
networks and is a method of hiding secret data in users' normal data transmissions,
ideally, so it cannot be detected by third parties. Steganographic techniques
arise and evolve with the development of network protocols and mechanisms,
and are expected to used in secret communication or information sharing.
Now, it becomes a hot topic due to the wide spread of information networks,
e.g., multimedia service networks and social networks. The workshop is dedicated
to capture such areas of research as steganography, steganalysis, and digital
forensics in the meaning of network covert channels, investigate the potential
applications, and discuss the future research topics. Research themes of
workshop will include:
- Steganography and steganalysis
- Covert/subliminal channels
- Novel applications of information hiding in networks
- Political and business issues in network steganography
- Information hiding in multimedia services
- Digital forensics
- Network communication modelling from the viewpoint of
steganography and steganalysis
- New methods for eliminating network steganography
For more information, please see
http://stegano.net/workshop.
SECMCS 2009
Workshop on Secure Multimedia Communication and Services,
Held in conjunction with the 2009 International Conference on Multimedia Information
Networking and Security (MINES 2009),
Wuhan, China, November 18–20, 2009.
[posted here 5/4/09]
This workshop covers various aspects of secure multimedia communication in
emerging services. The services may work in the following environment:
Internet, mobile TV, IPTV, IMS, VoIP, P2P, sensor network, network convergence, etc.
The paper may focus on architecture construction, algorithm designing or hardware
implementation. Both review paper and technical paper are expected. The topics
include but are not limited to:
- Lightweight multimedia encryption
- Secure multimedia adaptation
- Multimedia content authentication
- Sensitive content detection/filtering based on multimedia analysis
- Security threats or model for multimedia services
- Conditional Access and Digital Rights Management
- Key management/distribution in multimedia services
- Secure payment for multimedia services
- Secure user interface in multimedia services
- Secure telecom/broadcast convergence
- Secure mobile/Internet convergence
- Security in 3G/4G multimedia communication networks
- Security and privacy in multimedia sensor networks
- Security protocols or standards for multimedia communication
- Secure devices (set-top box, Smart Cards, SIM card, MID, etc.)
- Intrusion detection/prevention in multimedia systems
- Denial-of-Service (DoS) attacks in multimedia applications
For more information, please see
http://liss.whu.edu.cn/mines2009/SECMCS.htm.
CCSW 2009
ACM Cloud Computing Security Workshop,
Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009),
Chicago, IL, USA, November 13, 2009.
[posted here 4/27/09]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale
computing and cloud-like infrastructures are here to stay. How exactly they will look like
tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with
them new untested deployment and associated adversarial models and vulnerabilities.
It is essential that our community becomes involved at this early stage. The CCSW workshop
aims to bring together researchers and practitioners in all security aspects of
cloud-centric and outsourced computing, including:
- secure cloud resource virtualization mechanisms
- secure data management outsourcing
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
For more information, please see
http://crypto.cs.stonybrook.edu/ccsw09.
SPIMACS 2009
ACM Workshop on Security and Privacy in Medical and Home-Care Systems,
Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009),
Chicago, IL, USA, November 13, 2009.
[posted here 4/27/09]
The goal of the proposed workshop is to bring together a range of computer
and social scientists to develop a more complete understanding of the
interaction of individuals and computer security technologies as they
are associated with critical care, continuing care and monitoring of
the frail. The goals include but go beyond traditional vulnerability
and usability critiques to include evaluations of use of security
technologies in homes and in health care. The Health Information
Technology for Economic Clinical Health Act, signed on 2/17/09,
brings this issue strongly to the fore. SPIMACS (pronounced spy-max)
seeks to bring together the people and expertise that will be required to
address the challenges of securing the intimate digital spaces of the most vulnerable.
Therefore the scope of this workshop includes but is not uniquely limited to:
- usable security
- usable privacy technologies, particularly for the physically or cognitively impaired
- home-based wireless network security
- security in specialized application for the home, e.g. medical or
physical security monitoring
- authentication in the home environment
- security and anonymization of home-centric data on the network
- usable security for unique populations, e.g. elders, children, or the ill
- privacy and security evaluation mechanisms for home environments
- security in home-based sensor networks
- medical and spatial privacy
- privacy-aware medical devices
- privacy-enhanced medical search
- analyses of in-home and medical systems
- attacks on medical devices
- threat analyses or attacks on medical or home data
- novel applications of cryptography to medical or intimate data
For more information, please see
http://www.infosecon.net/SPIMACS/cfp.php.
SWS 2009
ACM Workshop on Secure Web Services,
Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009),
Chicago, IL, USA, November 13, 2009.
[posted here 4/27/09]
Basic security protocols for Web Services, such as XML Security,
the WS-* series of proposals, SAML, and XACML are the basic set of building
blocks enabling Web Services and the nodes of GRID architectures to interoperate
securely. While these building blocks are now firmly in place, a number of
challenges are still to be met for Web services and GRID nodes to be fully
secured and trusted, providing for secure communications between cross-platform
and cross-language Web services. Also, the current trend toward representing
Web services orchestration and choreography via advanced business process
metadata is fostering a further evolution of current security models and
languages, whose key issues include setting and managing security policies,
inter-organizational (trusted partner) security issues and the implementation
of high level business policies in a Web services environment.
The SWS workshop explores these challenges, ranging from the advancement and
best practices of building block technologies such as XML and Web services
security protocols to higher level issues such as advanced metadata,
general security policies, trust establishment, risk management, and service assurance.
The workshop provides a forum for presenting research results, practical
experiences, and innovative ideas in web services security. Topics of interest include,
but are not limited to, the following:
- Web services and GRID computing security
- Authentication and authorization
- Frameworks for managing, establishing and assessing
inter-organizational trust relationships
- Web services exploitation of Trusted Computing
- Semantics-aware Web service security and Semantic Web
Secure orchestration of Web services
- Privacy and digital identities support
For more information, please see
http://sesar.dti.unimi.it/SWS09/.
STC 2009
4th Annual Workshop on Scalable Trusted Computing,
Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009),
Chicago, IL, USA, November 13, 2009.
[posted here 5/4/09]
The workshop focuses on fundamental technologies of trusted computing
(in a broad sense, with or without TPMs) and its applications in large-scale systems --
those involving large number of users and parties with varying degrees of trust.
The workshop is intended to serve as a forum for researchers as well as practitioners
to disseminate and discuss recent advances and emerging issues.
Topics of interest include, but not limited to:
- Enabling scalable trusted computing
- Applications of trusted computing
- Pushing the limits
For more information, please see
http://projects.cerias.purdue.edu/stc2009/call.html.
TrustCol 2009
4th International Workshop on Trusted Collaboration,
Crystal City, Washington DC. November 11, 2009.
[posted here 7/20/09]
The ongoing, rapid developments in information systems technologies and
networking have enabled significant opportunities for streamlining
decision making processes and maximizing productivity through
distributed collaborations that facilitate unprecedented levels of sharing
of information and computational resources. Emerging collaborative
environments need to provide efficient support for seamless integration
of heterogeneous technologies such as mobile devices and infrastructures,
web services, grid computing systems, online social networks, various
operating environments, and diverse COTS products. Such heterogeneity
introduces, however, significant security and privacy challenges for
distributed collaborative applications. Balancing the competing goals of
collaboration and security is difficult because interaction in collaborative
systems is targeted towards making people, information, and resources
available to all who need it whereas information security seeks to ensure
the availability, confidentiality, and integrity of these elements while
providing it only to those with proper trustworthiness. The key goal of
this workshop is to foster active interactions among diverse researchers
and practitioners, and generate added momentum towards research in
finding viable solutions to the security and privacy challenges faced
by the current and future collaborative systems and infrastructures.
We solicit unpublished research papers that address theoretical issues
and practical implementations/experiences related to security and privacy
solutions for collaborative systems. Topics of interest include,
but are not limited to:
- Secure dynamic coalition environments
- Secure distributed multimedia collaboration
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Security frameworks and architectures for trusted collaboration
- Secure interoperation in multidomain collaborative environments
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative
environments
- Delegation, accountability, and information flow control in collaborative
applications
- Intrusion detection, recovery and survivability of collaborative
systems/infrastructures
- Security of web services and grid technologies for supporting multidomain
collaborative applications
For more information, please see
http://scl.cs.nmt.edu/trustcol09.
EC2ND 2009
5th European Conference on Computer Network Defence (EC2ND)
Politecnico di Milano, Milano, Italy, November 9-10, 2009.
[posted here 6/8/09]
The theme of the conference is the protection of computer
networks. The conference will draw participants from academia and
industry in Europe and beyond to discuss hot topics in applied network
and systems security. EC2ND invites submissions presenting novel ideas at an early stage
with the intention to act as a discussion forum and feedback channel
for promising, innovative security research. While our goal is to
solicit ideas that are not completely worked out, and might have
challenging and interesting open questions, we expect submissions to
be supported by some evidence of feasibility or preliminary
quantitative results. Topics include but are not limited to:
- Intrusion Detection
- Denial-of-Service
- Privacy Protection
- Security Policy
- Peer-to-Peer and Grid Security
- Network Monitoring
- Web Security
- Vulnerability Management and Tracking
- Network Forensics
- Wireless and Mobile Security
- Cryptography
- Network Discovery and Mapping
- Incident Response and Management
- Malicious Software
- Web Services Security
- Legal and Ethical Issues
For more information, please see
http://2009.ec2nd.org/.
SafeConfig 2009
Workshop on Assurable & Usable Security Configuration,
Held on conjunction with the ACM CCS 2009,
Chicago, USA, November 9, 2009.
(Submissions due 5 August 2009) [posted here 7/20/09]
A typical enterprise network might have hundreds of security devices such as
firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC
servers and crypto systems. These must be logically integrated into a security
architecture satisfying security goals at and across multiple networks. Logical
integration is accomplished by consistently setting thousands of configuration
variables and rules on the devices. The configuration must be constantly adapted
to optimize protection and block prospective attacks. The configuration must be
tuned to balance security with usability. These challenges are compounded by
the deployment of mobile devices and ad hoc networks. The resulting
security configuration complexity places a heavy burden on both regular
users and experienced administrators and dramatically reduces overall
network assurability and usability. For example, a December 2008 report from
Center for Strategic and International Studies "Securing Cyberspace for the
44th Presidency" states that "inappropriate or incorrect security
configurations ? were responsible for 80% of Air Force vulnerabilities"
and a May 2008 report from Juniper Networks "What is Behind Network Downtime?"
states that "human factors ? [are] responsible for 50 to 80 percent of
network device outages". This workshop is an open call for submission workshop
will consist of presentations and panel discussions on the following topics:
- Integrating network and host configuration
- Automated forensics and mitigation
- Metrics for measuring assurability and usability: Usable security often
involves trade offs between security or privacy and usability/utility
- Abstract models and languages for configuration specification
- Configuration refinement and enforcement
- Configuration of MANETS and coalition networks
- Formal semantics of security policies /map policies to configuration
- Configuration testing, debugging and evaluation
- Reasoning about uncertainly in configuration management
- Representation of belief, trust, and risk in security policies
- Configuration/misconfiguration visualization
- Configuration reasoning and conflict analysis
- Risk adaptive configuration systems
- Context-aware security configuration for pervasive and mobile computing
- Configuration accountability
- Automated signature and patch management
- Automated alarm management
- Protecting the privacy and integrity of security configuration
- Optimizing security, flexibility and performance
- Measurable metric of flexibility and usability
- Design for flexibility and manageability - clean slate approach
- Configuration management vs. least-privilege
For more information, please see
http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/.
SafeConfig 2009
Workshop on Assurable & Usable Security Configuration,
Collocated with the ACM CCS 2009,
Chicago, USA, November 9, 2009.
[posted here 6/29/09]
A typical enterprise network might have hundreds of security devices
such as firewalls, IPSec gateways, IDS/IPS, authentication servers,
authorization/RBAC servers and crypto systems. These must be logically
integrated into a security architecture satisfying security goals at
and across multiple networks. Logical integration is accomplished by
consistently setting thousands of configuration variables and rules on
the devices. The configuration must be constantly adapted to optimize
protection and block prospective attacks. The configuration must be
tuned to balance security with usability. These challenges are
compounded by the deployment of mobile devices and ad hoc
networks. The resulting security configuration complexity places a
heavy burden on both regular users and experienced administrators and
dramatically reduces overall network assurability and usability. For
example, a December 2008 report from Center for Strategic and
International Studies ?Securing Cyberspace for the 44th Presidency?
states that ?inappropriate or incorrect security configurations ? were
responsible for 80% of Air Force vulnerabilities? and a May 2008
report from Juniper Networks ?What is Behind Network Downtime?? states
that ?human factors ? [are] responsible for 50 to 80 percent of
network device outages?. This workshop will bring together academic as
well as industry researchers to exchange experiences, discuss
challenges and propose solutions for offering assurable and usable
security. This workshop will consist of presentations and panel
discussions on the following topics:
- Integrating network and host configuration
- Automated forensics and mitigation
- Usability issues in security management
- Metrics for measuring assurability and usability:
Usable security often involves trade offs between security or
privacy and usability/utility
- Abstract models and languages for configuration specification
- Configuration refinement and enforcement
- Configuration of MANETS and coalition networks
- Formal semantics of security policies
- Configuration testing, debugging and evaluation
- Reasoning about uncertainly in configuration management
- Representation of belief, trust, and risk in security policies
- Configuration/misconfiguration visualization
- Configuration reasoning and conflict analysis
- Risk adaptive configuration systems
- Context-aware security configuration for pervasive and mobile computing
- Configuration accountability
- Automated signature and patch management
- Automated alarm management
- Protecting the privacy and integrity of security configuration
- Optimizing security, flexibility and performance
- Measurable metric of flexibility and usability
- Design for flexibility and manageability ? clean slate approach
- Configuration management vs. least-privilege
For more information, please see
http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/.
CCS 2009
16th ACM Conference on Computer and Communications Security,
Chicago, IL, USA, November 9-13, 2009.
[posted here 1/26/09]
The annual ACM Computer and Communications Security Conference is a leading
international forum for information security researchers, practitioners,
developers, and users to explore cutting-edge ideas and results, and to
exchange techniques, tools, and experiences. The conference seeks submissions
from academia, government, and industry presenting novel research on all
practical and theoretical aspects of computer and communications security,
as well as case studies and implementation experiences. Papers should have
relevance to the construction, evaluation, application, or operation of secure
systems. Theoretical papers must make a convincing argument for the practical
significance of the results. All topic areas related to computer and
communications security are of interest and in scope.
