Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:01/10/11

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2010

ICISS 2010 6th International Conference on Information Systems Security, Gandhinagar, India, December 15-19, 2010. [posted here 04/12/10]
The ICISS 2010 encourages submissions addressing theoretical and practical problems in information and systems security and related areas. We especially like to encourage papers in domains that have not been represented much in the past at the conference, such as database security/privacy, usability aspects of security, operating systems security, and sensor networks security. Papers that introduce and address unique security challenges or present thought-provoking ideas are also welcome.

For more information, please see http://www.cs.wisc.edu/iciss10/.

ICICS 2010 12th International Conference on Information and Communications Security, Barcelona, Spain, December 15-17, 2010. [posted here 06/14/10]
The 2010 International Conference on Information and Communications Security will be the 12th event in the ICICS conference series, started in 1997, which will bring together individuals involved in multiple disciplines of Information and Communications Security to foster exchange of ideas. Original papers on all aspects of Information and Communications Security are solicited for submission to ICICS 2010. Topics of interest include, but are not limited to, access control, anonymity and privacy, applied cryptography, biometric security, data and system integrity, fraud control, information hiding, intrusion detection, key management and recovery, risk evaluation, watermarking and digital fingerprinting, and security certification. Security applications of interest comprise, among others, computer networks, databases, distributed systems and grid computing, e-commerce, e-voting, intellectual property, mobile computing, and software protection.

For more information, please see http://www.icics2010.org.

INTRUST 2010 International Conference on Trusted Systems, Beijing, China, December 13-15, 2010. [posted here 04/12/10]
INTRUST 2010 conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2010 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems.

For more information, please see http://www.tcgchina.org.

Pairing 2010 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan, December 13-15, 2010. [posted here 03/29/10]
The focus of Pairing 2010 is on all aspects of pairing-based cryptography, including: cryptographic primitives and protocols, mathematical foundations, software and hardware implementation, and applied security.

For more information, please see http://www.thlab.net/pairing2010/.

WIFS 2010 International Workshop on Information Forensics & Security, Seattle, WA, USA, December 12-15, 2010. [posted here 05/10/10]
WIFS is an avenue for knowledge exchange that encompasses a broad range of disciplines and facilitates the flow of ideas between various disparate communities that constitute information security. With this focus, we hope that researchers will identify new opportunities for collaboration across disciplines and gain new perspectives. The conference will feature prominent keynote speakers, tutorials, and lecture sessions. Appropriate topics of interest include, but are not limited to:
- Computer Security
- Forensics Analysis
- Biometrics
- Network Security
- Cryptography for Multimedia content
- Usability aspects of security
- Information theory and security
- Privacy
- Data hiding
- Surveillance
- Digital Rights Management
- Secure applications
- Hardware Security

For more information, please see http://www.wifs10.org.

TrustCom 2010 IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China, December 11-13, 2010. [posted here 03/29/10]
With the rapid development and the increasing complexity of computer and communications systems and networks, traditional security technologies and measures can not meet the demand for integrated and dynamic security solutions. As a challenging and innovative research field, trusted computing and communications target computer and communications systems and networks that are available, secure, reliable, controllable, dependable, and so on. In a word, they must be trustworthy. If we view the traditional security as identity trust, the broader field of trusted computing and communications also includes behavior trust of systems and networks. In fact, trusted computing and communications have become essential components of various distributed services, applications, and systems, including ad-hoc networks, peer-to-peer networks, social networks, semantic webs, e-commence, e- government, pervasive, ubiquitous, and cyber-physical systems. TrustCom-10 is an international forum for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry. Topics of interest include, but are not limited to:
- Trust semantics, metrics, and models
- Trust inference, computation, and
- Trusted computing platform
- Trusted network computing
- Trusted operating systems
- Trusted software
- Trusted database
- Trusted services and applications
- Trusted communications
- Trust in e-commerce and e-government
- Trust in mobile and wireless networks
- Reliable and fault-tolerant computer systems/networks
- Survivable computer systems/networks
- Cryptography and security protocols
- Authentication in computer systems/networks
- Access control in computer systems/networks
- Key management in computer systems/networks
- Anonymity and privacy in computer systems/networks
- Trust in emerging applications
- Miscellaneous trust issues

For more information, please see http://trust.csu.edu.cn/conference/trustcom2010.

ACSAC 2010 26th Annual Computer Security Applications Conference, Austin, Texas, USA, December 6-10, 2010. [posted here 02/22/10]
ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. If you are developing, researching, or implementing practical solutions for protecting corporate or government information infrastructures, consider sharing your experience and expertise at this conference. We are looking for papers, panels, tutorials, posters, works-in-progress, case studies, and workshops that address such technologies, concerns, and issues as:
- Access control and biometrics
- Applied cryptography
- Audit and audit reduction
- Biometrics
- Certification and accreditation
- Cloud security
- Database security
- Denial of service protection
- Digital policy
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identification and authentication
- Identity and trust management
- Incident response planning
- Information survivability
- Insider threat protection
- Intellectual property rights
- Intrusion detection
- Mobile and wireless security
- Multimedia security
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Product evaluation/compliance
- Risk/vulnerability assessment
- Securing cloud infrastructures
- Security engineering and management
- Security in IT outsourcing
- Service oriented architectures
- Software assurance
- Virtualization security
- Web 2.0/3.0 security

For more information, please see http://www.acsac.org.

In-Bio-We-Trust 2010 International Workshop on Bio-Inspired Trust Management for Information Systems, Held in conjunction with the Bionetics 2010, Boston, MA, USA, December 1-3, 2010. [posted here 06/21/10]
Traditional security mechanisms fall short of what new information systems need. To fix this problem, two research communities have recently proposed new security mechanisms. One of those communities is called "bio-inspired systems" and is increasingly borrowing ideas from nature to make information systems more effective and robust. The other is called "trust management systems" and has been proposing and scrutinizing algorithms for information systems that mimic how people manage trust in society. Increasingly the two communities are working on similar research problems but, alas, they are doing so separately. Although there is an enormous number of potentially useful bio-inspired mechanisms that can be exploited in trust management, it comes as a surprise that bio-inspired trust management has not received any attention at all. Clearly,the dialog between researchers in bio-inspired systems and in trust management should widen. The workshop seeks to bring together the world's experts in both communities, and to stimulate and disseminate interesting research ideas and results. Contributions are solicited in all aspects of bio-inspired and trust management systems, including:
- Bio-inspired models for managing trust in any information systems: virtual organizations, grid and cloud computing, mobile-ad-hoc/opportunistic/delay-tolerant networks, service oriented architectures, self-organizing networks and communities, mobile cooperative systems, mobile platforms, recommender systems.
- Fixed and mobile architectures and protocols for distributed trust management.
- Identity management in trust models.
- Security attacks to trust systems and adaptive bio-inspired defenses.
- Incorporation of bio-inspired algorithms into security communication protocols and computing architectures.
- Descriptions of pilot programs, case studies, applications, work-in-progress, surveys, and experiments integrating biological designs or trust and security aspects into information systems.

For more information, please see http://inbiowetrust.org.

CPSRT 2010 International Workshop on Cloud Privacy, Security, Risk & Trust, Held in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), Indianapolis, IN, USA, November 30 - December 3, 2010. [posted here 06/21/10]
Cloud computing has emerged to address an explosive growth of web-connected devices, and handle massive amounts of data. It is defined and characterized by massive scalability and new Internet-driven economics. Yet, privacy, security, and trust for cloud computing applications are lacking in many instances and risks need to be better understood. Privacy in cloud computing may appear straightforward, since one may conclude that as long as personal information is protected, it shouldn’t matter whether the processing is in a cloud or not. However, there may be hidden obstacles such as conflicting privacy laws between the location of processing and the location of data origin. Cloud computing can exacerbate the problem of reconciling these locations if needed, since the geographic location of processing can be extremely difficult to find out, due to cloud computing’s dynamic nature. Another issue is user-centric control, which can be a legal requirement and also something consumers want. However, in cloud computing, the consumers' data is processed in the cloud, on machines they don't own or control, and there is a threat of theft, misuse or unauthorized resale. Thus, it may even be necessary in some cases to provide adequate trust for consumers to switch to cloud services. In the case of security, some cloud computing applications simply lack adequate security protection such as fine-grained access control and user authentication (e.g. Hadoop). Since enterprises are attracted to cloud computing due to potential savings in IT outlay and management, it is necessary to understand the business risks involved. If cloud computing is to be successful, it is essential that it is trusted by its users. Therefore, we also need studies on cloud-related trust topics, such as what are the components of such trust and how can trust be achieved, for security as well as for privacy. The CPSRT workshop will bring together a diverse group of academics as well as government and industry practitioners in an integrated state-of-the-art analysis of privacy, security, risk, and trust in the cloud. The workshop will address cloud issues specifically related to (but not limited to) the following topics of interest:
- Access control and key management
- Security and privacy policy management
- Identity management
- Remote data integrity protection
- Secure computation outsourcing
- Secure data management within and across data centers
- Secure distributed data storage
- Secure resource allocation and indexing
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Web service security, privacy, and trust
- User requirements for privacy
- Legal requirements for privacy
- Privacy enhancing technologies
- Privacy aware map-reduce framework
- Risk or threat identification and analysis
- Risk or threat management
- Trust enhancing technologies
- Trust management

For more information, please see http://cpsrt.cloudcom.org/.

SecIoT 2010 1st Workshop on the Security of the Internet of Things, Held in conjunction with the Internet of Things 2010, Tokyo, Japan, November 29, 2010. [posted here 07/19/10]
While there are many definitions of the Internet of Things (IoT), all of them revolve around the same central concept: a world-wide network of interconnected objects. These objets will make use of multiple technological building blocks, such as wireless communication, sensors, actuators, and RFID, in order to allow people and things to be connected anytime anyplace, with anything and anyone. However, before this new vision takes its first steps, it is essential to consider the security implications of billions of intelligent things cooperating with other real and virtual entities over the Internet. SecIoT'10 wants to bring together researchers and professionals from universities, private companies and Public Administrations interested or involved in all security-related heterogeneous aspects of the Internet of Things. We invite research papers, work-in-progress reports, R&D projects results, surveying works and industrial experiences describing significant security advances in the following (non-exclusive) areas of the Internet of Things:
- New security problems in the context of the IoT
- Privacy risks and data management problems
- Identifying, authenticating, and authorizing entities
- Development of trust frameworks for secure collaboration
- New cryptographic primitives for constrained "things"
- Connecting heterogeneous ecosystems and technologies
- Legal Challenges and Governance Issues
- Resilience to external and internal attacks
- Context-Aware security
- Providing protection to an IP-connected IoT
- Web services security and other application-layer issues

For more information, please see http://www.isac.uma.es/seciot10.

GameSec 2010 The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany, November 22-23, 2010. [posted here 03/29/10]
Securing complex and networked systems and managing associated risks become increasingly important as they play an indispensible role in modern life at the turn of the information age. Concurrently, security of ubiquitous communication, data, and computing pose novel research challenges. Security is a multi-faceted problem due to the complexity of underlying hardware, software, and network inter- dependencies as well as human and social factors. It involves decision making in multiple levels and multiple time scales, given the limited resources available to both malicious attackers and administrators defending networked systems. GameSec conference aims to bring together researchers who aim to establish a theoretical foundation for making resource allocation decisions that balance available capabilities and perceived security risks in a principled manner. The conference focuses analytical models based on game, information, communication, optimization, decision, and control theories that are applied to diverse security topics. At the same time, the connection between theoretical models and real world security problems are emphasized to establish the important feedback loop between theory and practice. Observing the scarcity of venues for researchers who try to develop a deeper theoretical understanding of the underlying incentive and resource allocation issues in security, we believe that GameSec will fill an important void and serve as a distinguished forum of highest standards for years to come. Topics of interest include (but are not limited to):
- Security games
- Security and risk management
- Mechanism design and incentives
- Decentralized security algorithms
- Security of networked systems
- Security of Web-based services
- Security of social networks
- Intrusion and anomaly detection
- Resource allocation for security
- Optimized response to malware
- Identity management
- Privacy and security
- Reputation and trust
- Information security and watermarking
- Physical layer security in wireless networks
- Information theoretic aspects of security
- Adversarial machine learning
- Distributed learning for security
- Cross-layer security
- Usability and security
- Human behavior and security
- Dynamic control of security system
- Organizational aspects of risk management
- Cooperation and competition in security

For more information, please see http://www.gamesec-conf.org/.