For more information, please see
http://sigsac.org/ccs/CCS2009/index.shtml.
FAST 2009
6th International Workshop on Formal Aspects in Security and Trust,
Eindhoven, the Netherlands, November 5-6, 2009.
[posted here 7/13/09]
The FAST2009 workshop aims at continuing the successful efforts of the previous
workshops, fostering the cooperation among researchers in the areas of security and
trust. As computing and network infrastructures become increasingly pervasive, and as
they carry increasing economic activity, society needs well matched security and
trust mechanisms. These interactions increasingly span several enterprises and
involve loosely structured communities of individuals. Participants in these
activities must control interactions with their partners based on trust policies
and business logic. Trust-based decisions effectively determine the security goals
for shared information and for access to sensitive or valuable resources. FAST
focuses on the formal models of security and trust that are needed to state goals
and policies for these interactions. We also seek new and innovative techniques
for establishing consequences of these formal models. Implementation approaches
for such techniques are also welcome.
For more information, please see
http://www.iit.cnr.it/FAST2009/.
IS 2009
4th International Symposium on Information Security,
Vilamoura, Algarve-Portugal, November 1-6, 2009.
[posted here 3/16/09]
The goal of this symposium is to bring together researchers from the academia
and practitioners from the industry in order to address information security
issues. The symposium will provide a forum where researchers shall be able to
present recent research results and describe emerging technologies and new
research problems and directions related to them. The symposium seeks
contributions presenting novel research in all aspects of information
security. Topics of interest may include one or more of the following
(but are not limited to) themes:
- Access Control and Authentication
- Accounting and Audit
- Biometrics for Security
- Buffer Overflows
- Computer Forensics
- Cryptographic Algorithms and Protocols
- Databases and Data Warehouses Security
- Honey Nets
- Identity and Trust Management
- Intrusion Detection and Prevention
- Information Filtering and Content Management
- Information Hiding and Watermarking
- Mobile Code Security
- Multimedia Security
- Network Security
- Privacy and Confidentiality
- Public-Key Infrastructure
- Privilege Management Infrastructure
- Risk Assessment
- Security Issues in E-Activities
- Security and Privacy Economics
- Security in RFID Systems
- Security and Trustiness in P2P Systems and Grid Computing
- Security in Web Services
- Smart Card Technology
- Software Security
- Usability of Security Systems and Services
- Vulnerability Assessment
For more information, please see
http://www.onthemove-conferences.org/index.php?option=com_content&view=article&id=65&Itemid=140.
LISA 2009
23rd USENIX Large Installation System Administration Conference,
Baltimore, MD, USA, November 1–6, 2009.
[posted here 12/15/08]
Effective administration of a large site requires a good understanding of
modern tools and techniques, together with their underlying principles—but the
human factors involved in managing and applying these technologies in a production
environment are equally important. Bringing together theory and practice is an
important goal of the LISA conference, and practicing system administrators as well as
academic researchers all have valuable contributions to make.
Topics of interest include, but are not limited to the following:
- Authentication and authorization: "Single sign-on" technologies, identity management
- Autonomic computing: Self-repairing systems, zero administration systems, fail-safe design
- Configuration management: Specification languages, configuration deployment
- Data center design: Modern methods, upgrading old centers
- Data management: DBMS management systems, deployment architectures and methods,
real world performance
- Email: Mail infrastructures, spam prevention
- Grid computing: Management of grid fabrics and infrastructure
- Hardware: Multicore processor ramifications
- Mobile computing: Supporting and managing laptops and remote communications
- Multiple platforms: Integrating and supporting multiple platforms
(e.g., Linux, Windows, Macintosh)
- Networking: New technologies, network management
- Security: Malware and virus prevention, security technologies and procedures,
response to cyber attacks targeting individuals
- Standards: Enabling interoperability of local and remote services and applications
- Storage: New storage technologies, remote filesystems, backups, scaling
- Web 2.0 technologies: Using, supporting, and managing wikis, blogs, and other Web 2.0 applications
- Virtualization: Managing and configuring virtualized resources
For more information, please see
http://usenix.org/events/lisa09/.
IWSEC 2009
4th International Workshop on Security,
Toyama, Japan, October 28-30, 2009.
[posted here 1/12/09]
The aim of IWSEC2009 is to contribute to research and development of
various security topics: theory and applications of traditional and
up-to-date security issues. Topics include but are not limited to:
- Network and Distributed Systems Security
- Security Issues in Ubiquitous/Pervasive Computing
- Authorization and Access Control
- Software and System Security
- Usable Security
- Privacy Enhancing Technology
- Digital Identity Management
- Digital Forensics
- Biometrics
- Cryptography
- Information Hiding
- Quantum Security
- Secure and Efficient Implementation
- Other Scientific Approaches for Security
For more information, please see
http://www.iwsec.org.
CryptoWorkshop-QuantumComm 2009
Workshop on Quantum and Classical Information Security,
Held in conjunction with the International Conference on Quantum Communication
and Quantum Networking (QuantumComm 2009),
Vico Equense, Sorrento peninsula, Naples, Italy, October 26, 2009 .
[posted here 6/15/09]
The research communities of quantum information security and of classical
information security tend to be composed of people that do not share the same
scientific backgrounds and work in parallel, with different perspectives, on topics
that are on the opposite highly similar. The variety of these topics: secret key agreement,
public-key and secret-key encryption schemes, secure multi-party computation,
information-theoretic cryptographic schemes, complexity reductions and provable
security, composability of cryptographic primitives, cryptanalysis, cryptographic
side-channels, security evaluation and certification of cryptographic implementations,
network security, deployment and management of security infrastructures, etc..., has become
extremely large as quantum cryptography has progressively widened it scope. However, some
exagerate claims of "unconditionnal quantum supporters", not well informed about
cryptography, has lead to misunderstandings and in particular to the false belief that
quantum cryptography could replace classical cryptography, while in fact the scientific
results indicate that cryptography in a quantum world would still be largely classical.
The purpose of this workshop is to bring together researchers with different backgrounds
who however work on converging problems in classical or quantum information security
in order to foster discussions and exchanges among these communities. We believe that
promising advances both in fundamental cryptographic research and in practical network
security can result from a closer cooperation of classical and quantum information
security communities.
For more information, please see
http://www.quantumcomm.org/workshop.shtml.
eCrime 2009
4th Annual APWG eCrime Researchers Summit,
Tacoma, WA, USA, October 20-21, 2009.
[posted here 5/4/09]
Original papers on all aspects of electronic crime are solicited for
submission to eCrime '09. Topics of relevance include but
are not limited to:
- Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
- Spoofing of different types, and applications to fraud
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques
- Honeypot design, data mining, and forensic aspects of fraud prevention
- Design and evaluation of user interfaces in the context of fraud and network security
- Best practices related to digital forensics tools and techniques, investigative procedures,
and evidence acquisition, handling and preservation
For more information, please see
http://www.ecrimeresearch.org/2009/cfp.html.
DMM 2009
1st International Workshop on Denial of service Modelling and Mitigation,
Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009),
Gold Coast, Australia, October 19-21, 2009.
[posted here 3/2/09]
Denial of service attacks represent an increasing threat to the security of networks
and systems critical to commercial, industrial and government enterprises.
Addressing the denial-of-service problem is proving to be an ongoing challenge
and further advances are needed in: the design and analysis of denial of service
resistant protocols and architectures; effective tools and techniques for
detecting and responding to attacks; forensic attribution of attacks; and
the application of trust and reputation schemes in formulating attack responses.
This workshop actively solicits recent advances from industrial, academic and
government researchers and engineers in the areas of:
- Denial of service attacks and countermeasures
- Detection and mitigation of high-rate flooding attacks
- Design and analysis of denial of service resistant architectures
- Design and analysis of denial of service resistant protocols
- Distributed trust and reputation systems
- Intrusion detection and response systems
- Intelligent defence systems
- Network and computer forensics
- Emerging vulnerabilities
- Security in Web services and service-oriented architectures
- Simulation and analysis of attacks
- Honeypots
- Reverse engineering of malware
- Disruption of botnet command and control
- Wireless network denial of service attacks and defences
- Next generation threats and responses
- Legal and policy responses to denial of service
- Threat intelligence
For more information, please see
http://conf.isi.qut.edu.au/dmm2009.
NSS 2009
3rd International Conference on Network & System Security,
Gold Coast, Australia, October 19-21, 2009.
[posted here 1/19/09]
While the attack systems have become more easy-to-use, sophisticated, and
powerful, interest has greatly increased in the field of building more
effective, intelligent, adaptive, active and high performance defense systems
which are distributed and networked. We will focus our program on issues
related to Network and System Security, such as authentication, access control,
availability, integrity, privacy, confidentiality, dependability and
sustainability of computer networks and systems. The aim of this conference
is to provide a leading edge forum to foster interaction between researchers
and developers with the network and system security communities, and to give
attendees an opportunity to interact with experts in academia, industry
and governments. Topics of interest include, but not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security for P2P systems and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security
For more information, please see
http://nss2007.cqu.edu.au/FCWViewer/view.do?page=8494.
NordSec 2009
14th Nordic Conference on Secure IT Systems,
Oslo, Norway, October 14-16, 2009.
[posted here 3/23/09]
NordSec brings together computer security researchers and practitioners from around
the world, in particular from the Nordic countries and Northern Europe. The conference
focuses on applied IT security and is intended to encourage interaction between academic
and industrial research. NordSec 2009 welcomes contributions from researchers and
practitioners over the theme "Identity and Privacy in the Internet Age" as well as
over a broad range of topics in IT security, including, but not limited to, the following areas:
- Applied Cryptography
- Commercial Security Practices
- Communication and Network Security
- Computer Crime and Info Warfare
- Hardware and Smart Card Applications
- Internet and Web Security
- Intrusion Detection
- Language-based Security Techniques
- New Ideas and Paradigms in Security
- Operating System Security
- PKI Systems and Key Escrow
- Privacy and Anonymity
- Security Education and Training
- Security Evaluations and Assurance
- Security Management and Audit
- Security Models
- Security Protocols
- Social-Engineering and Phishing
- Software Security
- Trust and Reputation Management
For more information, please see
http://nordsec2009.unik.no/.
MetriSec 2009
5th International Workshop on Security Measurements and Metrics,
Held in conjunction with the International Symposium on
Empirical Software Engineering and Measurement (ESEM 2009),
Lake Buena Vista, Florida, USA, October 14, 2009.
[posted here 3/9/09]
Quantitative assessment is a major stumbling blocks for software and
system security. Although some security metrics exist, they are rarely adequate.
The engineering importance of metrics is intuitive: you cannot consistently
improve what you cannot measure. Economics is an additional drive for security
metrics: customers should be enabled to quantify which of two IT products is
more appropriate. The goals of this workshop are to showcase and foster research
into security measurements and metrics and to keep building the community of
individuals interested in this area. MetriSec continues the tradition started
by the Quality of Protection (QoP) workshop series. This year, the new
co-location with ESEM is an opportunity for the security metrics folks to meet
the metrics community at large. The organizers solicit original submissions
from industry and academic experts on the development and application of
repeatable, meaningful measurements in the fields of software and system security.
The topics of interest include, but are not limited to:
- Security metrics
- Security measurement and monitoring
- Development of predictive models
- Experimental validation of models
- Formal theories of security metrics
- Security quality assurance
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories, CVE, CVSS
- Static analysis metrics
- Simulation and statistical analysis
- Stochastic modeling
- Security risk analysis
- Industrial experience
For more information, please see
http://www.cs.kuleuven.be/conference/MetriSec2009/.
TSP 2009
IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications,
Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009),
Macau SAR, China, October 12-14, 2009.
[posted here 5/11/09]
TSP 2009 aims at bringing together researchers and practitioners in the world working
on trust, security, privacy, and related issues such as technical, social and cultural
implications for pervasive devices, services, networks, applications and systems,
and providing a forum for them to present and discuss emerging ideas and trends
in this highly challenging research area. Topics of interest include,
but are not limited to:
- Trust, Security and Privacy (TSP) metrics and architectures for pervasive computing
- Trust management in pervasive environment
- Risk management in pervasive environment
- Security and privacy protection in pervasive environment
- Security and privacy in mobile and wireless communications
- Security and privacy for databases in pervasive environment
- Safety and user experiences in pervasive environment
- TSP-aware social and cultural implications in pervasive environment
- Cryptographic devices for pervasive computing
- Biometric authentication for pervasive devices
- Security for embedded software and systems
- TSP-aware middleware design for pervasive services
- TSP-aware case studies on pervasive applications/systems
- Key management in pervasive applications/systems
- Authentication in pervasive applications/systems
- Audit and accountability in pervasive applications/systems
- Access control in pervasive applications/systems
- Anonymity in pervasive applications/systems
- Reliability and fault tolerance in pervasive applications/systems
- Miscellaneous issues in pervasive devices, services, applications, and systems
For more information, please see
http://trust.csu.edu.cn/conference/tsp2009/.
SecPri-WiMob 2009
International Workshop on Security and Privacy in
Wireless and Mobile Computing, Networking and Communications,
Held in the 5th IEEE International Conference on Wireless and
Mobile Computing, Networking and Communications (WiMob 2009),
Marrakech, Morocco, October 12, 2009.
[posted here 3/16/09]
The objectives of the SecPri_WiMob 2009 Workshop are to bring together
researchers from research communities in Wireless and Mobile Computing,
Networking and Communications, Security and Privacy, with the goal of
fostering interaction. Topics of interest may include one or more of
the following (but are not limited to) themes:
- Cryptographic Protocols for Mobile and Wireless Networks
- Key Management in Mobile and Wireless Computing
- Reasoning about Security and Privacy
- Privacy and Anonymity in Mobile and Wireless Computing
- Public Key Infrastructure in Mobile and Wireless Environments
- Economics of Security and Privacy in Wireless and Mobile environments
- Security Architectures and Protocols in Wireless LANs
- Security Architectures and Protocols in B3G/4G Mobile Networks
- Security and Privacy features into Mobile and Wearable devices
- Location Privacy
- Ad hoc Networks Security
- Sensor Networks Security
- Wireless Ad Hoc Networks Security
- Role of Sensors to Enable Security
- Security and Privacy in Pervasive Computing
- Trust Establishment, Negotiation, and Management
- Secure PHY/MAC/routing protocols
- Security under Resource Constraints (bandwidth,
computation constraints, energy)
For more information, please see
http://www.icsd.aegean.gr/SecPri_WiMob_2009/.
VizSec 2009
Workshop on Visualization for Cyber Security,
Atlantic City, NJ, USA, October 11, 2009.
[posted here 3/2/09]
The 6th International Workshop on Visualization for Cyber Security is a
forum that brings together researchers and practitioners in information
visualization and security to address the specific needs of the cyber
security community through new and insightful visualization techniques.
Co-located this year with IEEE InfoVis/Vis/VAST, VizSec will continue to
provide opportunities for the two communities to collaborate and share insights
into providing solutions for security needs through visualization approaches.
This year our focus is on advancing Visualization for Cyber Security as a
scientific discipline. While art, engineering, and intuitions regarding the
human element will always remain important if we are to obtain useful cyber
security visualizations, advances in the scientific practice of research are
needed. The scientific aspects of visualization for cyber security draw both
on empirical observation (similar to many natural and social sciences) and
formal science (such as the formal derivations in mathematics). Barriers confronting
current researchers include concerns about available data, lack of a common
agreement about what constitutes sound experimental design, the difficulties of
measuring the relative effectiveness of security visualizations in practice,
and the lack of a common understanding of user requirements. While many
researchers are making progress in these and other critical areas, much
work yet remains. Papers offering novel contributions in security
visualization are solicited. Papers may present technique, applications,
practical experience, theory, or experiments and evaluations. Papers are
encouraged on technologies and methods that have been demonstrated to be
useful for improving information systems security and that address
lessons from actual application. We encourage papers that report results
on visualization techniques and systems in solving all aspects of cyber
security problems, including how visualization applies to:
- Different aspects of security: software, networks and log files
(e.g., Internet routing, packet traces and network flows, intrusion
detection alerts, attack graphs, application security, etc.)
- Application of visualization techniques in formalizing, defining and analyzing security policies
- Forensic analysis, correlating events, cyber-defense task analysis
- Computer network defense training and offensive information operations
- Building rules, feature selection, and detecting anomalous activity
- Software, software security, and viruses
- Deployment and field testing of VizSec systems
- Evaluation and user testing of VizSec systems
- User and design requirements for VizSec systems
- Lessons learned from development and deployment of VizSec systems
- “Field Research” Best Practices
- Interaction with domain experts – best practices, lessons learned
- Differentiating the needs of different domains and time frames
- Best practices for obtaining and sharing potentially sensitive data for
purposes of visualization and assessment, including how to approach personal
privacy, regulatory, and organizational issues
- Metrics and measurements (e.g., criteria for the relative effectiveness of cyber visualizations)
- Handling large datasets, scalability issues, and providing real time or near-real time visualizations
For more information, please see
http://vizsec.org/vizsec2009/.
SIN 2009
2nd ACM International Conference on Security of Information and Networks,
Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus, October 6-10, 2009.
[posted here 1/12/09]
The 2nd International Conference on Security of Information and
Networks (SIN 2009) provides an international forum for
presentation of research and applications of security in information
and networks. SIN 2009 conference features contributed as well as
invited papers, special sessions, workshops, and tutorials on
theory and practice. Its drive is to convene a high quality,
well-attended, and up-to-date conference on scientific and
technical issues of security in information, networks, and systems.
The main theme of SIN 2009 is Intelligent Systems for Information Assurance,
Security, and Public Policy in the Age of e-Euphoria.
For more information, please see
http://www.sinconf.org/cfp/cfp.htm.
WSNS 2009
5th IEEE International Workshop on Wireless and Sensor Networks Security,
Held in conjunction with the 6th IEEE International Conference on
Mobile Ad-hoc and Sensor Systems (MASS 2009),
Macau SAR, China, October 5-8, 2009.
[posted here 3/23/09]
Wireless networks have experienced an explosive growth during the past few
years. Nowadays, there is a large variety of networks spanning from the
well-known cellular networks to non-infrastructure wireless networks such
as mobile ad hoc networks and sensor networks. The security issue is a
central concern for achieving secured communication in these networks. This
one day workshop aims to bring together researchers and practitioners from
wireless and sensor networking, security, privacy, cryptography, and distributed
computing communities, with the goals of promoting discussions and
collaborations. We are interested in novel research on all aspects of
security and privacy in wireless and sensor networks and their cost-effective
solutions. Topics of interest include, but are not limited to:
- Attacks and Countermeasures
- Authentication and Access Control
- Computer-Aided Tool for Security
- Cross-layer Design for Security
- Cryptographic Protocol
- Denial of Service (DoS)
- Key Management
- Information Hiding
- Intrusion Detection and Response
- Malicious Behavior Detection and Analysis
- Privacy and Anonymity
- Secure Localization and Synchronization
- Security and Performance tradeoff
- Security Policy and Enforcement Issues
- Security Protocols Analysis, Design, and Proof
- Secure Routing/MAC
- Surveillance and Monitoring
- Trust Establishment and Management
For more information, please see
http://www.cs.wcupa.edu/~zjiang/wsns09.htm.
ICDF2C 2009
International Conference on Digital Forensics & Cyber Crime,
Albany, NY, USA, September 30 - October 2, 2009.
[posted here 3/16/09]
The Internet has made it easier to perpetrate traditional crimes by providing
criminals an alternate avenue for launching attacks with relative anonymity.
The increased complexity of the communication and networking infrastructure
is making investigation of the crimes difficult. Clues of illegal activities
are often buried in large volumes of data that needs to be sifted through
in order to detect crimes and collect evidence. The field of digital
forensics is becoming very important for law enforcement, network security,
and information assurance. This is a multidisciplinary area that encompasses
multiple fields, including: law, computer science, finance, networking,
data mining, and criminal justice. The applications of this technology are
far reaching including: law enforcement, disaster recovery, accounting frauds,
homeland security, and information warfare. This conference brings together
practitioners and researchers from diverse fields providing opportunities for
business and intellectual engagement among attendees.
Suggested topics for submission of papers are (but not limited to):
- Computer Forensics Electronic Money Laundering
- Forensic Accounting Watermarking & Intellectual Property Theft
- Incident Response & Evidence Handling Network Data Analysis
- Data Analytics, Mining & Visualization Identity Theft & Online Fraud
- Mobile Device Forensics Digital Forensics and the Law
- Data Log Analysis (Computer, Network, Devices, etc) Forensics Training & Education
- Natural Language Processing Cyber Crime Investigations
- Continuous Assurance Internet Crime Against Children Investigation
- Data Recovery & Business Continuity Standardization & Accreditation
- Multimedia Forensics Digital Signatures and Certificates
For more information, please see
http://www.d-forensics.org/.
SRDS 2009
28th International Symposium on Reliable Distributed Systems,
Niagara Falls, New York, USA, September 27-30, 2009.
[posted here 3/16/08]
For 28 years, the Symposium on Reliable Distributed Systems has been a
traditional forum for researchers and practitioners who are interested
in distributed systems design and development, particularly with properties
such as reliability, availability, safety, security, and real time.
We welcome original research papers as well as papers that deal with design,
development and experimental results of operational systems.
We are also soliciting papers for an experience track that presents
on-going industrial projects, prototype systems and exploratory or
emerging applications. The major areas of interest include, but are not
limited to, dependability, security and/or real-time aspects within the
following topics:
- Security and privacy issues in wireless ad hoc and sensor networks
- Dependability in autonomic, pervasive and ubiquitous computing
- Security and high-confidence systems
- Resilient ad hoc and sensor networks
- Internet dependability and Quality of Service
- Safety-critical systems and critical infrastructures
- Dependability of high-speed networks and protocols
- Fault-tolerance in embedded systems, mobile systems and multimedia systems
- Dependable wireless networks and peer-to-peer networks
- Intrusion-tolerant, survivable, and self-stabilizing systems
- Dependability in Grid-, Cluster-, and Cloud-Computing
- Measurement, monitoring and prediction in distributed systems
- Analytical or experimental evaluations of dependable distributed systems
- Formal methods and foundations for dependable distributed computing
- Performance and dependability assessing techniques, tools and results
For more information, please see
http://www.cse.buffalo.edu/srds2009/.
STM 2009
5th International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2009,
Saint Malo, France, September 24-25, 2009.
[posted here 5/4/09]
STM (Security and Trust Management) is a established working group of ERCIM
(European Research Consortium in Informatics and Mathematics).
Topics of interest include, but are not limited to:
- access control
- cryptography
- data protection
- digital right management
- economics of security and privacy
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices
For more information, please see
http://stm09.dti.unimi.it.
SETOP 2009
International Workshop on Autonomous and Spontaneous Security,
Held in conjunction with ESORICS 2009,
Saint Malo, Britany, France, September 24-25, 2009.
[posted here 4/27/09]
With the need for evolution, if not revolution, of current network architectures
and the Internet, autonomous and spontaneous management will be a key feature of
future networks and information systems. In this context, security is an essential
property. It must be thought at the early stage of conception of these systems and
designed to be also autonomous and spontaneous. Future networks and systems must be
able to automatically configure themselves with respect to their security policies.
The security policy specification must be dynamic and adapt itself to the changing
environment. Those networks and systems should interoperate securely when their
respective security policies are heterogeneous and possibly conflicting.
They must be able to autonomously evaluate the impact of an intrusion in order
to spontaneously select the appropriate and relevant response when a given intrusion
is detected. Autonomous and spontaneous security is a major requirement of future
networks and systems. Of course, it is crucial to address this issue in different
wireless and mobile technologies available today such as RFID, Wifi, Wimax, 3G, etc.
Other technologies such as ad hoc and sensor networks, which introduce new type of
services, also share similar requirements for an autonomous and spontaneous
management of security. The SETOP Workshop seeks submissions that present research
results on all aspects related to spontaneous and autonomous security. Submissions
by PhD students are encouraged. Topics of interest include, but are not limited to
the following:
- Security policy deployment
- Self evaluation of risk and impact
- Distributed intrusion detection
- Autonomous and spontaneous response
- Trust establishment
- Security in ad hoc networks
- Security in sensor/RFID networks
- Security of Next Generation Networks
- Security of Service Oriented Architecture
- Security of opportunistic networks
- Privacy in self-organized networks
- Secure localization
- Context aware and ubiquitous computing
- Secure inter-operability and negotiation
- Self-organization in secure routing
- Identity management
For more information, please see
http://conferences.telecom-bretagne.eu/setop-2009.
DPM 2009
4th International Workshop on Data Privacy Management,
Held in conjunction with the ESORICS 2009,
Saint Malo, Britany, France, September 24, 2009.
[posted here 4/27/09]
DPM 2009 Workshop aims at discussing and exchanging ideas related to
privacy data management. We invite papers from researchers and practitioners working
in privacy, security, trustworthy data systems and related areas to submit their
original papers in this workshop. The main topics, but not limited to, include:
- Privacy Information Administration
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Language
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Conciliation of Individual Privacy and Corporate/National Security
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in Sensor Networks
For more information, please see
http://dpm09.dyndns.org/.
CISIS 2009
2nd International Workshop on Computational Intelligence for
Security in Information Systems,
Burgos, Spain, September 23-26, 2009.
[posted here 4/6/09]
CISIS aims to offer a meeting opportunity for academic and industry-related
researchers belonging to the various, vast communities of Computational
Intelligence, Information Security, Data Mining, and Biometry. The need
for intelligent, flexible behavior by large, complex systems, especially
in mission-critical domains, is intended to be the catalyst and the
aggregation stimulus for the overall event. CISIS´09 provides an
interesting opportunity to present and discuss the latest theoretical
advances and real-world applications in this multidisciplinary research field.
Topics are encouraged, but not limited to:
- Intelligent Data Mining for Network Security
- Learning Methods for Text Mining in Intelligence and Security
- Soft-Computing Methods in Critical Infrastructure Protection
- Intelligent Secure Methods in Railway Operation
- Computational Intelligence in Biometrics for Security
For more information, please see
http://gicap.ubu.es/cisis2009/.
RAID 2009
12th International Symposium on Recent Advances in Intrusion Detection,
Saint Malo, Brittany, France, September 23-25, 2009.
[posted here 3/30/09]
This symposium, the 12th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry
to discuss issues and technologies related to intrusion detection and
defense. The Recent Advances in Intrusion Detection (RAID) International
Symposium series furthers advances in intrusion defense by promoting
the exchange of ideas in a broad range of topics. As in previous years,
all topics related to intrusion detection, prevention and defense systems
and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
For more information, please see
http://www.rennes.supelec.fr/RAID2009/.
ESORICS 2009
14th European Symposium on Research in Computer Security,
Saint Malo, France, September 21-25, 2009.
[posted here 1/19/09]
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Fourteenth European Symposium on
Research in Computer Security (ESORICS 2009). The Symposium has established
itself as one of the premiere, international gatherings on Information Assurance.
Papers may present theory, technique, applications, or practical experience on
topics including, but not limited to:
- access control
- anonymity
- authentication
- authorization and delegation
- cryptographic protocols
- data integrity
- dependability
- information flow control
- smartcards
- systems security
- digital right management
- accountability
- applied cryptography
- covert channels
- cybercrime
- denial of service attacks
- formal methods in security
- inference control
- information warfare
- steganography
- transaction management
- data and application security
- intellectual property protection
- intrusion tolerance
- peer-to-peer security
- language-based security
- network security
- non-interference
- privacy-enhancing technology
- pseudonymity
- subliminal channels
- trustworthy user devices
- identity management
- security as quality of service
- secure electronic commerce
- security administration
- security evaluation
- security management
- security models
- security requirements engineering
- security verification
- survivability
- information dissemination control
- trust models and trust management policies
For more information, please see
http://www.esorics.org.
SECURECOMM 2009
5th International ICST Conference on Security and Privacy for
Communication Networks,
Athens, Greece, September 14-18, 2009.
[posted here 1/12/09]
Securecomm seeks high-quality research contributions in the form of well
developed papers. Topics of interest encompass research advances in ALL
areas of secure communications and networking. However, topics in other areas
(e.g., formal methods, database security, secure software, foundations of cryptography)
will be considered only if a clear connection to private or secure communications/networking
is demonstrated. The aim of Securecomm is to bring together security and privacy
experts in academia, industry and government as well as practitioners, standards
developers and policy makers, in order to engage in a discussion about common goals
and explore important research directions in the field.