IDMAN 2010 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway, November 18–19, 2010. [posted here 11/23/09]
Papers offering research contributions focusing on identity management in general and surveillance and monitoring in particular are solicited for submission to the 2nd IFIP WG-11.6 International Conference on Identity Management. Papers may present theory, applications or practical experiences in the field of national identity management, from both a technical and a social perspective, including, but not necessarily limited to:
- History
- Law
- Philosophical and ethical aspects
- Economics Impact of surveillance and monitoring in both the physical world and in cyberspace
- Impact on society and politics
- Impact on e-government and e-government applications
- Consecutive developments in social tracking, -tracing and -sorting
- Quality of identity management in general
- Quality identity data, processes and applications
- Security and identity management
- User centered, usable and inclusive identity management
- Attacks on identity management infrastructure and procedures Central storage of general and biometric identity data
- Effectiveness of surveillance and monitoring in fighting terrorism, international crime and human trafficking
- Methods of identification and authentication
- Models of identification procedures
- Models of inclusive identification and authentication procedures
- Government PKI
- (Possible) role of pseudonymous and anonymous identity in identity management
- Electronic Ids European and worldwide policies and cooperation in the field of identity management and surveillance and monitoring
- (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
- (Inter)national applications of biometrics
- Vulnerabilities of electronic identification protocols
- Federative identity management and de-perimetrization
- Fraud, fraud detection, fraud resistence of technologies
- Biometric verification, assurance, metrics and measurements
- Fraud resistance of biometrics
- Junction between (large scale) applications of identity management and surveillance and monitoring
- Data Protection
- Privacy and Privacy Enhancing Technologies (PETs) in identity management
- Privacy Intrusion Technologies (PITs) in identity management
- Privacy side-effects and privacy risks assessment of identity management Intelligence and (inter)national threats
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics

For more information, please see http://ifipidman2010.nr.no/ifipidman2010/index.php5/Main_Page.

HST 2010 10th IEEE International Conference on Technologies for Homeland Security, Waltham, MA, USA, November 8-10, 2010. [posted here 11/23/09]
The tenth annual IEEE Conference on Technologies for Homeland Security will focus on innovative technologies for deterring and preventing attacks, protecting critical infrastructure and individuals, and mitigating damage and expediting recovery. Submissions are desired in the broad areas of critical infrastructure and key resources protection (CIKR), border protection and monitoring, and disaster recovery and response, with application within about five years.

For more information, please see http://ieee-hst.org/.

CWECS 2010 1st International Workshop on Cloud, Wireless and e-Commerce Security, Fukuoka, Japan, November 4-6, 2010. [posted here 05/03/10]
In the last few years, due to increase in number of Cloud computing, Wireless network and E-Commerce (CWEC) applications and studies, the security issues and pivotal challenges include integrity verification, authentication, access control, attack prevention, etc., are also increasing. Recently, security technologies are booming. However, to achieve the whole security target for Cloud computing, wireless network and e-commerce, it requires much more than the mere application of current core technologies. The main purpose of this workshop is to bring together the researchers from academia and industry as well as practitioners to share ideas, problems and solutions relating to the multifaceted aspects of Security Technology in Cloud computing, wireless network and e-commerce, particularly aiming to promote state-of-the-art research in this area. Topics (included, but are not limited to):
- Handover Security
- Network Mobility Security
- VoIP Security
- Mobile Agent Security
- Wireless Grid Security
- RFID Security
- Cell Phone, PDA and Potable Device Security
- Mobile, Ad Hoc and Sensor Network Security
- 3G ~ 4G Communication Security
- Access Control, Authentication and Authorization for CWEC
- Cryptography, Cryptanalysis and Digital Signatures for CWEC
- Key Management and Recovery for CWEC
- Trust Negotiation, Establishment and Management for CWEC
- Network Management for CWEC
- Performance Evaluation for CWEC
- Privacy, Data Integrity and Data Protection for CWEC
- Computer Forensics for CWEC
- Security Threats and Countermeasures for CWEC
- Cross-layer Design for CWEC

For more information, please see http://dblab.csie.thu.edu.tw/CWECS.

SIDEUS 2010 1st International Workshop on Securing Information in Distributed Environments and Ubiquitous Systems, Fukuoka, Japan, November 4-6, 2010. [posted here 02/22/10]
At present time, the maturity of research in the field of distributed systems, such as P2P, Grid, Cloud or Internet computing, has pushed through new problems such us those related with security. In systems where the information freely flows across the network, the task of securing it becomes a real concern, and thus an interesting research challenge. For that reason, security is becoming one of the key issues when evaluating such systems and it is important to determine which security mechanisms are available, and how they fit to every particular scenario. The aim of this workshop is to provide a forum for the discussion of ideas on regards to the current challenges and solutions to security in an environment that is rapidly developing such as P2P, Grid, Cloud or Internet computing. The main topics include (but are not limited to):
- Securing the Internet of Things (IoT)
- Membership and access control
- Identity management in distributed systems
- Security in JXTA-based applications
- Privacy and anonymity technologies
- Secure distributed storage
- Security issues in Vehicular Networks (VANETs)
- Securing P2P networks against third-party attacks
- Security and privacy in Delay-Tolerant Networks (DTN)
- Integrating security in protocols
- Assessment of information security

For more information, please see http://www.sideus-conf.org.

SRCAC 2010 The MITRE Corporation: Secure and Resilient Cyber Architectures Conference, McLean, VA, USA, Friday, October 29, 2010. [posted here 08/30/10]
This one-day conference will bring together researchers, practitioners, vendors, and architects to discuss and explore issues relating to secure and resilient architectures in the face of cyber attacks by the advanced persistent threat. In advance of the event, MITRE has issued a call for papers inviting interested presenters to submit short abstracts of original work on architectural strategies and techniques for resiliency against cyber attacks that address any of the following topics:
- Diversity
- Redundancy
- Virtualization
- Integrity
- Separation and Isolation
- Detection and Monitoring
- Non-persistence
- Distributedness and Moving Target Defense
- Adaptive Management and Responses
- Randomness and Deception
- Graceful Degradation

For more information, please see https://register.mitre.org/sr/.

EC2ND 2010 6th European Conference on Computer Network Defense, Berlin, Germany, October 28-29, 2010. [posted here 05/24/10]
EC2ND 2010 invites submissions presenting novel ideas in the areas of network defense, intrusion detection and systems security. Topics for submission include, but are not limited to:
- Intrusion Detection
- Malicious Software
- Web Security
- Machine Learning for Security
- Peer-to-Peer and Grid Security
- Wireless and Mobile Security
- Network Forensics
- Network Discovery and Mapping
- Incident Response and Management
- Privacy Protection
- Cryptography
- Legal and Ethical Issues

For more information, please see http://2010.ec2nd.org.

ISC 2010 13th Information Security Conference, Boca Raton, Florida, USA, October 25-28, 2010. [posted here 01/19/10]
ISC is an annual international conference covering research (both theory and applications) in Information Security. The conference seeks submissions from academia, industry, and government that present novel research on all theoretical and practical aspects of Information Security. Topics of interest include, but are not limited to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- information hiding and watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security and privacy in pervasive/ubiquitous computing
- security in information flow
- security in IT outsourcing
- security for mobile code
- security of grid computing
- security of eCommerce, eBusiness and eGovernment
- security in location services
- security modeling and architectures
- security models for ambient intelligence environments
- security in social networks
- trust models and trust management policies
- embedded security

For more information, please see http://math.fau.edu/~isc2010/.

CCW 2010 12th International Conference on Information and Communications Security, Lake Arrowhead, CA, USA, October 25-27, 2010. [posted here 06/21/10]
The IEEE Computer Communications Workshop (CCW) is the annual flagship meeting of the Communications Society's Technical Committee on Computer Communications (TCCC). CCW is a panel-based workshop with informal, interactive sessions exploring emerging issues and trends in networking and computer communications. We are soliciting proposals for panel and sessions for this year's workshop. Themes of interest for 2010 include, but are not limited to, the following: network issues in cloud computing/storage, smart grids, cyber/network security & privacy, data-centric networking, network management and green networking.

For more information, please see http://www.ieee-ccw.org/.

WESS 2010 5th Workshop on Embedded Systems Security, Scottsdale, AZ, USA, October 24, 2010. [posted here 06/07/10]
Embedded computing systems are widely found in application areas ranging from safety-critical systems to vital information management. This introduces a large number of security issues. Embedded systems are vulnerable to remote intrusion, local intrusion, fault-based and power/timing-based attacks, intellectual-property theft, subversion, hijacking and more. Due to their strong link to software engineering and hardware engineering, these security issues are different from the traditional security problems found on personal computers. For example, embedded devices are resource-constrained in power and performance, which requires them to use computationally efficient solutions. They have a very weak physical trust boundary, which enables many different implementation-oriented attacks. They use an intimate connection between hardware and software, often without the shielding of an operating system. This workshop provides a forum for researchers to present novel ideas on addressing security issues that arise in the design, the operation, and the testing of secure embedded systems. Of particular interest are security topics that are unique to embedded systems. Topics of Interest:
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware, hyperware, and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software codesign for secure embedded systems
- Specialized hardware support for security protocols

For more information, please see http://www.wess-workshop.org/.

Malware 2010 5th IEEE International Conference on Malicious and Unwanted Software, Nancy, France, October 20-21, 2010. [posted here 03/29/10]
The conference is designed to bring together experts from industry, academia, and government to present and discuss, in an open environment, the latest advances and discoveries in the field of malicious and unwanted software. Techniques, economics and legal issues surrounding the topic of Malware, and the methods to detect and control them will be discussed. This year’s conference will pay particular attention to (and will also be extensively discussed in a panel session) the pressing topic of “Malware and Cloud Computing”. As low-cost Netbooks become popular, Google’s Chrome OS enters the mainstream, and social networks (Facebook, YouTube, Twitter, LinkedIn, and so forth) become ubiquitous, the security dangers associated with the new computing paradigm increase exponentially. In effect, “Cloud Computing”, Multi-tenant, Single Schema, Single Server Platforms (C2S3P) increase vulnerabilities by providing a single point of failure and attack for organized criminal networks. Critical/sensitive/private information is at risk, and very much like previous technology adoption trends, such as wireless networks, the dash for success is trumping the need for security.

For more information, please see http://malware10.loria.fr/.

eCRS 2010 eCrime Researchers Summit, Dallas, Texas, USA, October 18-20, 2010. [posted here 03/08/10]
eCRS 2010 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):
- Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering
- Techniques to assess the risks and yields of attacks and the success rates of countermeasures
- Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures
- Spoofing of different types, and applications to fraud
- Techniques to avoid detection, tracking and takedown; and ways to block such techniques
- Honeypot design, data mining, and forensic aspects of fraud prevention
- Design and evaluation of user interfaces in the context of fraud and network security
- Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation

For more information, please see http://www.ecrimeresearch.org/2010/cfp.html.

ICTCI 2010 4th International Conference on Trusted Cloud Infrastructure, Shanghai, China, October 18-20, 2010. [posted here 02/08/10]
Cloud computing redefines ways for storing and processing information toward that information is permanently stored and processed in large data centers of shared server infrastructure, and temporarily cached on and used by client devices. This fundamental paradigm change in our IT infrastructure has given rise to many new trust and security challenges for protecting the user's information which is no longer under well physical controls of the user. Issues from data availability, integrity and confidentiality, trustworthiness of shared computing and storage resources, isolation of the user computing space in a virtualized data center, to IT regulations such as governance, risk and compliance (IT GRC), etc., now all have new concerns and face unanticipated vulnerabilities. These invite not only research for better understanding these new issues but also innovation for novel solutions to emerging problems. Topics of interests for ICTCI 2010 include, but not limited to, the following subject categories:
- Theory and practice in Trusted Computing
- Secure operating systems
- Trusted virtual cloud infrastructure
- Secure management of virtualized cloud resources
- Secure network architecture for cloud computing
- Security and privacy aware cloud protocol design
- Access control for data center applications
- Key management for data center applications
- Trust and policy management in clouds
- Identification and privacy in cloud
- Remote data integrity protection
- Off-premise execution software integrity and privacy
- Secure computation outsourcing
- Dynamic data operation security
- Software and data segregation security
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure wireless and mobile connections to the cloud

For more information, please see http://ppi.fudan.edu.cn/ictci2010/index.html.

CRISIS 2010 5th International Conference on Risks ans Security of Internet and Systems, Montréal Québec Canada, October 10-13 2010. [posted here 04/12/10]
The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, to security models, security mechanisms and privacy enhancing technologies. The authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications or case studies are also welcomed in different domains (e.g., telemedicine, banking, e-government, elearning, e-commerce, critical infrastructures, mobile networks, embedded applications, etc.). The list of topics includes but is not limited to:
- Analysis and management of risk
- Attacks and defences
- Attack data acquisition (honeypots) and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Intrusion detection and Prevention systems
- Hardware-based security and Physical security
- Key management Infrastructure (PKI) and trust management
- Organizational, ethical and legal issues
- Privacy protection, anonymization, PETs
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Traceability, metrology and forensics
- Use of smartcards and personal devices for Internet applications
- Web security

For more information, please see http://www.crisis2010.org/index.htm.