TOPICS of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware and botnets
- Communication Privacy and Anonymity
- Distributed denial of service
- Public Key Infrastructures, key management, credentials
- Web security
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and
overlay network systems, Web 2.0
For more information, please see
http://www.securecomm.org.
SEWCN 2009
1st ICST International Workshop on Security in Emerging Wireless Communication
and Networking Systems,
Held in conjunction with SecureComm 2009,
Athens, Greece, September 14, 2009.
[posted here 6/29/09]
Innovative wireless communication and networking systems have been proposed and
studied in recent years, including cognitive radio networks, multi-channel
multi-radio networks, cyber-physical systems, vehicle ad hoc networks, and
others. The goal of this workshop is to develop and employ secure architectures
and protocols to enhance these emerging wireless systems. As these wireless systems
have new features and serve new applications, they are raising new security concerns
that existing security technologies may not be sufficient to tackle. Hence, these
wireless systems require re-examination of current security techniques and creation
of new security schemes. The design of these wireless systems also needs security as
an integral part to prevent misuse of them and assure their functionality. This workshop
particularly invites new ideas on security in the context of these emerging wireless
communication and networking systems, including identifying new threats and new
primitives for supporting secure system design.
Topics on security in emerging wireless systems include, but are not limited to
the following:
- Vulnerabilities and threats
- Cross-layer design for security
- Security of cognitive radio
- Security of channel management
- Resilient control over network
- Secure neighbor and location discovery
- Key management
- Intrusion detection and response
- User and data privacy
- Anti-jamming communication
- Denial of service
For more information, please see
http://sewcn.org.
ARO-DF 2009
ARO Workshop on Digital Forensics,
Washington DC., USA, September 10-11, 2009.
[posted here 5/25/09]
The possibility of becoming a victim of cyber crime is the number one
fear of billions of people online. In the years of fighting against
cyber-crimes and cyber-enabled crimes, we have seen that digital evidence
may often be available for a very short period of time and/or involve huge
volumes of data that are found locally on a single digital device or spread
globally across dispersed public and proprietary platforms. The field of
Digital Forensics faces many challenges and difficult problems. The goal
of this workshop is to identify important and hard digital forensic challenges
and problems, and to stimulate community efforts on the development of
scientific foundation for digital forensics and new theories and practical
techniques towards addressing these problems. We invite one-page short statement
of ideas addressing the problems and topics of interest for the workshop.
The workshop discussions will be initiated by presentations from invited
speakers, each representing a different perspective related to digital
forensics and views from law enforcement, military, industry, and academia.
These presentations will be used to form the basis of the workshop
discussions to follow. The remainder of the workshop will be devoted
to group discussions led by group coordinators on a selected list of
important topics in digital forensics. Topics of relevance include,
but are not limited to:
- Scientific Foundation and Models, and the Law
- Digital Evidence Discovery, Collection, Recovery, and Storage
- Digital Evidence Analysis
- Network Forensics
- Digital Forensics Tool Validation
- Anti-forensics Techniques
For more information, please see
http://www.engineering.iastate.edu/~guan/ARO-DF/index.html.
EuroPKI 2009
6th European Workshop on Public Key Services, Applications and Infrastructures,
Pisa, Tuscany, Italy, September 9-11, 2009.
[posted here 3/30/09]
EuroPKI aims at covering all research aspects of
Public Key Services, Applications and Infrastructures. In particular, we want
to encourage also submissions dealing with any innovative applications of public
key cryptography. Submitted papers may present theory, applications or practical
experiences on topics including, but not limited to:
- Anonymity and privacy
- Architecture and Modeling
- Authentication
- Authorization and Delegation
- Case Studies
- Certificates Status
- Certification Policy and Practices
- Credentials
- Cross Certification
- Directories
- eCommerce/eGovernment
- Evaluation
- Fault-Tolerance and reliability
- Federations
- Group signatures
- ID-based schemes
- Identity Management and eID
- Implementations
- Interoperability
- Key Management
- Legal issues
- Long-time archiving
- Mobile PKI
- Multi-signatures
- Policies & Regulations
- Privacy
- Privilege Management
- Protocols
- Repositories
- Risk/attacks
- Standards
- Timestamping
- Trust management
- Trusted Computing
- Ubiquitous scenarios
- Usage Control
- Web services security
For more information, please see
http://www.iit.cnr.it/EUROPKI09.
NSPW 2009
New Security Paradigms Workshop,
The Queen's College, University of Oxford, UK, September 8-11, 2009.
[posted here 1/19/09]
The New Security Paradigms Workshop (NSPW) is seeking papers that address the
current limitations of information security. Today's security risks are diverse
and plentiful--botnets, database breaches, phishing attacks, distributed
denial-of-service attacks--and yet present tools for combatting them are
insufficient. To address these limitations, NSPW welcomes unconventional,
promising approaches to important security problems and innovative critiques
of current security practice. We are particularly interested in perspectives
from outside computer security, both from other areas of computer science
(such as operating systems, human-computer interaction, databases, programming
languages, algorithms) and other sciences that study adversarial relationships
such as biology and economics. We discourage papers that offer incremental
improvements to security and mature work that is appropriate for standard
information security venues. By encouraging researchers to think ``outside the box''
and giving them an opportunity to communicate with open-minded peers, NSPW seeks to
foster paradigm shifts in the field of information security.
For more information, please see
http://www.nspw.org/current/cfp.shtml.
ISC 2009
12th Information Security Conference,
Pisa, Italy, September 7-9, 2009.
[posted here 3/2/09]
ISC is an annual international conference covering research in and
applications of information security. The twelfth Information
Security Conference (ISC 2009) will be held in Pisa, Italy. The
conference seeks submissions from academia, industry, and government
presenting novel research on all theoretical and practical aspects of
information security. Topics of interest include, but are not limited
to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- information hiding and watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- security and privacy in pervasive/ubiquitous computing
- security in information flow
- security in IT outsourcing
- security for mobile code
- security of grid computing
- security of eCommerce, eBusiness and eGovernment
- security in location services
- security modeling and architectures
- security models for ambient intelligence environments
- security in social networks
- trust models and trust management policies
For more information, please see
http://isc09.dti.unimi.it/.
CHES 2009
Workshop on Cryptographic Hardware and Embedded Systems,
Lausanne, Switzerland, September 6-9, 2009.
[posted here 4/6/09]
CHES 2009 will include a Hot Topic Session focused on the emerging
research area of "Hardware Trojans and Trusted ICs".
A confluence of several trends makes this a timely and important topic.
The economic challenges and cost structure of today's semiconductor
industry are driving towards increased consolidation of fabrication
capabilities and disaggregation of IC and system design houses from
foundries. Globalization of both design and fabrication implies that the
overall design and manufacturing chain for most ICs often spans across
several legislative domains. From the security perspective, this gives
rise to new challenges. Most systems rely on correctly designed and
fabricated chips (i.e., hardware is not malicious), and consequently most
security mechanisms break down when the threat comes from "within the IC".
For example, Hardware Trojans could be inserted into ICs prior to
manufacturing in order to leak sensitive information or interfere with
correct operation (e.g., a "kill switch") once the IC is deployed in an
end system. Therefore, it is increasingly becoming necessary to ensure the
trustworthiness of ICs even when parts of the design and fabrication
process are inherently untrusted.
The CHES 2009 committee invites submissions for the Hot Topic session that
address any relevant topic, including but not limited to the following:
- Trust / security models for IC design & fabrication
- New challenges & attacks
- Hardware Trojan detection techniques
- Trusted re-use models for IP components
For more information, please see
http://www.chesworkshop.org.
WISTP 2009
Workshop on Information Security Theory and Practices
(Smart Devices, Pervasive Systems, and Ubiquitous Networks),
Bruxelles, Belgium, September 2-4, 2009.
[posted here 3/9/09]
With the rapid technological development of information technologies
and with the transition from the common to the next generation networks,
computer systems and especially embedded systems are becoming more mobile
and ubiquitous, increasingly interfacing with the physical world.
Ensuring the security of these complex and yet, resource constraint systems
has emerged as one of the most pressing challenges.
Protecting the privacy of the user immersed in such systems is a similarly
pressing concern. The aim of this third workshop is to bring together
researchers and practitioners in related areas and to encourage interchange
and cooperation between the research community and the industrial/consumer
community. The workshop will consist of technical paper presentations, one special
session for student papers and several invited talks.
For more information, please see
http://www.wistp.org/.
DaSECo 2009
1st International Workshop on Defence against Spam in Electronic Communication,
Held in conjunction with the 20th International Conference on Database and
Expert Systems Applications (DEXA 2009),
Linz, Austria, August 31 - September 4, 2009.
[posted here 3/2/09]
The workshop on Defence against Spam in Electronic Communication
invites the submission of papers. Researchers and practitioners are encouraged to
submit papers on all aspects of misuse and protection concerning electronic
communication including email, instant messaging, text messaging, and voice
over internet protocol. Topics of interest include novel applications of electronic
messaging, abatement of abuses of electronic messaging, spam, spit (spam over
internet telephony), spim (spam over instant messenger), spom (spam over mobile phone),
phishing, identify theft via messaging, viruses, and spyware.
For more information, please see
http://www.dexa.org/files/CfP_DaSECo_15.Jan_.pdf.
InSPEC 2009
2nd International Workshop on Security and Privacy in Enterprise Computing,
Held in conjunction with the 13th IEEE International Enterprise Distributed
Object Computing Conference (EDOC 2009),
Auckland, New Zealand, August 31 - September 4, 2009.
[posted here 3/16/09]
In recent years several technologies have emerged for enterprise
computing. Workflows are now widely adopted by industry and distributed
workflows have been a topic of research for many years. Today, services
are becoming the new building blocks of enterprise systems and
service-oriented architectures are combining them in a flexible and
novel way. In addition, with wide adoption of e-commerce, business
analytics that exploits multiple, heterogeneous data sources have become
an important field. Ubiquitous computing technologies, such as RFID or
sensor networks change the way business systems interact with their
physical environment, such as goods in a supply chain or machines on the
shop floor. All these technological trends are accompanied also by new
business trends due to globalization that involve innovative forms of
collaborations such as virtual organizations. Further, the increased
speed of business requires IT systems to become more flexible and highly
dynamic. All of these trends bring with them new challenges to the security and
privacy of enterprise computing. New concepts for solving these
challenges require the combination of many disciplines from computer
science and information systems, such as cryptography, networking,
distributed systems, process modeling and design, access control,
privacy etc. The goal of this workshop is to provide a forum for
exchange of novel research in these areas among the experts from
academia and industry. Completed work as well as research in progress is
welcome, as we want to foster the exchange of novel ideas and approaches.
For more information, please see
http://sesar.dti.unimi.it/InSPEC2009/.
TrustBus 2009
6th International Conference on Trust, Privacy, and Security in Digital Business,
Held in conjunction with the 20th International Conference on Database
and Expert Systems Applications (DEXA 2009),
Linz, Austria, August 31 – September 4, 2009.
[posted here 12/22/08]
TrustBus’09 will bring together researchers from different disciplines, developers,
and users all interested in the critical success factors of digital business systems.
We are interested in papers, work-in-progress reports, and industrial experiences
describing advances in all areas of digital business applications related to trust
and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in mobile commerce environments
- Usability of security technologies and services
Additional topics of interest include (but are not limited to):
Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Database Forensics,
Electronic Commerce Security, and Security in Digital Health Care.
For more information, please see
http://www.icsd.aegean.gr/trustbus2009/.
DFRWS 2009
9th Digital Forensics Research Workshop,
Montreal, Canada, August 17-19, 2009.
[posted here 2/2/09]
DFRWS brings together leading researchers, developers, practitioners,
and educators interested in advancing the state of the art in digital forensics
from around the world. As the most established venue in the field, DFRWS is the
preferred place to present both cutting-edge research and perspectives on best
practices for all aspects of digital forensics. As an independent organization,
we promote open community discussions and disseminate the results of our work
to the widest audience. Topics of interest include, but are not limited to the following:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis, traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (“file carving”)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
For more information, please see
http://www.dfrws.org/2009/cfp.shtml.
USENIX-SECURITY 2009
18th USENIX Security Symposium,
Montreal, Canada, August 12–14, 2009.
[posted here 11/12/08]
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
Refereed paper submissions are solicited in all areas relating to systems
and network security, including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Hardware security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Virtualization security
- Voting systems analysis and security
- Web security
- Wireless and pervasive/ubiquitous computing security
For more information, please see
http://www.usenix.org/events/sec09/cfp/.
MetriCon 2009
4th Workshop on Security Metrics,
Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009),
Montreal, Canada, August 11, 2009.
[posted here 5/4/09]
MetriCon 4.0 is intended as a forum for lively, practical discussion in the area of
security metrics. It is a forum for quantifiable approaches and results to problems
afflicting information security today, with a bias towards practical, specific
approaches that demonstrate the value of security metrics with respect to a
security-related goal. Topics and presentations will be selected for their
potential to stimulate discussion in the workshop. Topics that demonstrate
the importance of context include:
- Data and analyses emerging from ongoing metrics efforts
- Studies in specific subject matter areas
- Time and situation-dependent aspects of security metrics
- Long-term trend analysis and forecasts
- Measures of the depth and breadth of security defenses
- Metrics definitions that can be operationalized
- Incorporating unknown vulnerabilities into security metrics
- Security and risk modeling calibrations
- Security measures in system design
- Software assurance initiatives
- Security metrics relationship to security assessments
For more information, please see
http://www.securitymetrics.org/content/Wiki.jsp?page=Metricon4.0.
HotSec 2009
4th USENIX Workshop on Hot Topics in Security,
Held in conjunction with the 18th USENIX Security Symposium (USENIX-Security 2009),
Montreal, Canada, August 11, 2009.
[posted here 3/9/09]
HotSec '09 will bring together innovative practitioners and researchers
in computer security and privacy, broadly defined, to tackle the challenging
problems in this space. While pragmatic and systems-oriented, HotSec takes
a broad view of security and privacy and encompasses research on topics
including but not limited to large-scale threats, network security,
hardware security, software security, programming languages, applied cryptography,
anonymity, human-computer interaction, sociology, economics, and law.
To ensure a vigorous workshop environment, attendance will be by
invitation only. Participants will be invited based on their submissions'
originality, technical merit, topical relevance, and likelihood of leading
to insightful technical discussions that will influence future security
research. Submissions may not be under consideration for publication at
any other venue.
For more information, please see
http://www.usenix.org/events/hotsec09/cfp/.