TrustCol 2010 5th International Workshop on Trusted Collaboration, Held in conjunction with the CollaborateCom 2010, Chicago, Illinois, USA, October 9, 2010. [posted here 05/03/10]
The ongoing, rapid developments in information systems technologies and networking have enabled significant opportunities for streamlining decision making processes and maximizing productivity through distributed collaborations that facilitate unprecedented levels of sharing of information and computational resources. Emerging collaborative environments need to provide efficient support for seamless integration of heterogeneous technologies such as mobile devices and infrastructures, web services, grid computing systems, online social networks, various operating environments, and diverse COTS products. Such heterogeneity introduces, however, significant security and privacy challenges for distributed collaborative applications. Balancing the competing goals of collaboration and security is difficult because interaction in collaborative systems is targeted towards making people, information, and resources available to all who need it whereas information security seeks to ensure the availability, confidentiality, and integrity of these elements while providing it only to those with proper trustworthiness. The key goal of this workshop is to foster active interactions among diverse researchers and practitioners, and generate added momentum towards research in finding viable solutions to the security and privacy challenges faced by the current and future collaborative systems and infrastructures. We solicit unpublished research papers that address theoretical issues and practical implementations/experiences related to security and privacy solutions for collaborative systems. Topics of interest include, but are not limited to:
- Secure dynamic coalition environments
- Secure distributed multimedia collaboration
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Security frameworks and architectures for trusted collaboration
- Secure interoperation in multidomain collaborative environments
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Security and privacy challenges in cloud-based collaborative applications

For more information, please see http://scl.cs.nmt.edu/trustcol10/.

CCSW 2010 ACM Cloud Computing Security Workshop, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA, October 9, 2010. [posted here 06/07/10]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds

For more information, please see http://crypto.cs.stonybrook.edu/ccsw10/.

NPSec 2010 6th Workshop on Secure Network Protocols, Held in conjunction with ICNP 2010, Kyoto, Japan, October 5, 2010. [posted here 03/08/10]
NPSec2010 focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. NPSec 2010 particularly welcomes new ideas on security in the context of future Internet design, such as architectural considerations for future Internet security and new primitives for supporting secure network protocol and application design. Topics of interest include but are not limited to:
- Security in future Internet architectures (role of security in future architectures, integrating security in future protocols and applications)
- Secure and/or resilient network protocols (e.g., internetworking/routing, MANETs, LANs and WLANs, mobile/cellular data networks, P2P and other overlay networks, federated trust systems, sensor networks)
- Vulnerabilities of existing protocols and applications (both theoretical and case studies), including attacks
- Key distribution/management
- Intrusion detection and response
- Incentive systems for P2P systems and manet routing
- Secure protocol configuration and deployment
- Challenges and security protocols for social networks

For more information, please see http://webgaki.inf.shizuoka.ac.jp/~npsec2010/.

SafeConfig 2010 2nd Workshop on Assurable & Usable Security Configuration, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA, October 4, 2010. [posted here 05/03/10]
A typical enterprise network might have hundreds of security appliances such as firewalls, IPSec gateways, IDS/IPS, authentication servers, authorization/RBAC servers and crypto systems. An enterprise network may also have other non-security devices such as routers, name servers, protocol gateways, etc. These must be logically integrated into a security architecture satisfying security goals at and across multiple networks. Logical integration is accomplished by consistently setting thousands of configuration variables and rules on the devices. The configuration must be constantly adapted to optimize protection and block prospective attacks. The configuration must be tuned to balance security with usability. These challenges are compounded by the deployment of mobile devices and ad hoc networks. The resulting security configuration complexity places a heavy burden on both regular users and experienced administrators and dramatically reduces overall network assurability and usability. This workshop will bring together academic as well as industry researchers to exchange experiences, discuss challenges and propose solutions for offering assurable and usable security.

For more information, please see http://hci.sis.uncc.edu/safeconfig/.

STC 2010 5th Annual Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2010, Chicago, Illinois, USA, October 4, 2010. [posted here 04/19/10]
Built on the continued success of previous STC workshops (starting from ACM STC'06) this workshop focuses on fundamental technologies of trusted computing (in a broad sense, with or without TPMs) and its applications in large-scale systems -- those involving large number of users and parties with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. Topics of interests include but not limited to:
Enabling scalable trusted computing
- better approaches to measurement management
- better approaches to attestation
- cryptographic support for trusted computing
- architectural support for trusted computing
- security policies and models of trusted computing
- access control for trusted computing
- architecture and implementation technologies for trusted platform
- virtualization technology for trusted computing
- establishing trust on software, users and services
- intrusion tolerance/resilience in trusted computing
- hardware-based approach to trusted computing
- software-based approach to trusted computing
- censorship-freeness in trusted computing
- principles and technologies for handling scales
- tackling complexity introduced by scalability

Applications of trusted computing
- sustainable services based on trusted computing
- trusted cloud computing
- trusted embedded computing
- killer applications of trusted computing
- case study in trusted computing
- scalable trust and services
- large-scale trusted computing

Pushing the limits
- limitations, alternatives and tradeoffs regarding trusted computing
- realizing trustworthy computing via trusted computing
- understanding expectedness of system properties
- understanding system-level trust and trustworthiness
- novel architectures for putting pieces together for STC

For more information, please see http://stc2010.trust.rub.de/.

ACM-CCS 2010 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 4-8, 2010. [posted here 03/01/10]
The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security, as well as case studies and implementation experiences. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security.

For more information, please see http://www.sigsac.org/ccs/CCS2010/cfp.shtml.

PSDML 2010 ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning, Barcelona, Spain, September 24, 2010. [posted here 05/03/10]
Privacy and security-related aspects of data mining and machine learning have been the topic of active research during the last few years, due to the existence of numerous applications with privacy and/or security requirements. Privacy issues have become a serious concern due to the collection, analysis and sharing of personal data by privately owned companies and public sector organizations for various purposes, such as data publishing or data mining. This has led to the development of privacy-preserving data mining and machine learning methods. More general security considerations arise in applications such as biometric authentication, intrusion detection and response, and malware classification. This has led to the development of adversarial learning algorithms, while parallel work in multi-agent settings and in low regret learning algorithms has revealed interesting interplays between learning and game theory. The aim of this workshop is to bring together scientists and practitioners who conduct cutting edge research on privacy and security issues in data mining and machine learning to discuss the most recent advances in these research areas, identify open problem domains and research directions, and propose possible solutions. We invite interdisciplinary research on cryptography, data mining, game theory, machine learning, privacy, security and statistics. Moreover, we invite mature contributions as well as interesting preliminary results and descriptions of open problems on emerging research domains and applications of privacy and security in data mining and machine learning.

For more information, please see http://fias.uni-frankfurt.de/~dimitrakakis/workshops/psdml-2010/.

STM 2010 6th International Workshop on Security and Trust Management, Athens, Greece, September 23-24, 2010. [posted here 04/19/10]
STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). Topics of interest include, but are not limited to:
- access control
- cryptography
- digital right management
- economics of security
- key management
- ICT for securing digital as well as physical assets
- identity management
- networked systems security
- privacy and anonymity
- reputation systems and architectures
- security and trust management architectures
- semantics and computational models for security and trust
- trust assessment and negotiation
- trust in mobile code
- trust in pervasive environments
- trust models
- trust management policies
- trusted platforms and trustworthy systems
- trustworthy user devices

For more information, please see http://www.isac.uma.es/stm10.

DPM 2010 International Workshop on Data Privacy Management, Held in conjunction with the ESORICS 2010, Athens, Greece, September 23, 2010. [posted here 03/29/10]
The aim of this workshop is to discuss and exchange ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. The main topics, but not limited to, include:
- Privacy Information Administration
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Language
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Conciliation of Individual Privacy and Corporate/National Security
- Privacy in computer networks
- Privacy and RFIDs
- Privacy in Sensor Networks

For more information, please see http://dpm2010.dyndns.org/.

SETOP 2010 3rd International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2010, Athens, Greece, September 23, 2010. [posted here 05/24/10]
Security and reliability have become a major concern for service oriented applications as well as for communication systems and networks. With the need for evolution, if not revolution, of current network architectures and the Internet, autonomous and spontaneous management will be a key feature of future networks and information systems. In this context, security is an essential property. It must be thought at the early stage of conception of these systems and designed to be also autonomous and spontaneous. Future networks and systems must be able to automatically configure themselves with respect to their security policies. The security policy specification must be dynamic and adapt itself to the changing environment. Those networks and systems should interoperate securely when their respective security policies are heterogeneous and possibly conflicting. They must be able to autonomously evaluate the impact of an intrusion in order to spontaneously select the appropriate and relevant response when a given intrusion is detected. Autonomous and spontaneous security is a major requirement of future networks and systems. Of course, it is crucial to address this issue in different wireless and mobile technologies available today such as RFID, Wifi, Wimax, 3G, etc. Other technologies such as ad hoc and sensor networks, which introduce new type of services, also share similar requirements for an autonomous and spontaneous management of security. The SETOP Workshop seeks submissions that present research results on all aspects related to spontaneous and autonomous security. Topics of interest include, but are not limited to the following:
- Security policy deployment
- Self evaluation of risk and impact
- Distributed intrusion detection
- Autonomous and spontaneous response
- Trust establishment
- Selfish behaviour and collaboration enforcement
- Security in autonomous networks
- Security in ad hoc networks
- Security in sensor/RFID networks
- Security of Next Generation Networks
- Security in Cloud Computing
- Security of Service Oriented Architecture
- Security of opportunistic networks
- Privacy in self-organized networks
- Secure localization
- Context aware and ubiquitous computing
- Secure interoperability and negotiation
- Self-organization in secure routing
- Identity management
- Modelling and validation of security

For more information, please see http://www.infres.enst.fr/wp/setop2010/.

CRITIS 2010 5th International Workshop on Critical Information Infrastructure Security, Athens, Greece, September 22-24, 2010. [posted here 04/12/10]
Key sectors of modern economies depend highly on ICT. The information flowing through the resulting technological super-infrastructure as well as the information being processed by the complex computing systems that underpin these are critical as their disruption, disturbance or loss can lead to high economical, material and, sometimes, human loss. As a consequence, the security and dependability of this infrastructure becomes critical and its protection a major objective for governments, companies and the research community. Now in its fifth edition, CRITIS will again bring together researchers and professionals from academia, industry, and government interested or involved in all security-related heterogeneous aspects of Critical Information Infrastructures. We invite research papers, work-in-progress reports, R&D projects results, surveying works and industrial experiences describing significant security advances including but not limited to the following areas:
- Continuity of Services
- Dependable Infrastructure Communications
- Early Warning Systems
- Embedded Technologies Security
- Incident Response
- Infrastructure Interdependencies
- Information Assurance
- Internet-Based Remote Control
- Forensic Techniques
- National and Cross Border Activities
- Network Survivability
- Trust Models in Critical Scenarios
- Policy Management
- Resilient Software
- Secure Information Sharing
- Security Logistics
- Security Modeling and Simulation
- Security Risks
- Threat Analysis
- Vulnerability Assessment

For more information, please see http://www.critis.net.

NSPW 2010 New Security Paradigms Workshop, Concord, MA, USA, September 21-23, 2010. [posted here 04/19/10]
The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful -- botnets, database breaches, phishing attacks, distributed denial-of-service attacks -- and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues. To facilitate research interactions, NSPW features informal paper presentations, extended discussions in small and large groups, shared activities, and group meals, all in attractive surroundings. By encouraging researchers to think "outside the box" and giving them an opportunity to communicate with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security.

For more information, please see http://www.nspw.org/.

PRITS 2010 Workshop on Pattern Recognition for IT Security, Held in conjunction with DAGM 2010, Darmstadt, Germany, September 21, 2010. [posted here 04/26/10]
Graphical data, such as images or video streams, are of growing importance in several disciplines of IT security, ranging from biometric authentication over digital image forensics to visual passwords and CAPTCHAs. Consequently, methods of image analysis and pattern recognition are increasingly used in security-critical applications. The aim of the workshop is to bring together researchers from the pattern recognition and security communities in order to exchange latest research results. Topics of interest include, but are not limited to:
- Novel biometric authentication techniques
- Novel information hiding paradigms
- Image authentication and robust hashing
- Digital Forensics
- Image and video analysis for security
- Visual Passwords
- CAPTCHAs

For more information, please see http://www.dagm2010.org/ws_prits.html.

ADBIS 2010 14th East-European Conference on Advances in Databases and Information Systems, Track on Personal Identifiable Information: Privacy, Ethics, and Security, Novi Sad, September 20-24, 2010. [posted here 02/15/10]
Breaches of personally identifiable information (PII) have increased dramatically over the past few years and have resulted in the loss of millions of records. Breaches of PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or high costs to handle the breach (USA National Institute of Standards and Technology, 2009). According to U.S. Department of Health & Human Services, PII is "information in an IT system or online collection: (1) that directly identifies an individual…, or (2) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. EU directive 95/46/EC calls it "personal data."

For more information, please see http://perun.im.ns.ac.yu/adbis2010/organization.php.