EVT/WOTE 2009
Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections,
Montreal, Canada, August 10–11, 2009.
[posted here 1/19/09]
EVT/WOTE seeks to bring together researchers from a variety of disciplines,
ranging from computer science and human-computer interaction experts through
political scientists, legal experts, election administrators, and voting
equipment vendors. EVT/WOTE seeks to publish original research on
important problems in all aspects of electronic voting.
In general, we welcome papers on voting topics, including but not limited to:
- Voter registration and pre-voting processes
- Vote collection
- Vote tabulation
- Election auditing
- Design, implementation, and evaluation of new voting technologies and protocols
- Scientific evaluations of existing voting technologies
- System testing methodologies
- Deployment and lifecycle issues
- Threat mitigation
- Usability
- Accessibility
- Legal issues, including the ADA, HAVA, intellectual property,
and nondisclosure agreements on voting system evaluations
- Issues with and evolution of voting technology standards
- Election integrity
- Ballot integrity
- Ballot secrecy
- Voter anonymity
- Voter authentication
- Receipts and coercion resistance
- Anonymous channels
- Secure bulletin boards
- Threat models
- Formal security analysis
- Electoral systems
- Case studies of electronic voting experiments
- Privacy, verifiability, and transparency in e-voting
For more information, please see
http://www.usenix.org/evtwote09/cfpb.
CSET 2009
Workshop on Cyber Security Experimentation and Test,
Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009),
Montreal, Canada, August 10, 2009.
[posted here 4/6/09]
CSET '09 is bringing together researchers and testbed developers to share
their experiences and define a forward-looking agenda for the development of
scientific, realistic evaluation approaches for security threats and defenses;
it provides an important community forum for the exploration of transformational
advances in the field of cyber security experimentation and test.
While we particularly invite papers that deal with security experimentation,
we are also interested in papers that address general testbed/ experiment
issues that have implications on security experimentation such as: traffic
and topology generation, large-scale experiment support,
experiment automation, etc. We are further interested in educational efforts
that involve security experimentation.
For more information, please see
http://www.usenix.org/event/cset09/.
WOOT 2009
3rd USENIX Workshop on Offensive Technologies,
Held in conjunction with the USENIX Security Symposium (USENIX-Security 2009),
Montreal, Canada, August 10, 2009.
[posted here 5/4/09]
Progress in the field of computer security is driven by a symbiotic relationship
between our understandings of attack and of defense. The USENIX Workshop on
Offensive Technologies aims to bring together researchers and practitioners
in system security to present research advancing the understanding of
attacks on operating systems, networks, and applications.
Submission topics include:
- Vulnerability research (software auditing, reverse engineering)
- Penetration testing
- Exploit techniques and automation
- Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
- Reconnaissance (scanning, software, and hardware fingerprinting)
- Malware design and implementation (rootkits, viruses, bots, worms)
- Denial-of-service attacks
- Web and database security
- Weaknesses in deployed systems (VoIP, telephony, wireless, games)
- Practical cryptanalysis (hardware, DRM, etc.)
For more information, please see
http://www.usenix.org/woot09/cfpm.
HOST 2009
2nd IEEE International Workshop on Hardware-Oriented Security and Trust,
San Francisco, CA, USA, July 27, 2009.
[posted here 2/2/09]
The emergence of a globalized, horizontal semiconductor business model raises
a set of concerns involving the security and trust of the information systems
on which modern society is increasingly reliant for mission-critical functionality.
Hardware-oriented security and trust (HOST) issues span a broad range
including threats related to the malicious insertion of Trojan circuits
designed, e.g., to act as a `kill switch' to disable a chip, to integrated
circuit (IC) piracy, to attacks designed to extract encryption keys and
IP from a chip, and to malicious system disruption and diversion. HOST
covers security and trust issues in all types of electronic devices and
systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded
systems. The mission of HOST is to provide a forum for the presentation
and discussion of research that is of critical significance to the security
of, and trust in, modern society's microelectronic-supported infrastructures.
The IEEE International Workshop on Hardware-Oriented Security and Trust
(HOST 2009) is an open forum for discussions and innovations on all issues
related to hardware security and trust. Paper presentations on topics given
below will highlight the challenges faced with authenticating hardware for
security and trust.
- Trojan detection and isolation
- Authenticating foundry of origin
- Side channel analysis/attacks
- Watermarking
- IP security/FPGA design security
- Cryptographic techniques for hardware security
- IC Metering
- Physical unclonable functions (PUFs)
- Embedded and distributed systems security
- Hardware intrusion detection and prevention
- Security engineering
- Scan-chain encryption
- IP trust
For more information, please see
http://www.engr.uconn.edu/HOST/.
POLICY 2009
IEEE International Symposium on Policies for Distributed Systems and Networks,
Imperial College London, UK, July 20-22, 2009.
[posted here 11/17/08]
The symposium brings together researchers and practitioners working
on policy-based systems across a range of application areas including
policy-based networking, privacy and security management, storage area networking,
and enterprise systems. POLICY 2009 has grown out of a highly successful series
of workshops and this is recognized by the elevation of the event to an IEEE symposium.
This year, in addition to the latest research results from the communities working
in any area of policy-based management and computing, we encourage contributions on
policy-based techniques in support of privacy and security management, including
the policy life-cycle, detection and resolution of inconsistency, refining
policies from users’ requirements, and usability issues.
Topics of interest include, but are not limited to the following:
- Privacy and Security
- Policy Models and Languages
- Policy Applications
For more information, please see
http://ieee-policy.org.
DBSEC 2009
23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security,
Montreal, Canada, July 12-15, 2009.
[posted here 10/27/08]
The 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications
Security provides a forum for presenting original unpublished research
results, practical experiences, and innovative ideas in data and
applications security. Papers and panel proposals are also solicited.
Papers may present theory, techniques, applications, or practical experience
on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
Additional topics of interest include (but are not limited to):
Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Database Forensics,
Electronic Commerce Security, and Security in Digital Health Care.
For more information, please see
http://www.ciise.concordia.ca/dbsec09/.
FCC 2009
Workshop on Formal and Computational Cryptography,
Port Jefferson, New York, USA, July 11-12, 2009.
[posted here 4/6/09]
Since the 1980s, two approaches have been developed for analyzing
security protocols. One of the approaches is based on a computational model
that considers issues of computational complexity and probability. Messages
are modeled as bitstrings and security properties are defined in a strong form,
in essence guaranteeing security with high probability against all probabilistic
polynomial-time attacks. However, it is difficult to prove security of large,
complex protocols in this model. The other approach relies on a symbolic model
of protocol execution in which messages are modeled using a term algebra and
cryptographic primitives are treated as perfect black-boxes, e.g. the only way
to decrypt a ciphertext is to use the corresponding decryption key. This abstraction
enables significantly simpler and often automated analysis of complex protocols.
Since this model places strong constraints on the attacker, a fundamental question
is whether such an analysis implies the strong security properties defined in the
computational model. This workshop focuses on approaches that combine and relate
symbolic and computational protocol analysis. Over the last few years, there has
been a spate of research results in this area. One set of results establish
correspondence theorems between the two models, in effect showing that for a
certain class of protocols and properties, security in the symbolic model
implies security in the computational model. In other work, researchers use
language-based techniques such as process calculi and protocol logics to reason
directly about the computational model. Several projects are investigating ways
of mechanizing computationally sound proofs of protocols. The workshop seeks
results in this area of computationally sound protocol analysis:
foundations and tools.
For more information, please see
http://infsec.uni-trier.de/fcc2009/.
DIMVA 2009
6th International Conference on Detection of Intrusions and
Malware & Vulnerability Assessment,
Milan, Italy, July 9-10 , 2009.
[posted here 1/12/09]
The annual DIMVA conference serves as a premier forum for advancing
the state of the art in intrusion detection, malware detection, and
vulnerability assessment.
DIMVA's scope includes, but is not restricted to the following areas:
Intrusion Detection
- Approaches
- Insider detection
- Applications to business level fraud
- Implementations
- Prevention and response
- Result correlation and cooperation
- Evaluation
- Potentials and limitations
- Operational experiences
- Legal and social aspects
Malware Detection
- Techniques
- Acquisition of specimen
- Detection and analysis
- Automated behavior model generation
- Early warning
- Prevention and containment
- Trends and upcoming risks
- Forensics and recovery
- Economic aspects
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection and analysis
- Vulnerability prevention
- Classification and evaluation
- Situational awareness
For more information, please see
http://www.dimva.org/dimva2009.
CSF 2009
22nd IEEE Computer Security Foundations Symposium,
Port Jefferson, New York, USA, July 8-10, 2009.
[posted here 12/1/08]
The IEEE Computer Security Foundations (CSF) series brings together researchers
in computer science to examine foundational issues in computer security.
Over the past two decades, many seminal papers and techniques have been presented
first at CSF. CiteSeer lists CSF as 38th out of more than 1200 computer science venues
(top 3.11%) in impact based on citation frequency. CiteSeerX lists CSF 2007 as 7th
out of 581 computer science venues (top 1.2%) in impact based on citation frequency.
New theoretical results in computer security are welcome. Also welcome are more
exploratory presentations, which may examine open questions and raise fundamental
concerns about existing theories. Panel proposals are sought as well as papers.
Possible topics include, but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management
For more information, please see
http://www.cs.sunysb.edu/csf09/.
SECRYPT 2009
International Conference on Security and Cryptography,
Milan, Italy, July 7-10, 2009.
[posted here 9/22/08]
The purpose of SECRYPT 2009 is to bring together researchers, engineers and
practitioners interested on information systems and applications in the context
of wireless networks and mobile technologies.
Topics of interest include, but are not limited to, provided they fit in one of the
following main topic areas:
Area 1: Access Control and Intrusion Detection
- Intrusion Detection and Vulnerability Assessment
- Authentication and Non-repudiation
- Identification and Authentication
- Insider Threats and Countermeasures
- Intrusion Detection & Prevention
- Identity and Trust Management
- Biometric Security
- Trust models and metrics
- Regulation and Trust Mechanisms
- Data Integrity
- Models for Authentication, Trust and Authorization
- Access Control in Computing Environments
- Multiuser Information
Area 2: Network Security and Protocols
- IPsec, VPNs and Encryption Modes
- Service and Systems Design and QoS Network Security
- Fairness Scheduling and QoS Guarantee
- Reliability and Dependability
- Web Performance and Reliability
- Denial of Service and Other Attacks
- Data and Systems Security
- Data Access & Synchronization
- GPRS and CDMA Security
- Mobile System Security
- Ubiquitous Computing Security
- Security in Localization Systems
- Sensor and Mobile Ad Hoc Network Security
- Wireless Network Security (WiFi, WiMAX, WiMedia and Others)
- Security of GSM/GPRS/UMTS Systems
- Peer-to-Peer Security
- e-Commerce Protocols and Micropayment Schemes
Area 3: Cryptographic Techniques and Key Management
- Smart Card Security
- Public Key Crypto Applications
- Coding Theory and Practice
- Spread Spectrum Systems
- Speech/Image Coding
- Shannon Theory
- Stochastic Processes
- Quantum Information Processing
- Mobile Code & Agent Security
- Digital Rights Management
Area 4: Information Assurance
- Planning Security
- Risk Assessment
- Security Area Control
- Organizational Security Policies and Responsibility
- Security Through Collaboration
- Human Factors and Human Behaviour Recognition Techniques
- Ethical and Legal Implications
- Intrusive, Explicit Security vs. Invisible, Implicit Computing
- Information Hiding
- Information Systems Auditing
- Management of Computing Security
Area 5: Security in Information Systems
- Security for Grid Computing
- Secure Software Development Methodologies
- Security for Web Services
- Security for Databases and Data Warehouses
- e-Health
- Security Engineering
- Security Information Systems Architectures
- Security Requirements
- Security Metrics
- Personal Data Protection
- XML Security
- Workflow and Business Process Security
For more information, please see
http://www.secrypt.org/.
CTC 2009
Cybercrime and Trustworthy Computing Workshop,
Held in conjunction with the 6th International Conference on Autonomic and Trusted Computing (ATC 2009),
Brisbane, Australia, July 7-10, 2009.
[posted here 12/22/08]
Cybercrime continues to be a growth industry, assisted by a combination of
technical factors, such as insecure hardware and software platforms, and
psychological factors, such as user error or naivety. The objective of this
workshop is to bring together two distinct groups to encourage further collaboration -
those who are working on researching cybercrime activity, such as phishing and malware,
and those who are working on technical countermeasures.
Example topic areas on the cybercrime theme might include:
- Phishing, SPAM
- Malware, Botnets
- Scams, including advance fee fraud, romance scams, etc.
- Forensic means to classify e-mail messages or web pages soliciting
cybercrime or providing a vector for attack
- Forensic means to cluster and identify different groups or
modus operandi arising from distinct "kits"
- For the countermeasures side, topic areas might include
Anti-phishing, Anti-virus, Anti-rootkit, Anti-botnet
- User education and/or psychological operations
For more information, please see
http://www.cybercrime.com.au/ctc09.
ATC 2009
6th International Conference on Autonomic and Trusted Computing,
Brisbane, Australia, July 7-10, 2009.
[posted here 12/15/08]
ATC-09 will offer a forum for researchers to exchange ideas and experiences
in the most innovative research and development in these challenging areas and
includes all technical aspects related to autonomic/organic computing (AC/OC) and
trusted computing (TC). Topics include but are not limited to the following:
- AC/OC Theory and Model: Models, negotiation, cooperation, competition,
self-organization, emergence, verification etc.
- AC/OC Architectures and Systems: Autonomic elements & their relationship,
frameworks, middleware, observer/controller architectures, etc.
- AC/OC Components and Modules: Memory, storage, database, device, server, proxy, software, OS, I/O, etc.
- AC/OC Communication and Services: Networks, self-organized net, web service,
grid, P2P, semantics, agent, transaction, etc.
- AC/OC Tools and Interfaces: Tools/interfaces for AC/OC system development,
test, monitoring, assessment, supervision, etc.
- Trust Models and Specifications: Models and semantics of trust, distrust, mistrust,
over-trust, cheat, risk, reputation, reliability, etc.
- Trust-related Security and Privacy: Trust-related secure architecture,
framework, policy, intrusion detection/awareness, protocols, etc.
- Trusted Reliable and Dependable Systems: Fault-tolerant systems, hardware redundancy,
robustness, survivable systems, failure recovery, etc.