IFIP-TC9-HCC9 2010 IFIP TC-9 HCC-9 Stream on Privacy and Surveillance, Held in conjunction with the IFIP World Computer Congress 2010, Brisbane, Australia, September 20-23, 2010. [posted here 12/28/09]
New technical and legal developments pose greater and greater privacy dilemmas. Governments have in the recent years increasingly established and legalised surveillance schemes in form of data retention, communication interception or CCTVs for the reason of fighting terrorism or serious crimes. Surveillance Monitoring of individuals is also a threat in the private sector: Private organisations are for instance increasingly using profiling and data mining techniques for targeted marketing, analysing customer buying predictions or social sorting. Work place monitoring practices allow surveillance of employees. Emerging pervasive computing technologies, where individuals are usually unaware of a constant data collection and processing in their surroundings, will even heighten the problem that individuals are effectively losing control over their personal spheres. At a global scale, Google Earth and other corporate virtual globes may have dramatic consequences for the tracking and sorting of individuals. With CCTV, the controlling power of surveillance is in few hands. With live, high resolution imagery feeds from space in the near future, massive surveillance may soon be available to everybody, a development whose consequences we do not yet grasp. New means of surveillance are also enabled by social networks, in which individuals are publishing many intimate personal details about themselves and others. Such social networks are today already frequently analysed by employers, marketing industry, law enforcement or social engineering. The aim of this conference stream is to discuss and analyse such privacy risks of surveillance for humans and society as well as countermeasures for protecting the individuals’ rights to informational self-determination from multi-disciplinary perspectives. We are therefore especially inviting the submissions of papers addressing privacy aspects in relation to topics such as (but not limited to):
- Surveillance technologies
- Corporate virtual globes (Google Earth and Microsoft Virtual Earth)
- Profiling & data mining
- Ambient Intelligence, RFID
- GPS, Location-Based Services
- Social Network Analysis
- ID cards
- Biometrics
- Data sharing
- Visual surveillance
- Workplace monitoring
- Communication interception
- Data retention
- Anonymity & Pseudonymity
- Privacy-enhancing technologies
- Privacy-enhancing Identity Management

For more information, please see http://www.wcc2010.org/migrated/HCC92010/HCC92010_cfp.html.

ESORICS 2010 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. [posted here 10/12/09]
ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers discussing industrial research and development. Papers should focus on topics such as:
- Access Control
- Accountability
- Anonymity
- Applied Cryptography
- Attacks and Viral Software
- Authentication and Delegation
- Data Integrity
- Database Security
- Inference Control
- Identity Management
- Information Flow Control
- Intrusion Tolerance
- Formal Security Methods
- Language-based Security
- Network Security
- Privacy Enhancing Technologies
- Risk Analysis and Management
- Secure Electronic Voting
- Security Architectures
- Security Economics
- Security for Mobile Code
- Security for Dynamic Coalitions
- Security in Location Services
- Security in Social Networks
- Security Models
- Security Verification
- System Security
- Trust Models and Management
- Trust Theories
- Trustworthy User Devices

For more information, please see http://www.esorics2010.org.

TrustBus 2010 7th International Conference on Trust, Privacy & Security in Digital Business, Bilbao, Spain, August 30 – September 3, 2010. [posted here 02/15/10]
The advances in the Information and Communication Technologies (ICT) have raised new opportunities for the implementation of novel applications and the provision of high quality services over global networks. The aim is to utilize this ‘information society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic marketplace. Unfortunately, such a rapid technological evolution cannot be problem free. Concerns are raised regarding the ‘lack of trust’ in electronic procedures and the extent to which ‘information security’ and ‘user privacy’ can be ensured. The conference will provide an international forum for researchers and practitioners to exchange information regarding advancements in the state of the art and practice of trust and privacy in digital business. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
- Anonymity and pseudonymity in business transactions
- Business architectures and underlying infrastructures
- Common practice, legal and regulatory issues
- Cryptographic protocols
- Delivery technologies and scheduling protocols
- Design of businesses models with security requirements
- Economics of Information Systems Security
- Electronic cash, wallets and pay-per-view systems
- Enterprise management and consumer protection
- Identity and Trust Management
- Intellectual property and digital rights management
- Intrusion detection and information filtering
- Languages for description of services and contracts
- Management of privacy & confidentiality
- Models for access control and authentication
- Multimedia web services
- New cryptographic building-blocks for e-business applications
- Online transaction processing
- PKI & PMI
- Public administration, governmental services
- P2P transactions and scenarios
- Real-time Internet E-Services
- Reliability and security of content and data
- Reliable auction, e-procurement and negotiation technology
- Reputation in services provision
- Secure process integration and management
- Security and Privacy models for Pervasive Information Systems
- Security Policies
- Shopping, trading, and contract management tools
- Smartcard technology
- Transactional Models
- Trust and privacy issues in social networks environments
- Usability of security technologies and services

For more information, please see http://www.isac.uma.es/trustbus10.

FAST 2010 7th International Workshop on Formal Aspects of Security & Trust, Pisa, Italy, September 16-17, 2010. [posted here 04/19/10]
The seventh International Workshop on Formal Aspects of Security and Trust (FAST2010) aims at continuing the successful efforts of the previous FAST workshops, fostering cooperation among researchers in the areas of security and trust. FAST focuses on the formal models of security and trust that are needed to state goals and policies for these interactions. We also seek new and innovative techniques for establishing consequences of these formal models. Implementation approaches for such techniques are also welcome. Suggested submission topics include, but are not limited to:
- Formal models for security, trust and reputation
- Security protocol design and analysis
- Logics for security and trust
- Trust-based reasoning
- Distributed trust management systems
- Digital asset protection
- Data protection
- Privacy and ID management issues
- Information flow analysis
- Language-based security
- Security and trust aspects in ubiquitous computing
- Validation/Analysis tools
- Web/Grid services security/trust/privacy
- Security and risk assessment
- Resource and access control
- Case studies

For more information, please see http://www.iit.cnr.it/FAST2010/.

RAID 2010 13th International Symposium on Recent Advances in Intrusion Detection, Ottawa, Canada, September 15-17, 2010. [posted here 2/8/10]
This symposium, the 13th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation

For more information, please see http://www.RAID2010.org.

MetriSec 2010 6th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2010), Bolzano-Bozen, Italy, September 15, 2010. [posted here 02/15/10]
Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to:
- Security metrics
- Security measurement and monitoring
- Development of predictive models
- Experimental validation of models
- Formal theories of security metrics
- Security quality assurance
- Empirical assessment of security architectures and solutions
- Mining data from attack and vulnerability repositories: e.g. CVE, CVSS
- Static analysis metrics
- Simulation and statistical analysis
- Security risk analysis
- Industrial experience

For more information, please see http://www.cs.kuleuven.be/conference/MetriSec2010/.

VizSec 2010 7th International Symposium on Visualization for Cyber Security, Ottawa, Ontario, Canada, September 14, 2010. [posted here 03/01/10]
This symposium brings together researchers and practitioners in information visualization and security to address the specific needs of the cyber security community through new and insightful visualization techniques. VizSec will be held in conjunction with the 13th International Symposium on Recent Advances in Intrusion Detection (RAID) September 15 - 17, 2010. VizSec will continue to provide opportunities for the two communities to collaborate and share insights into providing solutions for security needs through visualization approaches.

For more information, please see http://www.vizsec2010.org.

SCC 2010 2nd International Workshop on Security in Cloud Computing, Held in Conjunction with ICPP 2010, San Diego, California, USA, September 13–16, 2010. [posted here 01/25/10]
Cloud Computing has generated interest from both industry and academia since 2007. As an extension of Grid Computing and Distributed Computing, Cloud Computing aims to provide users with flexible services in a transparent manner. Services are allocated in a “cloud”, which is a collection of devices and resources connected through the Internet. Before this paradigm can be widely accepted, the security, privacy and reliability provided by the services in the cloud must be well established. SCC’2010 will bring researchers and experts together to present and discuss the latest developments and technical solutions concerning various aspects of security issues in Cloud Computing. SCC’2010 seeks original unpublished papers focusing on theoretical analysis, emerging applications, novel system architecture construction and design, experimental studies, and social impacts of Cloud Computing. Both review/survey papers and technical papers are expected. Topics of the conference include but are not limited to:
- Emerging threats to cloud-based services
- Security models for new services
- Cloud-aware web service security
- Information hiding in Cloud Computing
- Securing distributed data storage in the cloud
- Privacy and security in Cloud Computing
- Forensics
- Robust network architecture
- Cloud Infrastructure Security
- Job deployment in the Cloud
- Intrusion detection/prevention
- Denial-of-Service (DoS) attacks and defense
- Robust job scheduling
- Secure resource allocation and indexing
- Secure payment for cloud-aware services
- User authentication in cloud-aware services
- Security for emerging cloud programming models

For more information, please see http://bingweb.binghamton.edu/~ychen/SCC2010.htm.

SCN 2010 7th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 13-15, 2010. [posted here 02/15/10]
Security and privacy are increasing concerns in computer networks such as the Internet. The availability of fast, reliable, and cheap electronic communication offers the opportunity to perform electronically and in a distributed way a wide range of transactions of a most diverse nature. The Seventh Conference on Security and Cryptography for Networks (SCN 2010) aims at bringing together researchers in the field of cryptography and security in communication networks to foster cooperation and exchange of ideas. Original papers on all technical aspects of cryptography and security are solicited for submission to SCN 2010. Topics of interest are (but not limited to):
- Anonymity
- Implementations
- Authentication
- Symmetric-Key Cryptography
- Complexity-based Cryptography
- Privacy
- Cryptanalysis
- Cryptographic Protocols
- Digital Signatures
- Public-Key Cryptography
- Hash Functions
- Survey and State of the Art
- Identification
- Formal Methods in Security
- Information-Theoretic Security

For more information, please see http://scn.dia.unisa.it/.

NeFX 2010 2nd Annual ACM Northeast Digital Forensics Exchange, Washington, DC, USA, September 13-14, 2010. [posted here 05/03/10]
Practitioners in digital forensics face many challenges and problems, be they from law enforcement, the intelligence or government community, or private practice. Criminal activity, system intrusions, and computer misuse are endemic in today's networked world. Today's state-of-art digital forensic technology on correlating large amount of often distributed digital evidence, crime scene reconstruction, and eventually mapping them to physical criminal scenario can only be best described as ad hoc and fragmented. We have also seen that most criminal investigations have involved crime scenes that co-exist in both cyberspace and physical worlds. There is an urgent need to move the capabilities and foundation of digital forensics from an ad hoc basis to one of science.

Digital forensics is an inherently complex cross-disciplinary field that deals with complicated and potentially inconsistent issues/goals cutting across technical, legal, and law enforcement domains. The ACM Northeast Digital Forensics Exchange (NeFX), sponsored in part by the National Science Foundation and the Army Research Office, is designed to foster collaboration on digital forensics and information assurance between federal and state law enforcement, academia, and industry. Our goal is to bring together leading practitioners and academics in order to yield partnerships that advance research on digital forensic science through mutual sharing of the problems of practice and research. All topic areas related to digital forensics are of interest and in scope, which include, but are not limited to:
- Imaging/Monitoring
- Network Forensics
- Small-scale and Mobile Device Forensics
- Data Processing and Analytics
- Software Forensics and Malware Analysis
- File Carving and File System Analysis
- Anti-forensics Techniques
- Digital Forensics (from signal processing perspective)
- Evidence Modeling and Principles
- Live and Memory Analysis
- Multimedia Forensics
- Database, Web, and Cloud Computing System Forensics
- Digital Evidence Storage and Preservation
- Forensic tool Validation: Methodologies and Principles
- Cyber-crime Strategy Analysis & Modeling
- Advanced search, analysis, and presentation of digital evidence
- Courtroom expert witness and case presentation
- Case studies
- Legal and Sociological Issues
- Intelligence Issues in Forensics

For more information, please see http://nefx.cs.georgetown.edu/.

SA&PS4CS 2010 1st International Workshop on Scientific Analysis and Policy Support for Cyber Security, Held in conjunction with the 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security (MMM-ACNS 2010), St. Petersburg, Russia, September 9, 2010. [posted here 01/12/10]
The workshop is dedicated to the methods of scientific analysis and policy support for response to cyber intrusions and attacks. The main topics of the SA&PS4CS’2010 are detection, discrimination, and attribution of various activities of malefactors and response to cyber intrusions and attacks including national level information operations as well as identifying emergent cyber technologies supporting social and political activity management and trans-national distributed computing management.

For more information, please see http://www.comsec.spb.ru/saps4cs10/.

SIN 2010 3rd International Conference on Security of Information and Networks, Taganrog, Rostov-on-Don, Russia, September 7-11, 2010. [posted here 01/11/10]
Papers addressing all aspects of security in information and networks are being sought. Researchers working on the following and related subjects are especially encouraged: realization of security schemes, new algorithms, experimenting with existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy. Topics of the conference include but are not limited to:
- Access control and intrusion detection
- Autonomous and adaptive security
- Cryptographic techniques and key management
- Information assurance
- Network security and protocols
- Security in information systems
- Security tools and development platforms
- Security ontology, models, protocols & policies
- Secure ontology-based systems
- Standards, guidelines and certification
- Security-aware software engineering
- Trust and privacy

For more information, please see http://www.sinconf.org/sin2010/.

SECURECOMM 2010 6th International Conference on Security and Privacy in Communication Networks, Singapore, September 7-10, 2010. [posted here 10/26/09]
SecureComm’10 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated.

For more information, please see http://www.securecomm.org/.

MMM-ACNS 2010 5th International Conference on Mathematical Methods, Models, and Architectures for Computer Networks Security, St. Petersburg, Russia, September 6-9, 2010. [posted here 01/12/10]
MMM-ACNS-2010 aims at bringing together leading researchers from academia and governmental organizations as well as practitioners to advance the states of the art and practice in the area of computer networks and information security with a focus on novel theoretical aspects of computer network security, facilitate personal interactions and discussions on various aspects of information technologies in conjunction with computer network and information security problems arising in large-scale computer networks. MMM-ACNS-2010’s scope includes, but is not restricted to the following areas:
- Adaptive security
- Anti-malware techniques: detection, analysis, prevention
- Anti-phishing, anti-spam, anti-fraud, anti-botnet techniques
- Authentication, Authorization and Access Control
- Computer and network forensics
- Covert channels
- Critical infrastructure protection
- Data and application security
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital Rights Management
- eCommerce, eBusiness and eGovernment security
- Formal analysis of security properties
- Information warfare
- Internet and web security
- Intrusion prevention, detection, and response
- Language-based security
- Network survivability
- New ideas and paradigms for security
- Operating system security
- Security and privacy in pervasive and ubiquitous computing
- Security event processing and predictive security monitoring
- Security for cloud computing
- Security for large-scale systems and critical infrastructures
- Security of emerging technologies: sensor, wireless/mobile, peer-to-peer and overlay networks
- Security of autonomous agents and multi-agent systems
- Security modeling and simulation
- Security policies
- Security protocols
- Security verification
- Self-protecting and healing
- Software protection
- Trusted computing
- Trust and reputation management
- Vulnerability assessment, risk analysis and risk management

For more information, please see http://comsec.spb.ru/mmm-acns10/.

NSS 2010 4th International Conference on Network and System Security, Melbourne, Australia, September 1-3, 2010. [posted here 03/29/10]
While the attack systems have become more easy-to-use, sophisticated, and powerful, interest has greatly increased in the field of building more effective, intelligent, adaptive, active and high performance defense systems which are distributed and networked. We will focus our program on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems. The aim of this conference is to provide a leading edge forum to foster interaction between researchers and developers with the network and system security communities, and to give attendees an opportunity to interact with experts in academia, industry and governments. Topics of interest include, but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Benchmark, Analysis and Evaluation of Security Systems
- Biometric Security
- Distributed Access Control and Trust Management
- Distributed Attack Systems and Mechanisms
- Distributed Intrusion Detection/Prevention Systems
- Denial-of-Service Attacks and Countermeasures
- High Performance Security Systems
- Identity Management and Authentication
- Implementation, Deployment and Management of Security Systems
- Intelligent Defense Systems
- Internet and Network Forensics
- Key Distribution and Management
- Large-scale Attacks and Defense
- RFID Security and Privacy
- Security Architectures in Distributed Network Systems
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Viruses, Worms, and Other Malicious Code
- World Wide Web Security

For more information, please see http://www.anss.org.au/nss2010.

FTDC 2010 7th Workshop on Fault Diagnosis and Tolerance in Cryptography, Held in conjunction with the CHES 2010, Santa Barbara, CA, USA, August 21, 2010. [posted here 2/8/10]
In recent years applied cryptography has developed considerably, to satisfy the increasing security requirements of various information technology disciplines, e.g., telecommunications, networking, data base systems and mobile applications. Cryptosystems are inherently computationally complex and in order to satisfy the high throughput requirements of many applications, they are often implemented by means of either VLSI devices (crypto-accelerators) or highly optimised software routines (crypto-libraries) and are used via suitable (network) protocols. The high complexity of such implementations raises concerns regarding their reliability. Research is therefore needed to develop methodologies and techniques for designing robust cryptographic systems (both hardware and software), and to protect them against both accidental faults and intentional intrusions and attacks, in particular those based on the malicious injection of faults into the device for the purpose of extracting the secret key. Contributions to the workshop describing theoretical studies and practical case studies of fault diagnosis and tolerance in cryptographic systems (HW and SW) and protocols are solicited. Topics of interest include, but are not limited to:
- modeling the reliability of cryptographic systems and protocols
- inherently reliable cryptographic systems and algorithms
- faults and fault models for cryptographic devices (HW and SW)
- reliability-based attack procedures on cryptographic systems (fault-injection attacks) and protocols
- adapting classical fault diagnosis and tolerance techniques to cryptographic systems
- novel fault diagnosis and tolerance techniques for cryptographic systems
- attacks exploiting micro-architecture components (cache, branch predictor, etc.)
- physical protection against attacks
- fault injection based attacks using FIB laser and chemistry
- case studies of attacks, reliability and fault diagnosis and tolerance techniques in cryptographic systems.

For more information, please see http://conferenze.dei.polimi.it/FDTC10/.

PST 2010 8th International Conference on Privacy, Security and Trust, Ottawa, Canada, August 17-19, 2010. [posted here 12/14/09]
PST2010 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. This year’s theme is “Privacy, Security and Trust by Design: PbD - The Gold Standard.” With the growth and ubiquity of data in today’s hyper-networked world, the need for trust has become more critical than ever. We need new paradigms that seek to integrate and build privacy, security and trustworthiness directly into technologies and systems from the outset and by default. PST2010 will include an Industry Day followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Critical Infrastructure Protection
- Observations of PST in Practice, Society, Policy and Legislation
- Network and Wireless Security
- Digital Rights Management
- Operating Systems Security
- Identity and Trust management
- Intrusion Detection Technologies
- PST and Cloud Computing
- Secure Software Development and Architecture
- Human Computer Interaction and PST
- PST Challenges in e-Services
- Implications of, and Technologies for, Lawful Surveillance
- Network Enabled Operations
- Biometrics, National ID Cards, Identity Theft
- Advanced Training Tools - PST and Web Services / SOA
- Information Filtering, Data Mining & Knowledge from Data
- Privacy, Traceability, and Anonymity
- National Security and Public Safety
- Trust and Reputation in Self-Organizing Environments
- Security Metrics
- Anonymity and Privacy vs. Accountability
- Recommendation, Reputation and Delivery Technologies - Access Control and Capability Delegation
- Continuous Authentication
- Representations and Formalizations of Trust in Electronic and Physical Social Systems

For more information, please see http://pstnet.unb.ca/pst2010.

USENIX-Security 2010 19th USENIX Security Symposium, Washington, DC, USA, August 11–13, 2010. [posted here 12/7/09]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography.

For more information, please see http://www.usenix.org/events/sec10/cfp/.

HotSec 2010 5th USENIX Workshop on Hot Topics in Security, Washington DC, USA, August 10, 2010. [posted here 03/08/10]
While pragmatic and systems-oriented, HotSec takes a broad view of security and privacy and encompasses research on topics including, but not limited to, large-scale threats, network security, hardware security, software security, programming languages, applied cryptography, anonymity, human-computer interaction, sociology, and economics. We favor papers that propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. Papers in well-explored research areas are discouraged. We expect that most accepted position papers will fall into one or more of the following categories:
- Fundamentally new techniques, approaches, or perspectives for dealing with current security problems
- New, major problems arising from new technologies that are now being developed or deployed
- Truly surprising results that cause rethinking of previous approaches

For more information, please see http://www.usenix.org/events/hotsec10/cfp/.

HealthSec 2010 1st USENIX Workshop on Health Security and Privacy, Washington, DC, USA, August 10, 2010. [posted here 12/7/09]
HealthSec '10 is intended as a forum for lively discussion of aggressively innovative and potentially disruptive ideas on all aspects of medical and health security and privacy. A fundamental goal of the workshop is to promote cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. Workshop topics are solicited in all areas relating to healthcare information security and privacy, including:
- Security and privacy models for healthcare information systems
- Industrial experiences in healthcare information systems
- Deployment of open systems for secure and private use of healthcare information technology
- Security and privacy threats against and countermeasures for existing and future medical devices
- Regulatory and policy issues of healthcare information systems
- Privacy of medical records
- Usability issues in healthcare information systems
- Threat models for healthcare information systems

For more information, please see http://www.usenix.org/healthsec10/cfpa/.

LIS 2010 Workshop on Logics in Security, Copenhagen, Denmark, August 9-13, 2010. [posted here 03/15/10]
In the past two decades, a number of logics and formal frameworks have been proposed to model and analyse interconnected systems from the security point of view. Recently, the increasing need to cope with distributed and complex scenarios forced researchers in formal security to employ non-classical logics to reason about these systems. The aim of this workshop is to bring together logicians and formal security researchers to foster the cross-fertilization between these two areas. Logicians have a lot to benefit from specifying and reasoning about real-world scenarios as well as researchers in security can apply recent advances in non-classical logics to improve their formalisms. We are interested in logical and formal foundations of security to the following topics:
- Language-based security
- Judgmental Analysis
- Automated Theorem Proving
- Term-Rewriting Systems
- Logical Programming
- Modal Logic
- Dynamic Logic
- Belief Revision
Applies to
- Access Control
- Privacy
- Protocol Verification
- Security Architectures
- Trust and Reputation Management
- Static Analysis of Programs
- Risk Management
- Policy Compliance
- Security in Multi-Agent System
- Formal Cryptography

For more information, please see http://lis.gforge.uni.lu/index.html.

WOOT 2010 4th USENIX Workshop on Offensive Technologies, Washington, DC, USA, August 9, 2010. [posted here 05/24/10]
Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submission topics include:
- Vulnerability research (software auditing, reverse engineering)
- Penetration testing
- Exploit techniques and automation
- Network-based attacks (routing, DNS, IDS/IPS/firewall evasion)
- Reconnaissance (scanning, software, and hardware fingerprinting)
- Malware design and implementation (rootkits, viruses, bots, worms)
- Denial-of-service attacks
- Web and database security
- Weaknesses in deployed systems (VoIP, telephony, wireless, games)
- Practical cryptanalysis (hardware, DRM, etc.)

For more information, please see http://www.usenix.org/woot10/cfpa/.

CSET 2010 3rd Workshop on Cyber Security Experimentation and Test, Washington, DC, USA, August 9, 2010. [posted here 03/29/10]
The workshop invites you to submit papers on the science, design, architecture, construction, operation, and use of cyber security experiments in network testbeds and infrastructures. Topics of interest include but are not limited to:
- Science of security/testbed experimentation (Data and tools to achieve realistic experiment setup/scenarios, Diagnosis of and methodologies for dealing with experimental artifacts, Support for experimentation on a large scale (virtualization, federation, high fidelity scale-down), Tools and methodologies to achieve, and metrics to measure, correctness, repeatability, and sharing of experiments
- Testbeds and methodologies (Tools, methodologies, and infrastructure that support risky experimentation, Support for experimentation in emerging security topics (cyber-physical systems, wireless, botnets, etc.), Novel experimentation approaches (e.g., coupling of emulation and simulation), Experience in designing or deploying secure testbeds, Instrumentation and automation of experiments; their archiving, preservation, and visualization, Fair sharing of testbed resources)
- Hands-on security education (Experiences teaching security classes that use hands-on security experiments for homework, in-class demonstrations, or class projects, Experiences from red team/blue team exercises)

For more information, please see http://www.usenix.org/cset10/cfpa/.

SECRYPT 2010 5th International Conference on Security and Cryptography, Athens, Greece, July 26-28, 2010. [posted here 01/12/10]
SECRYPT is an annual international conference covering research in information and communication security. The 5th International Conference on Security and Cryptography will be held in Athens, Greece. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, applications security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Areas of interest include, but are not limited to:
- Data and Application Security and Privacy
- Access Control and Intrusion Detection
- Network Security and Protocols
- Cryptographic Techniques and Key Management
- Information Assurance
- Security in Information Systems and Software Engineering

For more information, please see http://www.secrypt.icete.org.

POLICY 2010 IEEE International Symposium on Policies for Distributed Systems and Networks, Fairfax, Virginia, USA, July 21-23, 2010. [posted here 01/11/10]
The symposium brings together researchers and practitioners working on policy-based systems across a range of application areas including policy-based networking, privacy and security management, storage area networking, and enterprise systems. POLICY 2010 has grown out of a highly successful series of workshops and this is recognized by the elevation of the event to an IEEE symposium. POLICY 2010 invites novel contributions on all aspects of policy-based management. Topics of interest include (but are not limited to):
- Privacy and Security
- Policy Models and Languages
- Policy Applications

For more information, please see http://www.ieee-policy.org.

FCC 2010 6th Workshop on Formal and Computational Cryptography, Edinburgh, UK, July 20, 2010. [posted here 03/01/10]
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches is based on a computational model that considers issues of complexity and probability. Messages are modelled as bitstrings and security properties are defined in a strong form, in essence guaranteeing security with high probability against all polynomial time attacks. However, it is difficult to prove security of large, complex protocols in this model. The other approach relies on a symbolic model of protocol execution in which messages are modelled using a term algebra and cryptographic primitives are treated as perfect black-boxes, e.g. the only way to decrypt a ciphertext is to use the corresponding decryption key. This abstraction enables simpler and often automated analyses of complex protocols. Since this model places strong constraints on the attacker, a fundamental question is whether such an analysis implies the strong security properties defined in the computational model. This workshop focuses on approaches that combine and relate symbolic and computational protocol analysis. Over the last few years, there has been a spate of research results in this area. One set of results establish correspondence theorems between the two models, in effect showing that for a certain class of protocols and properties, security in the symbolic model implies security in the computational model. In other work, researchers use language-based techniques such as process calculi, types, and logics to reason directly about the computational model. Several projects also investigate ways of mechanizing computationally sound proofs of protocols. The workshop seeks results in this area of computationally sound protocol analysis: foundations and tools.