- Trustworthy Services and Applications: Trustworthy Internet/web/grid/P2P e-services,
secured mobile services, novel applications, etc.
- Trust Standards and Non-Technical Issues: Trust standards and issues related to
personality, ethics, sociology, culture, psychology, economy, etc.
For more information, please see
http://www.itee.uq.edu.au/~atc09.
ACSISP 2009
14th Australasian Conference on Information Security and Privacy,
Brisbane, Australia, July 1-3, 2009.
[posted here 10/13/08]
Original papers pertaining to all aspects of information security and privacy
are solicited for submission to the 14th Australasian Conference on Information
Security and Privacy (ACISP 2009). Papers may present theory, techniques, applications
and practical experiences on a variety of topics including:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Identity management
- Biometrics
For more information, please see
http://conf.isi.qut.edu.au/acisp2009/.
CSI-KDD 2009
ACM SIGKDD Workshop on Cyber Security and Intelligence Informatics,
Held in conjunction with the 15th ACM SIGKDD Conference (SIGKDD 2009),
Paris, France, June 28, 2009.
[posted here 4/27/09]
Computer supported communication and infrastructure are integral parts of modern economy.
Their security is of incredible importance to a wide variety of practical domains
ranging from Internet service providers to the banking industry and e-commerce,
from corporate networks to the intelligence community. Of interest to this workshop
are novel knowledge discovery methods addressing these issues as well as
innovative applications demonstrating the effectiveness of data mining in
solving real-world security problems. The challenge for novel methods
originates from the emergence of new types of contents and protocols, and
only an integrated view on all modes promises optimal results. Innovative
applications are essential as IT-communication as well as computer-supported
technical and social infrastructure have an extremely complex structure and
require a comprehensive approach to prevent criminal activities.
The workshop will bring together researchers working on advanced data
mining approaches for CyberSecurity as well as large-scale security
applications. In addition we anticipate practitioners from large enterprises,
internet service providers, law enforcement and intelligence experts, and government
agencies who want to be informed about the state of the art in CyberSecurity and
Intelligence Informatics. Finally the workshop may be of interest to general
data mining researchers, who want to apply their techniques to this domain.
For more information, please see
http://www.csi-kdd.org/.
NASSUE 2009
International Workshop on Network Assurance and Security Services
in Ubiquitous Environments,
Held in conjunction with the 3rd International Conference on Information
Security and Assurance (ISA 2009),
Seoul, Korea, June 25-27, 2009.
[posted here 1/19/09]
NASSUE workshop is focused on network assurance and security measure, which has become
an important research issue in ubiquitous environments. The objective of this workshop is
to provide an effective forum for original scientific and engineering advances in
NAS issues in UE. Topics (include but are not limited to the following):
- Availability, dependability, survivability, & resilience issues in UE
- Authentication and identity management in UE
- Authorization and access-control in UE
- Risk assessment, and management in UE
- Redundancy, reliability models, and failure prevention of UCS
- Trust modeling and management in UE
- Fault-tolerant architectural and operational models in UE
- Network security issues and protocols in UCS
- Cryptographic protocols and key management in UCS
- Agent-based technologies for NAS
- Cross-layer design for security mechanisms
- Real-time technology for NAS systems
- QoS provisioning in UCS
- Network control technologies for NA
- Novel threat, attacks, vulnerabilities, and countermeasures
- DoS attacks and mitigation
- Reverse engineering of malicious code
- Intrusion detection, IDS / IPS in UE
- Anonymity, user privacy, and location privacy in UE
- Content protection and DRM for UCS
- System/network management techniques and strategies in UE
- Network forensics and fraud detection
- Surveillance and Privacy-enhancing technologies in UE
- Adaptive and Autonomic security for UCS
- Role of biometrics in UE
- NAS issues in e-commerce, e-government, e-health
- NAS implementation in P2P systems, vehicular system, web application,
disaster relief, etc.
- Specification, design, development, and deployment of NAS mechanisms
- Models, architectures and protocols for NAS
- Standards, guidelines and certification for NAS in UE
- Metrics for measuring security, assurance and dependability
- Designing business models with NAS requirements
- Formal methods and software engineering for NAS
- Legal, ethical and policy issues related to NAS in UE
- Proactive approaches to NAS
- New ideas and paradigms for NAS in UE
For more information, please see
http://www.sersc.org/NASSUE2009/.
WNGS 2009
4th International Workshop on Security,
Korea University, Seoul, Korea, June 25-27, 2009.
[posted here 1/12/09]
The workshop will provide an opportunity for academic and industry
professionals to discuss the latest issues and progress in
the area of NGS. The workshop will publish high quality papers which
are closely related to the various theories and practical
applications in NGS. In addition, we expect that the workshop and
its publications will be a trigger for further related research
and technology improvements in this important subject.
Topics (included, but are not limited to):
- Cryptographic Protocol & Application In NGS
- Peer-to-Peer Security & Application
- Privacy & Anonymity in NGS
- Access Control in NGS
- Biometrics in NGS
- Key/Identity Management in NGS
- Smart & Java Cards in NGS
- Mobile Communication in NGS
- Future Aviation in NGS
- Computer Forensics in NGS
- Efficient Implementations in NGS
For more information, please see
http://www.sersc.org/WNGS2009/ .
WEIS 2009
8th Workshop on the Economics of Information Security,
University College London, England, June 24-25, 2009.
[posted here 1/26/09]
The 2009 Workshop on the Economics of Information Security invites original
research papers focused on any aspect of the economics of information security,
including the economics of privacy. We encourage economists, computer scientists,
psychologists, business and management school researchers, law scholars, security
and privacy specialists, as well as industry experts, to submit their research and
attend the Workshop. Suggested topics include (but are not limited to) empirical
and theoretical economic studies of:
- Models and optimality of investment strategies in information security
- Privacy, confidentiality, and anonymity
- Cyber-trust and reputation systems
- Interdependent supply-chain security
- Intellectual property protection
- Information access and provisioning
- Risk management and cyber-insurance
- Security standards and regulation
- Behavioral security and privacy
- Cyber-terrorism policy
- Organizational security and metrics
- Psychological, social, and systemic aspects of risk and security
- Phishing, spam, and cybercrime
- Vulnerability discovery, disclosure, and patching
For more information, please see
http://weis09.infosecon.net/.
MIST 2009
International Workshop on Managing Insider Security Threats,
Held in conjunction with the 3rd IFIP International Conference on Trust Management (IFIPTM 2009),
West Lafayette, IN, USA, June 15-19, 2009.
[posted here 2/2/09]
The objective of this workshop is to showcase the most recent challenges and advances in
security technologies and management systems to address insider security threats.
It may also include state-of-the-art surveys and case analyses of practical significance.
Topics of interest include, but are not limited to the following:
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit) and continuous auditing
For more information, please see
http://isyou.hosting.paran.com/mist09/.
USENIX 2009
USENIX Annual Technical Conference,
San Diego, CA, USA, June 14-19, 2009.
[posted here 3/30/09]
USENIX Annual Tech has always been the place to present ground-breaking
research and cutting-edge practices in a wide variety of technologies
and environments. We seek high-quality submissions that further the knowledge and
understanding of modern computing systems, with an emphasis on implementations
and experimental results. The USENIX conference has a broad scope,
and specific topics of interest include but are not limited to:
- Architectural interaction
- Cloud computing
- Deployment experience
- Distributed and parallel systems
- Embedded systems
- Energy/power management
- File and storage systems
- Mobile, wireless, and sensor systems
- Networking and network services
- Operating systems
- Reliability, availability, and scalability
- Security, privacy, and trust
- System and network management and troubleshooting
- Usage studies and workload characterization
- Virtualization
- Web technology
For more information, please see
http://www.usenix.org/events/usenix09/.
SECURWARE 2009
3rd International Conference on Emerging Security Information, Systems and Technologies,
Athens, Greece, June 14-19, 2009.
[posted here 10/6/08]
The SECURWARE 2009 is an event covering related topics on theory and practice on security,
cryptography, secure protocols, trust, privacy, confidentiality, vulnerability, intrusion
detection and other areas related to low enforcement, security data mining, malware models,
etc. SECURWARE 2009 Special Areas (details in the CfP on site) are:
- ARCH: Security frameworks, architectures and protocols
- SECMAN: Security management
- SECTECH: Security technologies
- SYSSEC: System security
- INFOSEC: Information security
- MALWA: Malware and Anti-malware
- ANTIFO: Anti-forensics
- PRODAM: Profiling data mining
- SECHOME: Smart home security
- SECDYN: Security and privacy in dynamic environments
- ECOSEC: Ecosystem security and trust
- CRYPTO: Cryptography
- CYBER-Threat
For more information, please see
http://www.iaria.org/conferences2009/SECURWARE09.html.
CISS 2009
Communication and Information Systems Security Symposium,
Held in conjunction with the IEEE International Conference on Communications (ICC 2009),
Dresden, Germany, June 14-18, 2009.
[posted here 7/21/08]
With the advent of pervasive computer applications and due to the proliferation
of heterogeneous wired and wireless computer and communication networks, security
and privacy issues have become paramount. This Symposium will address all
aspects of the modeling, design, implementation, deployment, and management
of security algorithms, protocols, architectures, and systems. Furthermore,
contributions devoted to the evaluation, optimization, or enhancement of
security and privacy mechanisms for current technologies, as well as
devising efficient security and privacy solutions for emerging technologies,
are solicited. Topics of interest include, but are not limited to, the following:
- Authentication protocols and message authentication
- Biometric security: technologies, risks, vulnerabilities, bio-cryptography,
mobile template protection
- Computer and network forensics
- Cryptography: Conventional public-key crypto, symmetric-key crypto, advanced
crypto, and quantum crypto
- DDOS attacks, DNS spoofing, and countermeasures
- Formal trust models
- Information hiding and watermarking
- Information systems security
- Intrusion detection, localization, and countermeasures
- Mobile and Wireless network security, including ad hoc networks, P2P
networks, 3G, 4G, sensor networks, Bluetooth, 802.11 family and WiMAX
- Network security metrics and performance
- Network traffic analysis techniques
- Operating systems security and log analysis tools
- Optical network security
- Privacy and privacy enhancing technologies
- Security modeling and protocol design
- Virtual private networks
- VoIP Security
- Vulnerability, exploitation tools and virus analysis
- Web, eBusiness, eCommerce, eGovernment security
For more information, please see
http://www.ieee-icc.org/2009/.
IH 2009
11th Information Hiding Workshop,
Darmstadt, Germany, June 7-10, 2009.
[posted here 9/29/08]
For many years, Information Hiding has captured the imagination of researchers:
Digital watermarking and steganography protect information, conceal secrets or are
used as core primitives in Digital Rights Management schemes; steganalysis and digital
forensics pose important challenges to investigators; and information hiding plays an important
role in anonymous communication systems. These are but a small number of related topics
and issues. Current research themes include:
- Anonymous communication and privacy
- Low probability of intercept communications
- Digital forensics
- Covert/subliminal channels
- Steganography and steganalysis
- Watermarking algorithms and applications
- Security aspects of watermarking
- Novel data hiding domains
- Multimedia and document security
- Novel applications of information hiding
For more information, please see
http://www.ih09.tu-darmstadt.de/.
MobiSec 2009
1st International Conference on Security and Privacy in Mobile Information and Communication Systems,
Turin, Italy, June 3-5, 2009.
[posted here 9/22/08]
The convergence of information and communication technology is most palpable in the
form of intelligent mobile devices, accompanied by the advent of converged,
and next-generation, communication networks. As mobile communication and information
processing becomes a commodity, economy and society require protection of this
precious resource. MobiSec brings together leading-edge researchers from academia
and industry in the field of mobile systems security and privacy, as well as
practitioners, standards developers and policymakers. Topics of interest include,
but are not limited to the following focus areas:
- Security architectures for next-generation, new-generation,
and converged communication networks
- Trusted mobile devices, hardware security
- Network resilience
- Threat analyses for mobile systems
- Multi-hop authentication and trust
- Non-repudiation of communication
- Context-aware and data-centric security
- Protection and safety of distributed mobile data
- Mobile application security
- Security for voice and multimedia communication
- Machine-to-machine communication security
- Trust in autonomic and opportunistic communication
- Location based applications security and privacy
- Security for the networked home environment
- Security and privacy for mobile communities
- Mobile emergency communication, public safety
- Lawful interception and mandatory data retention
- Security of mobile agents and code
- Idenity management
- Embedded security
For more information, please see
http://www.mobisec.org/.
SACMAT 2009
14th ACM Symposium on Access Control Models and Technologies,
Hotel La Palma, Stresa, Italy, June 3-5, 2009.
[posted here 12/1/08]
Papers offering novel research contributions in all aspects of access control
are solicited for submission to the ACM Symposium on Access Control Models and Technologies
(SACMAT). SACMAT 2009 is the fourteenth of a successful series of symposiums that
continue the tradition, first established by the ACM Workshop on Role-Based Access
Control, of being the premier forum for presentation of research results and experience
reports on leading edge issues of access control, including models, systems, applications,
and theory. The missions of the symposium are to share novel access control solutions
that fulfill the needs of heterogeneous applications and environments and to identify
new directions for future research and development. SACMAT gives researchers and
practitioners a unique opportunity to share their perspectives with others interested
in the various aspects of access control. Accepted papers will be presented at the
symposium and published by the ACM in the symposium proceedings. Outstanding papers
will be invited for possible publication in a prestigious journal in
information assurance area. Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust models
- Theoretical foundations for access control
- Usage control
For more information, please see
http://www.sacmat.org.
ACNS 2009
7th International Conference on Applied Cryptography and Network Security,
Paris, France, June 2-5, 2009.
[posted here 10/6/08]
ACNS is an annual conference concentrating on current developments that
advance the areas of applied cryptography and its application to systems
and network security. The goal is to represent both academic research works
as well as developments in industrial and technical frontiers. Original research
papers pertaining to all aspects of cryptography and network security are
solicited for submission to ACNS'09. Relevant topics include but are not
limited to:
- Applied Cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key
and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing,
naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc)
networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see
http://acns09.di.ens.fr/.
SSN 2009
5th International Workshop on Security in Systems and Networks,
Held in conjunction with the International Parallel and Distributed Processing Symposium (IPDPS 2009),
Rome, Italy, May 29, 2009.
[posted here 11/3/08]
This workshop aims to bring together the technologies and researchers who share
interest in the area of network and distributed system security. The main purpose is
to promote discussions of research and relevant activities in security-related subjects.