For more information, please see http://research.microsoft.com/~fournet/fcc2010/.

SOUPS 2010 Symposium On Usable Privacy and Security, Redmond, WA, USA, July 14-16, 2010. [posted here 10/12/09]
The 2010 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- the impact of organizational policy or procurement decisions
- lessons learned from the deployment and use of usable privacy and security features

For more information, please see http://cups.cs.cmu.edu/SOUPS/.

FCS-PrivMod 2010 Workshop on Foundations of Security and Privacy, Edinburgh, UK, July 14-15, 2010. [posted here 03/29/10]
Formal foundations for computer security have emerged in recent years, including the formal specification and analysis of security protocols, programming languages, access control systems, and their applications. A particular aspect of security is personal privacy, which may be threatened whenever users interact with services and devices which are not directly under their control. From a user's point of view, privacy is often seen as a part of security; but from a service provider's point of view, privacy and security are often opposites that have to be balanced with each other. FCS-PrivMod aims to bring together international researchers from industry and academia in formal methods, computer security, and privacy, to develop advances and new perspectives in security and privacy models and analysis. Topics of interest include, but are not limited to:
- Automated reasoning
- Decidability & complexity
- Formal methods
- Foundations of verification
- Information flow analysis
- Language-based security
- Linkability & traceability
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Tools
- Trust management
- Verification

For more information, please see http://www.loria.fr/~cortier/FCS-PrivMod10/.

DIMVA 2010 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Bonn, Germany, July 8-9, 2010. [posted here 11/30/09]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA’s scope includes, but is not restricted to the following areas:
Intrusion Detection
- Novel approaches & new environments
- Insider detection
- Prevention and response
- Data leakage
- Result correlation & cooperation
- Evasion attacks
- Potentials & limitations
- Operational experiences
- Privacy, legal & social aspects
Malware
- Automated analysis, reversing & execution tracing
- Containment & sandboxed operation
- Acquisition of specimen
- Infiltration
- Behavioral models
- Prevention & containment
- Trends & upcoming risks
- Forensics & recovery
- Economic aspects
Vulnerability Assessment
- Vulnerability detection & analysis
- Vulnerability prevention
- Web application security
- Fuzzing techniques
- Classification & evaluation
- Situational awareness

For more information, please see http://www.dimva.org/dimva2010.

TSP 2010 3rd IEEE International Symposium on Trust, Security and Privacy for Emerging Applications, Bradford, UK, June 29-July 1, 2010. [posted here 11/23/09]
Satisfying user requirements for trust, security and privacy in an efficient way is one of the first considerations for almost all emerging applications, using emerging technologies such as pervasive computing, peer to peer computing, grid computing, cloud computing, virtualization and, mobile and wireless technologies. Challenges arise as emerging applications evolve to provide more scalable and comprehensive services. One of the biggest challenges is that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, and distributed computing environments. Therefore, we need to build networks and systems in which emerging applications allow users to enjoy more scalable and comprehensive services while preserving trust, security and privacy at the same time. TSP-10 aims at bringing together researchers and practitioners in the world working on trust, security, privacy, and related issues such as technical, social, and cultural implications for all emerging devices, services, applications, networks, and systems, and providing a forum for them to present and discuss emerging ideas and trends in this highly challenging research area.

For more information, please see http://trust.csu.edu.cn/conference/tsp2010/Call_for_Papers.htm.

SHPCS 2010 5th Workshop on Security and High Performance Computing Systems, Held in conjunction with the 6th International Wireless Communications and Mobile Computing Conference (IWCMC 2010), Caen, Normandy, France, June 28 - July 2, 2010. [posted here 12/28/09]
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems. In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, or a cluster can support high performance intrusion detection. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. The Workshop topics include (but are not limited to) the following:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Cloud Security
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Monitoring & Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Untrusted & Adversarial Environments and Systems
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Security Visualization
- Smartcards
- Trust Management Policies
- Trust Models
- Web Security
- Web Services Security

For more information, please see http://leibniz.diiga.univpm.it/~spalazzi/caen/.

IH 2010 12th Information Hiding Conference, Calgary, Alberta, Canada, June 28 - 30, 2010. [posted here 01/11/10]
For many years, Information Hiding has captured the imagination of researchers. Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in digital rights management schemes. Steganalysis and forensics pose important challenges to investigators; and privacy techniques try to hide relational information such as the actors' identities in anonymous communication systems. These and other topic share the notion that security is defined by the difficulty to make (or avoid) inference on certain properties of host data, which therefore has to be well understood and modeled. Current research themes include:
- Anonymity and privacy
- Covert/subliminal channels
- Digital rights management
- Fingerprinting and embedding codes
- Multimedia and document security
- Multimedia forensics and counter forensics
- Novel applications of information hiding
- Other data hiding domains (e.g. text, software, etc.)
- Security metrics for information hiding
- Steganography and steganalysis
- Theoretical aspects of information hiding and detection
- Watermarking (algorithms, security, attacks)

For more information, please see http://ih2010.cpsc.ucalgary.ca.

ICDCS-SPCC 2010 1st International Workshop on Security and Privacy in Cloud Computing, Held in conjunction with the IEEE International Conference on Distributed Computing Systems (ICDCS 2010), Genoa, Italy, June 25, 2010. [posted here 01/12/10]
Cloud computing has recently emerged as a new information technology infrastructure. In cloud computing, information is permanently stored in large data centers on the Internet and temporarily accessed and cached on clients that include desktops and portable PCs, sensors, etc. With the "cloud" as a metaphor for the Internet, cloud computing promises to deliver massively scalable IT-enabled data, software, and hardware capabilities as a service to external clients using Internet technologies. Cloud computing has been envisioned as the key technology to achieve economies of scale in the deployment and operation of IT solutions. Cloud computing has unique attributes that raise many security and privacy challenges in areas such as data security, recovery, and privacy, as well as legal issues in areas such as regulatory compliance and auditing. In contrast to traditional enterprise IT solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the servers in large data centers on the Internet, where the management of the data and services are not fully trustworthy. When clients store their data on the server without themselves possessing a copy of it, how the integrity of the data can be ensured if the server is not fully trustworthy? Will encryption solve the data confidentiality problem of sensitive data? How will encryption affect dynamic data operations such as query, insertion, modification, and deletion? Data in the cloud is typically in a shared environment alongside data from other clients. How the data segregation should be done, while data are stored, executed, and transmitted? How the virtulized resources is being managed and secured in the cloud? Due to the fundamental paradigm shift in cloud computing, many security concerns have to be better understood, unanticipated vulnerabilities identified, and viable solutions to critical threats devised, before the wide deployment of cloud computing techniques can take place. Topics of interests include (but are not limited to) the following subject categories:
- Secure management of virtualized cloud resources
- Secure network architecture for cloud computing
- Joint security and privacy aware cloud protocol design
- Access control and key management
- Trust and policy management in clouds
- Identification and privacy in cloud
- Remote data integrity protection
- Secure computation outsourcing
- Dynamic data operation security
- Software and data segregation security
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure wireless cloud

For more information, please see http://www.ece.iit.edu/~ubisec/workshop.htm.

ACNS 2010 8th International Conference on Applied Cryptography and Network Security, Beijing, China, June 22-25, 2010. [posted here 9/13/09]
Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '10. Topics of relevance include but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols

For more information, please see http://www.tcgchina.org/acns2010/.

OWASP-AppSec-Research 2010 OWASP AppSec Research 2010, Stockholm, Sweden, June 21-24, 2010. [posted here 12/14/09]
OWASP AppSec Research focuses on web application security and invites both academia and industry. The conference features a full-paper research track published by Springer-Verlag (LNCS) as well as industry talks and demos. OWASP (the Open Web Application Security Project) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. We encourage the publication and presentation of new tools, new methods, empirical data, novel ideas, and lessons learned in the following areas:
- Web application security
- Security aspects of new/emerging web technologies/paradigms (mashups, web 2.0, offline support, etc)
- Security in web services, REST, and service oriented architectures
- Security in cloud-based services
- Security of frameworks (Struts, Spring, ASP.Net MVC etc)
- New security features in platforms or languages
- Next-generation browser security
- Security for the mobile web
- Secure application development (methods, processes etc)
- Threat modeling of applications
- Vulnerability analysis (code review, pentest, static analysis etc)
- Countermeasures for application vulnerabilities
- Metrics for application security
- Application security awareness and education

For more information, please see http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden.

Trust 2010 3rd International Conference on Trust and Trustworthy Computing, Berlin, Germany, June 21-23, 2010. [posted here 11/23/09]
Building on the success of Trust 2009 (held at Oxford, UK) and Trust 2008 (Villach, Austria), this conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself will have two main strands, one devoted to technical aspects and one devoted to the socio-economic aspects of trusted computing. This call for papers is for contributions to the technical strand - a separate call is issued for contributions to the socio-economic strand of the conference. The conference solicits original papers on any aspect of the design and application of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, services, hardware, software and protocols. Topics of interest include, but are not limited to:
- Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
- Mobile trusted computing
- Implementations of trusted computing (covering both hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing
- Attestation and possible variants (e.g., property-based attestation, runtime attestation)
- Cryptographic aspects of trusted computing
- Security hardware, i.e., hardware with cryptographic and security functions, including physically unclonable functions (PUFs)
- Hardware Trojans (detection, prevention)
- Intrusion resilience in trusted computing
- Virtualisation for trusted platforms
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- End-user interactions with trusted platforms
- Limitations of trusted computing

For more information, please see http://www.trust2010.org/.

DBSec 2010 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Rome, Italy, June 21-23, 2010. [posted here 11/30/09]
DBSec is an annual international conference covering research in data and applications security and privacy. The 24th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2010) will be held in Rome, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to:
- access control
- anonymity
- applied cryptography in data security
- authentication
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in IT outsourcing
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see http://dbsec2010.dti.unimi.it.

IFIP-TM 2010 4th IFIP International Conference on Trust Management, Morioka, Japan, June 16-18, 2010. [posted here 7/27/09]
The mission of the IFIPTM 2010 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2010 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below:
- Trust models, formalization, specification, analysis and reasoning
- Reputation systems and architectures
- Engineering of trustworthy and secure software
- Ethics, sociology and psychology of trust
- Security management and usability issues including security configuration
- Trust management frameworks for secure collaborations
- Language security
- Security, trust and privacy for service oriented architectures and composite applications
- Security, trust and privacy for software as a service (SaaS)
- Security, trust and privacy for Web 2.0 Mashups
- Security, privacy, and trust as a service
- Legal issues related to the management of trust
- Semantically-aware security management
- Adaptive security policy management
- Mobile security
- Anonymity and privacy vs. accountability
- Critical infrastructure protection, public safety and emergency management
- Privacy and identity management in e-services
- Biometrics, national ID cards, identity theft
- Robustness of trust and reputation systems
- Distributed trust and reputation management systems
- Human computer interaction aspects of privacy, security & trust
- Applications of trust and reputation management in e-services
- Trusted platforms and trustworthy systems

For more information, please see http://www.ifip-tm2010.org/.

MIST 2010 2nd International Workshop on Managing Insider Security Threats, Held in conjunction with IFIPTM 2010, Morioka, Iwate, Japan, June 14-15, 2010. [posted here 03/08/10]
During the past decades, information security developments have been mainly concerned with preventing illegal attacks by outsiders, such as hacking, virus propagation, and spyware. However, according to a recent Gartner Research Report, information leakage caused by insiders who are legally authorized to have access to some corporate information is increasing dramatically. These leakages can cause significant damages such as weakening the competitiveness of companies (and even countries). Information leakage caused by insiders occurs less frequently than information leakage caused by outsiders, but the financial damage is much greater. Countermeasures in terms of physical, managerial, and technical aspects are necessary to construct an integral security management system to protect companies' major information assets from unauthorized internal attackers. The objective of this workshop is to showcase the most recent challenges and advances in security technologies and management systems to prevent leakage of organizations' information caused by insiders. It may also include state-of-the-art surveys and case analyses of practical significance. We expect that the workshop will be a trigger for further research and technology improvements related to this important subject. Topics (include but are not limited to):
- Theoretical foundations and algorithms for addressing insider threats
- Insider threat assessment and modeling
- Security technologies to prevent, detect and avoid insider threats
- Validating the trustworthiness of staff
- Post-insider threat incident analysis
- Data breach modeling and mitigation techniques
- Registration, authentication and identification
- Certification and authorization
- Database security
- Device control system
- Digital forensic system
- Digital right management system
- Fraud detection
- Network access control system
- Intrusion detection
- Keyboard information security
- Information security governance
- Information security management systems
- Risk assessment and management
- Log collection and analysis
- Trust management
- IT compliance (audit)
- Continuous auditing

For more information, please see http://isyou.hosting.paran.com/mist10/.

D-SPAN 2010 1st International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with WoWMoM 2010, Montreal, QC, Canada, June 14, 2010. [posted here 12/21/09]
This workshop is focused on defining new problems and developing novel techniques for data security and privacy issues in wireless and mobile networks. With the emergence of data-intensive wireless networks such as wireless sensor networks and data-centric mobile applications such as location-based services, the traditional boundaries between these three disciplines are blurring. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, as well as sensor networks, and (2) papers that use data analytics techniques to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities – wireless networks, databases, and security. The list of topics includes, but not limited to:
- Fundamental theory of a security network science
- Key exchange, distribution and management in wireless networks
- Location privacy in wireless networks
- Secure data collection and aggregation for wireless sensor networks
- Secure data collection in body-area networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure query processing over wireless sensor networks
- Security and privacy of RFID systems
- Security and privacy for data streaming
- Security for cognitive radio networks
- Tradeoffs between Security and Communication Performance

For more information, please see http://home.gwu.edu/~nzhang10/DSPAN2010/.

HOST 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, California, USA, June 13-14, 2010. [posted here 12/7/09]
HOST covers security and trust issues in all types of electronic devices and systems such as ASICs, COTS, FPGAs, microprocessors/DSPs, and embedded systems. The mission of HOST is to provide a forum for the presentation and discussion of research that is of critical significance to the security of, and trust in, modern society's microelectronic-supported infrastructures. Papers and presentations that address any of the following "hot topics" are of high interest to the symposium. Papers addressing HOST issues outside of these areas will be considered equally relevant in the review process:
- Trojan Detection and Isolation
- Authenticating Foundry of Origin
- Side Channel Analysis/Attacks
- Watermarking
- FPGA Design Security
- Hardware focused Cryptography
- IC Metering
- Physical Unclonable Functions
- Embedded and Distributed Systems Security
- Hardware Intrusion Detection and Prevention
- Security Engineering
- Scan chain Encryption

For more information, please see http://www.engr.uconn.edu/HOST/.

SACMAT 2010 15th ACM Symposium on Access Control Models and Technologies, Pittsburgh, PA, USA, June 9-11, 2010. [posted here 10/5/09]
Papers offering novel research contributions in all aspects of access control are solicited for submission to the ACM Symposium on Access Control Models and Technologies (SACMAT). The missions of the symposium are to share novel access control solutions that fulfill the needs of heterogeneous applications and environments and to identify new directions for future research and development. SACMAT gives researchers and practitioners a unique opportunity to share their perspectives with others interested in the various aspects of access control. Topic of Interest include:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Delegation
- Identity management
- Policy/Role Engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust models
- Theoretical foundations for access control models
- Usage control

For more information, please see http://www.sacmat.org/.

RFIDSec 2010 6th Workshop on RFID Security, Istanbul, Turkey, June 8-10, 2010. [posted here 11/23/09]
The workshop focuses on approaches to solve security and data-protection issues in advanced contactless technologies like RFID. It stresses implementation aspects imposed by resource constraints. Topics of the conference include but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID (Authentication protocols, Key update mechanisms, Scalability issues)
- Integration of secure RFID systems (Middleware and security, Public-key infrastructures, Case studies)
- Resource-efficient implementation of cryptography (Small-footprint hardware, Low-power architectures)
- Attacks on RFID systems
- RFID security hardware e.g. RFID with PUF, RFID Trojans, …

For more information, please see http://www.projectice.eu/rfidsec10/index.html.

CISSE 2010 14th Colloquium for Information Systems Security Education, Baltimore, MD, USA, June 7-9, 2010. [posted here 10/12/09]
This Colloquium, the fourteenth in an ongoing annual series, brings together leading figures from academia, government, and industry to address the national need for security and assurance of our information and communications infrastructure. The Colloquium solicits participation from practitioners, students, educators, and researchers. The topics areas should discuss course or lab development, Information Assurance (IA) curricula, standards, best practices, existing or emerging programs, trends, and future vision, as well as related issues. This includes the following general topics:
- Assessment of need (e.g. how many information security workers/ researchers/ faculty are needed?)
- Integrating information assurance topics in existing graduate or undergraduate curricula
- Experiences with course or laboratory development
- Alignment of curriculum with existing information assurance education standards
- Emerging programs or centers in information assurance
- Best practices
- Vision for the future
- Tools, demonstrations, case studies, course modules, shareware, and worked examples that participants (and others) can use to help educate people in computer security.

For more information, please see http://www.cisse.info.

WEIS 2010 9th Workshop on the Economics of Information Security, Harvard University, Cambridge, MA, USA, June 7-8, 2010. [posted here 11/9/09]
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security, combining expertise from the fields of economics, social science, business, law, policy and computer science. Prior workshops have explored the role of incentives between attackers and defenders, identified market failures dogging Internet security, and assessed investments in cyber-defense. This workshop will build on past efforts using empirical and analytic tools to not only understand threats, but also strengthen security through novel evaluations of available solutions. How should information risk be modeled given the constraints of rare incidence and high interdependence? How do individuals’ and organizations’ perceptions of privacy and security color their decision making? How can we move towards a more secure information infrastructure and code base while accounting for the incentives of stakeholders? We encourage economists, computer scientists, business school researchers, legal scholars, security and privacy specialists, as well as industry experts to submit their research and attend the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Online crime (including botnets, phishing and spam)
- Models and analysis of online crime
- Risk management and cyberinsurance
- Security standards and regulation
- Cybersecurity policy
- Privacy, confidentiality and anonymity
- Behavioral security and privacy
- Security models and metrics
- Psychology of risk and security
- Vulnerability discovery, disclosure, and patching
- Cyberwar strategy and game theory
- Incentives for information sharing and cooperation

For more information, please see http://weis2010.econinfosec.org/cfp.html.

MOBISEC 2010 2nd International ICST Conference on Security and Privacy in Mobile Information and Communication Systems, Catania, Sicily, May 26-28, 2010. [posted here 10/26/09]
The focus of MOBISEC 2010 is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. MobiSec strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas, as applied to mobile ICT:
- Security architectures for next-generation, new-generation and converged communication networks
- Trusted mobile devices, hardware security
- Network resilience
- Threat analyses for mobile systems
- Multi-hop authentication and trust
- Non-repudiation of communication
- Context-aware and data-centric security
- Protection and safety of distributed mobile data
- Mobile application security
- Security for voice and multimedia communication
- Machine-to-machine communication security
- Trust in autonomic and opportunistic communication
- Location based applications security and privacy
- Security for the networked home environment
- Security and privacy for mobile communities
- Mobile emergency communication, public safety
- Lawful interception and mandatory data retention
- Security of mobile agents and code
- Identity management
- Embedded security

For more information, please see http://mobisec.org/.

SADFE 2010 5th International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2010), Oakland, CA, USA, May 20, 2010. [posted here 11/23/09]
The SADFE (Systematic Approaches to Digital Forensic Engineering) Workshop promotes systematic approaches to computer investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Most previous SADFE papers have emphasized cyber crime investigations and digital forensics tools. While these are still key topics of the meeting, we also welcome digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Digital forensic engineering is the application of scientific principles to the collection and analysis of digital artifacts, either for use within the legal system or to aid in understanding past events with the goal of improving computer system security.

For more information, please see http://conf.ncku.edu.tw/sadfe/sadfe10/.

SP 2010 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA, May 16–19, 2010. [posted here 7/13/09]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

*Systematization of Knowledge Papers*: In addition to the standard research papers, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

*Workshops*: The Symposium is also soliciting submissions for colocated workshops. Workshop proposals should be sent by Friday, 21 August 2009 by email to Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length. Submissions should include the workshop title, a short description of the topic of the workshop, and biographies of the organizers.

For more information, please see http://oakland10.cs.virginia.edu/cfp.html.

LEET 2010 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, Held in conjunction with the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2010), San Jose, CA, USA, April 27, 2010. [posted here 9/21/09]
LEET aims to provide a unique forum for the discussion of threats to the confidentiality of our data, the integrity of digital transactions, and the dependability of the technologies we increasingly rely on. We encourage submissions of papers that focus on the malicious activities themselves (e.g., reconnaissance, exploitation, privilege escalation, rootkit installation, attack), our responses as defenders (e.g., prevention, detection, and mitigation), or the social, political, and economic goals driving these malicious activities and the legal and ethical codes guiding our defensive responses. Topics of interest include but are not limited to:
- Infection vectors for malware (worms, viruses, etc.)
- Botnets, command, and control channels
- Spyware
- Operational experience
- Forensics
- Click fraud
- Measurement studies
- New threats and related challenges
- Boutique and targeted malware
- Phishing
- Spam
- Underground markets
- Carding and identity theft
- Miscreant counterintelligence
- Denial-of-service attacks
- Hardware vulnerabilities
- Legal issues
- The arms race (rootkits, anti–anti-virus, etc.)
- New platforms (cellular networks, wireless networks, mobile devices)
- Camouflage and detection
- Reverse engineering
- Vulnerability markets and zero-day economics
- Online money laundering
- Understanding the enemy
- Data collection challenges

For more information, please see http://www.usenix.org/events/leet10/cfp/.

CSIIRW 2010 Cyber Security and Information Intelligence Research Workshop, Oak Ridge National Laboratory, Oak Ridge, Tennessee, USA, April 21-23, 2010. [posted here 2/8/10]
Despite ubiquitous dependence on electronic information and on the networked computing infrastructure, cyber security practice and policy is largely heuristic, reactive, and increasingly cumbersome, struggling to keep pace with rapidly evolving threats. Advancing beyond this reactive posture will require a transformation in computing and communication systems architecture and new capabilities that do not merely solve today’s security problems, but render them obsolete. The aim of this workshop is to discuss (and publish) novel theoretical and empirical research focused on the many different aspects of cyber security and information intelligence. The scope will vary from methodologies and tools to systems and applications to more precise definition of the various problems and impacts.

For more information, please see http://www.csiir.ornl.gov/csiirw.

ICISA-Security 2010 International Conference on Information Science and Applications, Security & Privacy Track, Seoul, Korea, April 21-23, 2010. [posted here 11/23/09]
The goal of this conference is to bring together researchers from academia and practitioners from industry who are involved in Information Science and Applications Issues as well as share ideas, problems, and solutions related to those issues. This conference will provide a forum where researchers will present recent research results, describe emerging technologies and new research problems and directions related to Information Science and Applications Issues. The conference seeks contributions presenting novel research results in all aspects of information and security and applications. Topics of interest may include one or more of the following (but are not limited to) themes in the Security and Privacy track are:
- Infrastructure Security
- Multimedia Security
- Software Security
- Privacy Masking

For more information, please see http://global.kcis.kr/icisa2010/.

SMPE 2010 4th International Symposium on Security and Multimodality in Pervasive Environments, Perth, Australia, April 20-23, 2010. [posted here 10/26/09]
Pervasive computing environments (PE) present specific peculiarities with respect to aspects like security and multimodality. As a matter of fact, the accessibility level of a virtual environment can definitively be improved by natural interfaces and multimodal interaction systems, which offer users the freedom to select from multiple modes of interaction with services and permit to break down barriers about human-computer interaction making communication intuitive and spontaneous. On the other hand, while enlarging and easing the ways to access to the environment, security threads arise and the environment must be properly equipped in order to protect itself from malicious attacks and/or from wrong actions performed by inexpert users. Topics of Interest include:
- Trust and reputation management in PE
- Security applications and services in pervasive computing
- Security model for pervasive computing
- Intelligent multimedia security services in pervasive computing
- Key management and authentication in pervasive computing
- Network security issues and protocols in pervasive computing
- Access control and privacy protection in pervasive computing
- Security Standard for next pervasive computing
- Security in Human Centred Environments
- Natural interfaces security issues
- Advanced multimodal interfaces
- Human oriented interfaces
- Multimodal mobile and ubiquitous services
- Methods for multimodal integration
- Middleware services for multimodal and pervasive applications
- Context-Awareness in multimodal applications
- Multimodal analysis and recognition of contex
- Next ubiquitous and immersive environments
- Virtual reality and ubiquitous computing
- Usability and accessibility in ubiquitous applications
- Applications and scenarios
- Others: Commercial or Industrial Issue in pervasive computing

For more information, please see http://www.ftrg.org/smpe2010.

ASIACCS 2010 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, April 13-16, 2010. [posted here 6/29/09]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the latest cyber-security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Topics of interest include, but are not limited to:
- anonymity
- access control
- secure networking
- accounting and audit
- key management
- intrusion detection
- authentication
- smartcards
- data and application security
- Malware and botnets
- privacy-enhancing technology
- software security
- inference/controlled disclosure
- intellectual-property protection
- digital-rights management
- trusted computing
- phishing and countermeasures
- commercial and industry security
- security management
- web security
- applied cryptography
- mobile-computing security
- cryptographic protocols
- data/system integrity
- information warfare
- formal methods for security
- identity management
- security in ubiquitous computing, e.g., RFIDs
- security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0

For more information, please see http://www.dacas.cn/asiaccs2010.