It also aims at increasing the synergy between academic and industry professionals
working in this area. The workshop seeks papers that address theoretical, experimental,
and work in-progress in the area of cybersecurity at the system and network levels.
Topics covered by the workshop will include, but are not limited to, the
following:
- Ad hoc and sensor network security
- Cryptographic algorithms and distributed digital signatures
- Distributed denial of service attacks
- Distributed intrusion detection and protection systems
- Firewall and distributed access control
- Grid computing security
- Key management
- Network security issues and protocols
- Mobile codes security and Internet Worms
- Security in e-commerce
- Security in peer-to-peer and overlay networks
- Security in mobile and pervasive computing
- Security architectures in distributed and parallel systems
- Security theory and tools in distributed and parallel systems
- Video surveillance and monitoring systems
- Information hiding and multimedia watermarking in distributed systems
- Web content secrecy and integrity
For more information, please see
http://www4.comp.polyu.edu.hk/~csbxiao/ssn09/.
ICIMP 2009
4th International Conference on Internet Monitoring and Protection,
Venice, Italy, May 24-28, 2009.
[posted here 11/17/08]
The International Conference on Internet Monitoring and Protection (ICIMP 2009)
initiates a series of special events targeting security, performance,
vulnerabilities in Internet, as well as disaster prevention and recovery.
Dedicated events focus on measurement, monitoring and lessons learnt in
protecting the user. Special areas of interests can be found
at the conference call-for-paper page.
For more information, please see
http://www.iaria.org/conferences2009/ICIMP09.html.
SADFE 2009
4th International Workshop on Systematic Approaches to Digital Forensic Engineering,
Held in conjunction with the 2009 IEEE Symposium on Security and Privacy (SP 2009),
Oakland, CA, USA, May 21, 2009.
[posted here 12/8/08]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop
promotes systematic approaches to computer investigations, by furthering the advancement of
digital forensic engineering as a disciplined practice. Most previous SADFE papers have
emphasized cyber crime investigations, and this is still a key focus of the meeting.
However, we also welcome papers on forensics that do not necessarily involve a crime:
general attack analysis, insider threat, insurance and compliance investigations, and
similar forms of retrospective analysis are all viable topics. Digital forensic engineering
is characterized by the application of scientific and mathematical principles to the
investigation and establishment of facts or evidence, either for use within a court of law
or to aid in understanding past events on a computer system. Past speakers and attendees of
SADFE have included computer scientists, social scientists, forensic practitioners, law enforcement,
lawyers, and judges. The synthesis of hard technology and science with social science and practice
forms the foundation of this conference. To advance the state of the art, SADFE-2009 solicits
broad-based, innovative digital forensic engineering technology, techno-legal and practice-related
submissions in the following four areas:
Digital Data and Evidence Management: advanced digital evidence discovery,
collection, and storage
- Identification, authentication and collection of digital evidence
- Post-collection handling of evidence and the preservation of data integrity
- Evidence preservation and storage
- Forensic-enabled architectures and processes, including network processes
- Managing geographically, politically and/or jurisdictionally dispersed data
- Data and web mining systems for identification and authentication of relevant data
Principle-based Digital Forensic Processes: systematic engineering processes supporting
digital evidence management which are sound on scientific, technical and legal grounds
- Legal and technical aspects of admissibility and evidence tests
- Examination environments for digital data
- Courtroom expert witness and case presentation
- Case studies illustrating privacy, legal and legislative issues
- Forensic tool validation: legal implications and issues
- Legal and privacy implications for digital and computational forensic analysis
Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation
- Advanced search, analysis, and presentation of digital evidence
- Progressive cyber crime scenario analysis and reconstruction technology
- Legal case construction & digital evidence support
- Cyber-crime strategy analysis & modeling
- Combining digital and non-digital evidence
- Supporting qualitative or statistical evidence
- Computational systems and computational forensic analysis
Forensic-support technologies: forensic-enabled and proactive monitoring/response
- Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA)
- Innovative forensic engineering tools and applications
- Forensic-enabled support for incident response
- Forensic tool validation: methodologies and principles
- Legal and technical collaboration
- Digital Forensics Surveillance Technology and Procedures
- "Honeypot" and other target systems for data collection and monitoring
For more information, please see
http://conf.ncku.edu.tw/sadfe/sadfe09/.
SEC 2009
24th IFIP International Information Security Conference,
Pafos, Cyprus, May 18-20, 2009.
[posted here 10/27/08]
Papers offering novel and mature research contributions, in any aspect of information
security and privacy, are solicited for submission to the conference.
Papers may present theory, applications, or practical experiences on topics
including but not limited to:
- Access Control
- Applications of Cryptography
- Attacks and Viral Software
- Authentication and Authorization
- Biometrics and Applications
- Critical ICT Resource Protection
- Data and System Integrity
- Data Protection, Ethics
- Digital Content Security
- Identity Management
- Information Hiding
- Information Warfare
- Internet and Web Security
- Intrusion Detection
- Peer-to-Peer Security
- Privacy Enhancing Technologies
- Risk Analysis and Management
- Secure Electronic Voting
- Secure Sensor Networks
- Secure Systems Development
- Security Architectures
- Security Economics
- Security Education
- Security Management
- Security Metrics
- Smart Cards
- SPAM, SPIT, SPIM
- Trust Management and Models
For more information, please see
http://www.sec2009.org/.
SP 2009
30th IEEE Symposium on Security and Privacy,
Oakland/Berkeley, California, USA, May 17-20, 2009.
[posted here 8/11/08]
Since 1980, the IEEE Symposium on Security and Privacy has been the
premier forum for computer security research, presenting the latest
developments and bringing together researchers and practitioners.
We solicit previously unpublished papers offering novel research
contributions in any aspect of computer security or privacy. S & P is
interested in all aspects of computer security and privacy. Papers may
present advances in the theory, design, implementation, analysis, or
empirical evaluation of secure systems. Papers without a clear
application to security or privacy will be considered out of scope and
may be rejected without full review. Topics of interest include,
but are not limited to:
- Access control
- Anonymity
- Application-level security
- Attacks and defenses
- Authentication
- Distributed systems security
- Embedded system security
- Forensics
- Hardware-based security
- Information flow
- Information security
- Intrusion detection
- Malicious code
- Language-based security
- Network security
- Physical security
- Privacy-preserving systems
- Recovery
- Secure protocols
- Security architectures
- Security and privacy policies
- System security
- Usability and security
- Web security
For more information, please see
http://oakland09.cs.virginia.edu.
HST 2009
2009 IEEE International Conference on Technologies for Homeland Security,
Westin Hotel, Waltham, MA, USA, May 11 - 13, 2009.
[posted here 12/16/08]
With technical assistance from the US DHS S&T Directorate, US DHS DNDO, and the
US DOE NNSA; and the ninth annual IEEE Conference on Technologies for Homeland
Security HST'09, will focus on novel and innovative technologies, which address
the most pressing national security problems. The conference will bring together
innovators from leading universities, research laboratories, Homeland Security
Centers of Excellence, small businesses, system integrators and the end user
community and provide a forum to discuss ideas, concepts and experimental results.
For detailed information on the Call for Papers, please visit the conference website:
http://www.ieeehomelandsecurityconference.org.
SSDU 2009
3rd International Symposium on Service, Security and its Data
management technologies in Ubi-comp ,
Geneva, Switzerland, May 4-8, 2009.
[posted here 9/22/08]
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new
paradigm with user-centric environment to provide computing and communication
services at any time and anywhere. In order to realize their advantages, it requires
integrating security, services and data management to be suitable for Ubi-com. However,
there are still many problems and major challenges awaiting for us to solve such as the
security risks in ubiquitous resource sharing, which could be occurred when data resources
are connected and accessed by anyone in Ubi-com. Therefore, it will be needed to explore
more secure and intelligent mechanism in Ubi-com. SSDU-09 is intended to foster the
dissemination of state-of-the-art research in the area of security and intelligence
integrating into Ubi-com and data management technology. The main topics include
but will not be limited to:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RFID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com
For more information, please see
http://www.sersc.org/SSDU2009/.
iNetSec 2009
IFIP WG 11.4 Workshop on Open Research Problems in Network Security,
Zurich, Switzerland, April 23-24, 2009.
[posted here 1/26/09]
In the past decade, computer networks have fundamentally influenced the ways
in which information is exchanged and handled. Pervasive electronic devices
make our everyday life easier, e.g., by helping us to connect with other people
while mobile, to use services available online, or to pay and use tolls and tickets.
Many of the components employed routinely manage and distribute large amounts of
data for different purposes. As these processes involve sensitive information,
protecting information and the network with suitable security measures is more
important than ever. The objective of this one-day workshop (noon to noon) is to
bring together researchers in the field of network security to discuss the open
problems and future research directions. To this end, we solicit papers describing
interesting unsolved problems and issues in (a certain area of) network security.
Example areas include:
- Social networks
- Self-X networks
- Virtual & overlay networks
- Future Internet
- Wireless mesh networks and protocols
- Sensor nets & embedded systems
- Identity & trust management
- Cryptographic primitives & services
- Security definitions and proofs
- Anonymous networks
- Cross layer security
- Usage control
- Trusted platforms
- Forensics
- Security policies
- Dynamic composition of services
For more information, please see
http://www.zurich.ibm.com/inetsec2009/.
WICOW 2009
3rd Workshop on Information Credibility on the Web,
Held in conjunction with the 18th World Wide Web Conference (WWW 2009),
Madrid, Spain, April 20, 2009.
[posted here 1/19/09]
As computers and computer networks become more common, a huge amount of information,
such as that found in Web documents, has been accumulated and circulated. Such information
helps many people to organize their private and professional lives. However, in general,
the quality control of Web content is insufficient due to low publishing barriers.
In result there is a lot of mistaken or unreliable information on the Web that can have
detrimental effects on users. This calls for technology that would facilitate judging
the trustworthiness of content and the quality and accuracy of the information that users
encounter on the Web. Such technology should be able to handle a wide range of tasks:
extracting credible information related to a given topic, organizing this information,
detecting its provenance, clarifying background, facts, and other related opinions
and the distribution of them, and so on. The issue of Web information reliability
has become also apparent in the view of the recent emergence of many popular Web 2.0
applications, the growth of the so-called Deep Web and the ubiquity of Internet advertising.
The aim of this workshop is to provide a forum for discussion on issues related to information
credibility criteria and the process of its evaluation. We invite submissions on any aspect of
information credibility on the Web. Topics include, but are not limited to:
- Information credibility evaluation and its applications
- Web content analysis for credibility evaluation
- Author's intent detection
- Credibility of Web search results
- Search models and applications for trustworthy content on the Web
- Conflicting opinion detection
- Online media and news credibility
- Multimedia content credibility
- Credibility evaluation of user-generated content
(e.g., Wikipedia, question answering sites)
- Information credibility evaluation in social networks and Web 2.0 applications
- Analysis of information dissemination on the Web (e.g., in blogosphere)
- Spatial and temporal aspects in information credibility on the Web
- Information credibility theory and fundamentals
- Estimation of information age, provenance and validity
- Estimation of author's and publisher's reputation
- Sociological and psychological aspects of information credibility estimation
- Users study for information credibility evaluation
- Persuasive technologies
- Information credibility in online advertising and Internet monetization
- Web spam detection
- Data consistency and provenance
- Processing uncertain data and information
For more information, please see
http://www.dl.kuis.kyoto-u.ac.jp/wicow3/.
IDtrust 2009
8th Symposium on Identity and Trust on the Internet,
Gaithersburg, Maryalnd, USA, April 14-16, 2009.
[posted here 8/11/08]
IDtrust is devoted to research and deployment experience related to making
good security decisions based on identity information, especially when
public key cryptography is used and the human elements of usability are
considered. The success of any business strategy depends on having the right
people gain access to the right information at the right time.
This implies that an IT infrastructure has - among other things - an authorization
framework in place that can respond to dynamic security conditions and regulatory
requirements quickly, flexibly and securely.
What are the authorization strategies that will succeed in the next decade? What
technologies exist to address complex requirements today?
What research is academia and industry pursuing to solve the problems
likely to show up in the next few years? We solicit technical papers and panel
proposals from researchers, systems architects, vendor engineers, and users.
Suggested topics include but are not limited to:
- Reports of real-world experience with the use and deployment of identity
and trust applications for broad use on the Internet (where the population of
users is diverse) and within enterprises who use the Internet (where the population
of users may be more limited), how best to integrate such usage into legacy systems,
and future research directions. Reports may include use cases, business case scenarios,
requirements, best practices, implementation and interoperability reports,
usage experience, etc.
- Identity management protocols (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
- Identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric
and mechanisms of “invited networks”
- Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
- Federated approaches to trust
- Trust management across security domains
- Standards related to identity and trust, including X.509, SPKI/SDSI,
PGP, S/MIME, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust; identity and trust
policy enforcement, policy and attribute mapping and standardization
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed environments
- Improved usability of identity and trust systems for users and administrators,
including usability design for authorization and policy management, naming,
signing, verification, encryption, use of multiple private keys, and
selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, adoption,
discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks)
- Application domain requirements: web services, grid technologies, document
signatures, (including signature validity over time), data privacy, etc.
For more information, please see
http://middleware.internet2.edu/idtrust/.
ISPEC 2009
5th Information Security Practice and Experience Conference,
Xi'an, China, April 13-15, 2009.
[posted here 8/18/08]
As applications of information security technologies become pervasive,
issues pertaining to their deployment and operation are becoming increasingly
important. ISPEC is an annual conference that brings together researchers and
practitioners to provide a confluence of new information security technologies,
their applications and their integration with IT systems in various
vertical sectors. Topics of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Information security in vertical applications
- Legal and regulatory issues
- Network security
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security in e-commerce and e-business and other applications
- Security policy
- Security standards activities
- Trusted Computing
- Trust model and management
- Usability aspects of information security systems
For more information, please see
http://www.ispec2009.net/.
Trust 2009
2nd International Conference on Trusted Computing,
St. Hugh's College, University of Oxford, UK, April 6-8, 2009.
[posted here 8/18/08]
Building on the success of Trust 2008 (held in Villach, Austria, in March 2008),
this conference focuses on trusted and trustworthy computing, both from the
technical and social perspectives. The conference itself will have two main strands,
one devoted to technical aspects and one devoted to the socio-economic aspects of
trusted computing. The conference solicits original papers on any aspect of the
design and application of trusted computing. Topics of interest include, but
are not limited to:
- architecture and implementation technologies for trusted platforms
- limitations of trusted computing
- mobile trusted computing
- implementations of trusted computing (covering both hardware and software)
- applications of trusted computing
- attestation and possible variants (e.g. property-based attestation)
- cryptographic aspects of trusted computing
- intrusion resilience in trusted computing
- virtualisation for trusted computing
- security policy and management of trusted computing
- access control for trusted platforms
- privacy aspects of trusted computing
- verification of trusted computing architectures
For more information, please see
http://www.trust2009.org.
ICIW 2009
4th International Conference on Information Warfare and Security,
Breakwater Lodge, Cape Town, South Africa, March 26-27, 2009.
[posted here 5/5/08]
Information warfare and security are at the forefront of modern defence strategies.
Strong strands of research and interest are developing in the area, including the
understanding of threats and risks to information systems, the development of a
strong security culture, as well as incident detection and post incident investigation.
The International Conference on Information Warfare and Security (ICIW) offers
an opportunity for academics, practitioners and consultants from the US,
North America and elsewhere who are involved in the study, management, development
and implementation of systems and concepts related to information warfare or are
interested in ways to improve information systems security, to come together and
exchange ideas. This conference is continuing to establish itself as a key
event for individuals working in the field from around the world.
For more information, please see
http://academic-conferences.org/iciw/iciw2009/iciw09-home.htm.
IFIP-CIP 2009
Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection,
Hanover, New Hampshire, USA, March 22-25, 2009.
[posted here 7/21/08]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active
international community of researchers, infrastructure operators and policy-makers
dedicated to applying scientific principles, engineering techniques and public
policy to address current and future problems in information infrastructure protection.
Papers are solicited in all areas of critical infrastructure protection.
Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see
http://www.ifip1110.org.
PKC 2009
12th IACR International Workshop on Practice and Theory in Public Key Cryptography,
Irvine, California, USA, March 18-20, 2009.
[posted here 8/18/08]
Original research papers on all technical aspects of public
key cryptography are solicited for submission to PKC 2009,
the 12-th International Workshop on Practice and Theory in
Public Key Cryptography. PKC’09 proceedings be published in Sprinter-Verlag
LNCS Series and will be available at the conference.
For more information, please see
http://www.iacr.org/workshops/pkc2009.
PSAI 2009
2nd Workshop on Privacy and Security by means of Artificial Intelligence,
Held in conjunction with ARES 2009,
Fukoka, Japan, March 16-19, 2009.
[posted here 9/8/08]
In this workshop, we aim to convene researchers in the areas of Security,
Data Privacy and Artificial Intelligence. We seek to collect the most recent
advances in artificial intelligence techniques (i.e. neural networks,
fuzzy systems, multi-agent systems, genetic algorithms, image analysis,
clustering, etc), which are applied to the protection of privacy and security.
Individual privacy protection is a hot topic and it must be addressed to
guarantee the proper evolution of a modern society based on the Information
and Communication Techniques (ICTs). However, security policies could invade
individual privacy, especially after the appearance of the new forms of
terrorism. These two concepts (i.e. security and privacy) are somehow
opposite because, most of the times, security is achieved by means of
privacy invasion. Statistical agencies and the like are collecting large
amounts of personal information that has to be protected before its publication.
Different forms of evolutionary computation and clustering have been proposed
to tackle this problem. Moreover, the protection of critical infrastructures
such as airports has invigorated the study of more efficient techniques for
pattern recognition, image analysis, etc.
For more information, please see
http://crises-deim.urv.cat/psai/.
SecSE 2009
3rd Workshop on Secure Software Engineering,
Held in conjunction with conjunction with ARES 2009,
Fukuoka, Japan, March 16-19, 2009.
[posted here 9/8/08]
In our modern society, software is an integral part of everyday life,
and we expect and depend upon software systems to perform correctly. Software
security is about ensuring that systems continue to function correctly also
under malicious attack. As most systems now are web-enabled, the number of
attackers with access to the system increases dramatically and thus the threat
scenario changes. The traditional approach to secure a system includes putting
up defence mechanisms like IDS and firewalls, but such measures are no longer
sufficient by themselves. We need to be able to build better, more robust and
more secure systems. Even more importantly, however, we should strive to achieve
these qualities in all software systems, not just the ones that need special
protection. This workshop will focus on techniques, experiences and lessons
learned for engineering secure and dependable software. Suggested topics include,
but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
For more information, please see
http://www.sintef.no/secse.
SAC-SEC 2009
24th ACM Symposium on Applied Computing (SAC 2009),
Computer Security Track,
Honolulu, Hawaii, USA, March 8-12, 2009.
[posted here 6/2/08]
Security is nowadays mandatory. However, it remains a tricky process including a
variety of properties. The eigth edition of the Security Track strengthens its aims
at bringing together researchers in any applied issues of computer and information
security. The list of issues is vast, ranging from protocols to workflows.
Topics of interest include but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-virus, anti-hacker, anti-DoS tools, firewalls, real-time monitoring, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
- privacy and anonimity (trust management, pseudonimity, identity management, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
- security management and usability issues (security configuration, policy management, usability trials etc.)
- workflow and service security (business processes, web services, etc.)
For more information, please see
http://www.dmi.unict.it/~giamp/sac/09cfp.html.
SAC-TREK 2009
24th ACM Symposium on Applied Computing (SAC 2009),
Trust, Reputation, Evidence and other Collaboration Know-how (TRECK) Track,
Honolulu, Hawaii, USA, March 8-12, 2009.
[posted here 6/2/08]
The goal of the ACM SAC 2009 TRECK track remains to review the set of applications
that benefit from the use of computational trust and online reputation. Computational
trust has been used in reputation systems, risk management, collaborative filtering,
social/business networking services, dynamic coalitions, virtual organisations and even
combined with trusted computing hardware modules. The TRECK track covers all computational
trust/reputation applications, especially those used in real-world applications.
The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications
For more information, please see
http://tech.groups.yahoo.com/group/trustcomp/.
SHA-3 2009
1st SHA-3 Candidate Conference,
Leuven, Belgium, February 25-28, 2009, 2009.
[posted here 12/22/08]
The purpose of the SHA-3 Conference is to allow the submitters of the first round
candidates to present their algorithms, and for NIST to discuss the way forward
with the competition. It appears that the number of accepted submissions will
considerably exceed the number that NIST and the community can analyze
thoroughly in a reasonable time period. NIST is considering ways to involve the
cryptographic community in quickly reducing the number of submissions to a more
manageable number. The process and criteria for this selection will be a major
topic of this conference.
For more information, please see
http://csrc.nist.gov/groups/ST/hash/sha-3/index.html.
FC 2009
13th International Conference on Financial Cryptography and Data Security,
Accra Beach, Barbados, February 23-26, 2009.
[posted here 6/2/08]
At its 13th year edition, Financial Cryptography and Data Security (FC'09) is a well
established and major international forum for research, advanced development, education,
exploration, and debate regarding security in the context of finance and commerce. Original
papers, surveys and presentations on all aspects of financial and commerce security are
invited. Submissions must have a strong and visible bearing on financial and commerce
security issues, but can be interdisciplinary in nature and need not be exclusively
concerned with cryptography or security. Possible topics for submission to the various
sessions include, but are not limited to:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Biometrics
- Certification and Authorization
- Commercial Cryptographic Applications
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Digital Rights Management
- Economics of Information Security
- Financial Regulation and Reporting
- Fraud Detection
- Game Theoretic Approaches to Security
- Identity Theft, Spam, Phishing and Social Engineering
- Infrastructure Design
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Monitoring, Management and Operations
- Reputation Systems
- RFID-Based and Contactless Payment Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Securing Emerging Computational Paradigms
- Security and Risk Perceptions and Judgments
- Smart Cards and Secure Tokens
- Transactions and Contracts
- Trust Management
- Underground-Market Economics
- Virtual Economies
- Voting Systems
For more information, please see
http://fc09.ifca.ai/.
ICIT 2009
IEEE International Conference on Industrial Technology (ICIT 2009),
Special Session on Wireless Bluetooth Technologies and Cyber Security,
Churchill, Victoria, Australia, February 10-13, 2009.
[posted here 7/14/08]
Nowadays communication, entertainment, transportation, shopping and
medicine have more and more relied on computers and the Internet.
The widespread use of wireless computing, mobile devices and networks
has raised security concerns. Cyber security aims at protection against
unauthorized disclosure, transfer, modification, or destruction,
whether accidental or intentional. We invite researchers, practitioners
and others interested in wireless Bluetooth technologies and cyber security
to submit original research paper or technical report to this Special
Session on Wireless Bluetooth Technologies and Cyber Security
conjunction with IEEE ICIT 2008. Topics are list as follows
but are not limited to:
- Bluetooth Enterprise Systems
- Cellular Systems
- Digital Pens
- Multimedia communications over Wireless
- Location Management
- Wireless Networks Standards and Protocols
- RFID Systems
- Protocols for Mobile Networks
- Security, Privacy and Authentication in Mobile Environments
- Wireless Sensor Networks
- Key Management in Wireless Networks
- Key Distribution in Wireless Sensor Networks
- Cross-layer Design and Optimization
- Ad-hoc Wireless Networks
- Mobile Internet
- Bluetooth Internet
- Ubiquitous Networks
- Smart Sensors and Sensor Networks
- Bluetooth Home Networks
- 3G and 4G Wireless Networks
For more information, please see
http://www.ieee-icit09.org/specialsessions.php.
NDSS 2009
16th Annual Network and Distributed System Security Symposium,
San Diego, California, USA, February 8-11, 2009.
[posted here 5/19/08]
NDSS fosters information exchange among research scientists and practitioners of
network and distributed system security services. The target audience includes
those interested in practical aspects of network and distributed system security,
with a focus on actual system design and implementation (rather than theory). A major
goal is to encourage and enable the Internet community to apply, deploy, and advance
the state of available security technology. The proceedings are published by the
Internet Society. Submissions are solicited in, but not limited to, the following
areas:
- Security of Web-based applications and services.
- Anti-malware techniques: detection, analysis, prevention.
- Intrusion prevention, detection, and response.
- Security for electronic voting.
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques.
- Privacy and anonymity technologies.
- Network perimeter controls: firewalls, packet filters, application gateways.
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc)
networks, personal communication systems.
- Security for peer-to-peer and overlay network systems.
- Security for electronic commerce: e.g., payment, barter, EDI, notarization,
timestamping, endorsement, and licensing.
- Implementation, deployment and management of network security policies.
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management.
- Integrating security services with system and application security facilities and protocols.
- Public key infrastructures, key management, certification, and revocation.
- Special problems and case studies: e.g., tradeoffs between security and efficiency,
usability, reliability and cost.
- Security for collaborative applications: teleconferencing and video-conferencing.
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures.
- Integrating security in Internet protocols: routing, naming, network management.
For more information, please see
http://www.isoc.org/isoc/conferences/ndss/09/.
ESSoS 2009
International Symposium on Engineering Secure Software and Systems,
Leuven, Belgium, February 4-6, 2009.
[posted here 6/30/08]
The goal of this symposium is to bring together researchers and practitioners to
advance the states of the art and practice in secure software engineering. Being one of
the few conference-level events dedicated to this topic, it explicitly aims to bridge
the software engineering and security engineering communities, and promote cross-fertilization.
The technical program includes an experience track for which the submission of highly informative
case studies describing (un)successful secure software project experiences and lessons
learned is explicitly encouraged. The Symposium seeks submissions on subjects related
to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos2009/.
IFIP-DF 2009
5th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Orlando, Florida, USA, January 25-28, 2009.
[posted here 4/14/08]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active
international community of scientists, engineers and practitioners dedicated to
advancing the state of the art of research and practice in the emerging field of
digital forensics. The Fifth Annual IFIP WG 11.9 International Conference on
Digital Forensics will provide a forum for presenting original, unpublished
research results and innovative ideas related to the extraction, analysis
and preservation of all forms of electronic evidence. Keynote presentations, revised
papers and details of panel discussions will be published as an edited volume -
the fifth in the series entitled Research Advances in Digital Forensics (Springer)
in the summer of 2009. Technical papers are solicited in all areas related to
the theory and practice of digital forensics. Areas of special interest include,
but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
GENISEC 2009
Workshop on GENI and Security,
Davis, California, USA, January 22-23, 2009.
[posted here 12/1/08]
The Global Environment for Network Innovations (GENI) is a suite of network research
infrastructures now in its design and prototyping phase. It is sponsored by the
National Science Foundation to support experimental research in network science and engineering.
The goal of this workshop is to engage the security community in GENI's design and
prototyping, to ensure that security issues are properly considered during its development.
First, what classes of security experiments should GENI support? What capabilities will
GENI require to allow the conduct of these experiments? The capabilities may be intrinsic
to GENI (such as equipment or software of a particular kind) or extrinsic (such as
organizational management, or external interfaces and connectivity). Experiments
involving malware or vulnerabilities analysis may require that parts of the
infrastructure suite be partitioned from other parts. Deploying and testing new
protocols may require that the suite be partitioned to prevent errors in the
implementation or in the protocol itself from interfering with other uses of
the infrastructure. Second, how can GENI itself be adequately secured and
protected from attack? What forms of authentication, authorization, and
accountability would be most appropriate? As access to GENI will be from
the Internet, GENI will be exposed to potential attackers. Other types
of attack may involve physical compromise of the systems making up GENI,
or of the Internet (or other) infrastructure that provides support for
GENI. Protocols, management and organizational procedures and processes,
and access control mechanisms must be developed to safeguard both the GENI
resource and the data and software that researchers deploy on it.
As the GENI Project Office expects to issue its 2nd solicitation for GENI
analysis and prototyping subcontracts in the middle of December, with
proposals due in mid-February, it is anticipated that topics discussed at
the workshop will lead to proposals from the security community.
We invite short (1 paragraph preferably; at most 1 page) statements of ideas
addressing these two issues. For example, what security-related experiments would you
like to run on GENI, and what benefit would you expect from them? What constraints or
requirements would you need to carry out the experiments? How can we shield other
experiments and work being done using GENI from the effects of your (or others?)
experiments? How can we prevent GENI from being attacked? The workshop is designed
to discuss these, and other, questions.
For more information, please see
http://seclab.cs.ucdavis.edu/meetings/genisec/.