IDtrust 2010 9th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryland, USA, April 13-15, 2010. [posted here 11/2/09]
IDtrust is looking for papers related to all parts of the public-key mediated authentication and access control problem. All software systems, from enterprise data centers to small businesses and consumer-facing applications, must make access control decisions for protected data. IDtrust is a venue for the discussion of the complete access control process (authentication, authorization, provisioning and security decision workflow), addressing questions such as: "What are the authorization strategies that will succeed in the next decade?" "What technologies exist to address complex requirements today?" "What research is academia and industry pursuing to solve the problems likely to show up in the next few years?" Identity as used here refers to not just the principal identifier, but also to attributes and claims. Topics of interest include, but are not limited to:
- Analysis of existing identity management protocols and ceremonies (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
- Analysis or extension of identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
- Design and analysis of new access control protocols and ceremonies
- Cloud/grid computing implications on authorization and authentication
- Assembly of requirements for access control protocols and ceremonies involving strong identity establishment
- Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc.
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of “invited networks”
- Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
- Federated approaches to trust
- Standards related to identity and trust, including X.509, S/MIME, PGP, SPKI/SDSI, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed environments
- Analysis and improvements to the usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks, disaggregated computers, etc.)
- Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc.

For more information, please see http://middleware.internet2.edu/idtrust/2010/.

WISTP 2010 4th Workshop on Information Security Theory and Practice, Passau, Germany, April 13-14, 2010. [posted here 10/5/09]
The impact of pervasive and smart devices on our daily lives is ever increasing, and the rapid technological development of information technologies ensures that this impact is constantly changing. It is imperative that these complex and resource constrained technologies are not vulnerable to attack. This workshop will consider the full impact of the use of pervasive and smart technologies on individuals, and society at large, with regard to the security and privacy of the systems that make use of them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of pervasive systems and smart devices, as well as experimental studies of fielded systems. We encourage submissions that address the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- Access control
- Ad hoc networks security
- Anonymity
- Biometrics, national ID cards
- Data and application security and privacy
- Data protection
- Delay-tolerant network security
- Digital rights management (DRM) in pervasive environments
- Domestic network security
- Embedded systems security and TPMs
- Human and psychological aspects of security
- Human-computer interaction and human behavior impact for security
- Identity management
- Information assurance and trust management
- Interplay of TPMs and smart cards
- Intrusion detection and information filtering
- Mobile codes security
- Mobile commerce security
- Mobile devices security
- New applications for secure RFID systems
- Peer-to-peer security
- Privacy enhancing technologies
- RFID and NFC systems security
- Secure self-organization and self-configuration
- Security in location services
- Security issues in mobile and ubiquitous networks
- Security metrics
- Security models and architecture
- Security of GSM/GPRS/UMTS systems
- Security policies
- Security protocols
- Sensor networks security
- Smart card security
- Smart devices applications
- Vehicular network security
- Wireless communication security
- Wireless sensor node security

For more information, please see http://www.wistp.org/.

EuroSec 2010 European Workshop on System Security, Held in conjunction with the Annual ACM SIGOPS EuroSys conference, Paris, France, April 13, 2010. [posted here 11/30/09]
The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work. EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):
- Operating systems security
- Web/network/distributed systems security
- New attacks and evasion techniques
- Hardware architectures
- Trusted computing and its applications
- Identity management, anonymity
- Small trusted computing bases
- Mobile systems security
- Measuring security
- Malicious code analysis and detection
- Systems-based forensics
- Systems work on fighting spam/phishing

For more information, please see http://www.iseclab.org/eurosec-2010/.

AH 2010 1st ACM Augmented Human International Conference, Megève ski resort, France, April 2-4, 2010. [posted here 10/5/09]
The AH international conference focuses on scientific contributions towards augmenting humans capabilities through technology for increased well-being and enjoyable human experience. The topics of interest include, but are not limited to:
- Augmented and Mixed Reality
- Internet of Things
- Augmented Sport
- Sensors and Hardware
- Wearable Computing
- Augmented Health
- Augmented Well-being
- Smart artifacts & Smart Textiles
- Augmented Tourism and Games
- Ubiquitous Computing
- Bionics and Biomechanics
- Training/Rehabilitation Technology
- Exoskeletons
- Brain Computer Interface
- Augmented Context-Awareness
- Augmented Fashion
- Safety, Ethics and Legal Aspects
- Security and Privacy Aspects

For more information, please see http://www.augmented-human.com/.

SESOC 2010 International Workshop on SECurity and SOCial Networking, Mannheim, Germany, March 29 - April 2 2010. [posted here 7/27/09]
Future pervasive communication systems aim at supporting social and collaborative communications: the evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. New emerging technologies that use information on the social characteristics of their participants raise entirely new privacy concerns and require new reflections on security problems such as trust establishment, cooperation enforcement or key management. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems, integrating the social structure of the network as well. Topics of interest include:
- new aspects of trust
- privacy concerns
- availability and resilience
- community based secure communication
- data confidentiality, data integrity
- anonymity, pseudonymity
- key management
- secure bootstrapping
- security issues in forwarding, routing
- security aspects regarding cooperation
- new reputation systems
- new attack paradigms
- new requirements for software security
- malware

For more information, please see http://www.sesoc.org.

SAC-ISRA 2010 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland, March 22-26, 2010. [posted here 6/8/09]
As society becomes more reliant on information systems, networks, and mobile communication, we become more vulnerable to security incidents. Our critical infrastructures for energy, communication, and transportation are interconnected via the Internet, bringing with this the efficiencies and economies of scale and the risk associated with open networks. It has turned out that economic and societal interests go beyond technical security, as they also relate to organizational and behavioral security facets. This track provides a venue for holistic security issues related to detecting, mitigating and preventing the threat of attacks against information and communication systems. It brings together security researchers from the areas of computer science, information systems and systems science who are otherwise spread over multiple conferences. Papers that address improving the security of information system- reliant organizations from threats through technical, organizational, or behavioral change are encouraged. These may include simulation studies, case-based research, empirical studies, and other applications of quantitative and qualitative methods. Topics include, but are not limited to:
- Internet security
- Economics of information security
- Identifying modes of misuse
- Applications of access policies
- Analysis of known and unknown modes of attack
- Detecting and mitigating insider threats
- Modeling risks and approaches to mitigation
- Teaching and training security and business managers about information security
- Creating channels and techniques to share confidential information
- Modeling and theory building of security issues
- Insider threats
- Social and business security policy
- Intrusion detection/prevention
- Electronic commerce security and privacy
- Secure software development
- Electronic voting
- Security metrics
- Risk and fraud assessment
- Trust
- Process Control Systems / SCADA security

For more information, please see http://www.albany.edu/~er945/CfP_SAC2010_ISRA.html.

SAC-SEC 2010 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland, March 22-26, 2010. [posted here 8/24/09]
The Security Track reaches its ninth edition this year, thus appearing among the most established tracks in the Symposium. The list of issues remains vast, ranging from protocols to workflows. Topics of interest include but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-virus, anti-hacker, anti-DoS tools, firewalls, real-time monitoring, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
- privacy and anonimity (trust management, pseudonimity, identity management, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
- security management and usability issues (security configuration, policy management, usability trials etc.)
- workflow and service security (business processes, web services, etc.)

For more information, please see http://www.dmi.unict.it/~giamp/sac/10cfp.html.

SAC-TRECK 2010 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track (TRECK), Sierre, Switzerland, March 22-26, 2010. [posted here 5/25/09]
Computational models of trust and online reputation mechanisms have been gaining momentum. The goal of the ACM SAC 2010 TRECK track remains to review the set of applications that benefit from the use of computational trust and online reputation. Computational trust has been used in reputation systems, risk management, collaborative filtering, social/business networking services, dynamic coalitions, virtual organisations and even combined with trusted computing hardware modules. The TRECK track covers all computational trust/reputation applications, especially those used in real-world applications. The topics of interest include, but are not limited to:
- Recommender and reputation systems
- Trust management, reputation management and identity management
- Pervasive computational trust and use of context-awareness
- Mobile trust, context-aware trust
- Web 2.0 reputation and trust
- Trust-based collaborative applications
- Automated collaboration and trust negotiation
- Trade-off between privacy and trust
- Trust/risk-based security frameworks
- Combined computational trust and trusted computing
- Tangible guarantees given by formal models of trust and risk
- Trust metrics assessment and threat analysis
- Trust in peer-to-peer and open source systems
- Technical trust evaluation and certification
- Impacts of social networks on computational trust
- Evidence gathering and management
- Real-world applications, running prototypes and advanced simulations
- Applicability in large-scale, open and decentralised environments
- Legal and economic aspects related to the use of trust and reputation engines
- User-studies and user interfaces of computational trust and online reputation applications

For more information, please see http://www.trustcomp.org/treck/.

SAC-CF 2010 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland, March 22-26, 2010. [posted here 5/25/09]
With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and educational methods in this increasingly challenging field. We expect that people from academia, industry, government, and law enforcement will share their previously unpublished ideas on research, education, and practice through this track. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics:
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics

For more information, please see http://comp.uark.edu/~bpanda/sac2010cfp.pdf.

WiSec 2010 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010. [posted here 6/8/09]
As wireless networks become ubiquitous, their security gains in importance. The ACM Conference on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as well as techniques to thwart them. The considered networks encompass cellular, metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio, and sensor networks, as well as RFID. Topics of interest include, but are not limited to:
- Naming and addressing vulnerabilities
- Key management in wireless/mobile environments
- Secure neighbor discovery / Secure localization
- Secure PHY and MAC protocols
- Trust establishment
- Intrusion detection, detection of malicious behavior
- Revocation of malicious parties
- Denial of service
- User privacy, location privacy
- Anonymity, prevention of traffic analysis
- Identity theft and phishing in mobile networks
- Charging
- Cooperation and prevention of non-cooperative behavior
- Economics of wireless security
- Vulnerability and attack modeling
- Incentive-aware secure protocol design
- Jamming/Anti-jamming communication
- Cross-layer design for security
- Monitoring and surveillance
- Cryptographic primitives for wireless communication
- Formal methods for wireless security
- Mobile platform and systems (OS and application) security

For more information, please see http://www.sigsac.org/wisec/WiSec2010.

IFIP-CIP 2010 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA, March 14–17, 2010. [posted here 7/13/09]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org.

NDSS 2010 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, February 28 - March 3, 2010. [posted here 5/4/09]
The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security services. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation (rather than theory). A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Submissions are solicited in, but not limited to, the following areas:
- Security of Web-based applications and services
- Anti-malware techniques: detection, analysis, and prevention
- Intrusion prevention, detection, and response
- Security for electronic voting
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Privacy and anonymity technologies
- Network perimeter controls: firewalls, packet filters, and application gateways
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security for peer-to-peer and overlay network systems
- Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, and licensing
- Implementation, deployment and management of network security policies
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Integrating security services with system and application security facilities and protocols
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Software hardening: e.g., detecting and defending against software bugs (overflows, etc.)
- Security for large-scale systems and critical infrastructures
- Integrating security in Internet protocols: routing, naming, network management

For more information, please see http://www.isoc.org/isoc/conferences/ndss/10/cfp.shtml.

RFIDsec 2010 The 2010 Workshop on RFID Security, Singapore, February 22-23, 2010. [posted here 7/20/09]
RFIDSec aims to provide a major forum to address the fundamental issues in theory and practice related to security and privacy issues, designs, standards, and case studies in the development of RFID systems and EPCglobal network. Papers representing original research in both the theory and practice concerning RFID security are solicited. Topics of interest include, but are not limited to:
- New applications for secure RFID systems
- Data protection and privacy-enhancing techniques for RFID
- Cryptographic protocols for RFID
- Authentication protocols
- Key update mechanisms
- Scalability issues
- Integration of secure RFID systems
- Middleware and security
- Public-key infrastructures
- Resource-efficient implementation of cryptography
- Small-footprint hardware
- Low-power architectures
- Attacks on RFID systems such as RFID malwares
- RFID security hardware such as RFID with PUF
- Trust model, data protection and sharing for EPCglobal Network

For more information, please see http://rfidsec2010.i2r.a-star.edu.sg/.

TaPP 2010 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA, February 22, 2010. [posted here 9/13/09]
Provenance, or meta-information about computations, computer systems, database queries, scientific workflows, and so on, is emerging as a central issue in a number of disciplines. The TaPP workshop series builds upon a set of workshops on Principles of Provenance organized in 2007-2009, which helped raise the profile of this area within diverse research communities, such as databases, security, and programming languages. We hope to attract serious cross-disciplinary, foundational, and highly speculative research and to facilitate needed interaction with the broader systems community and with industry. We invite submissions addressing research problems involving provenance in any area of computer science, including but not limited to:
- Databases (Data provenance and lineage, Uncertainty/probabilistic databases, Curated databases, Data quality/integration/cleaning, Privacy/anonymity, Data forensics)
- Programming languages and software engineering (Bi-directional, adaptive, and self-adjusting computation, Traceability, Source code management/version control/configuration management, Model-driven design and analysis)
- Systems and security (Provenance aware/versioned file systems, Provenance and audit/integrity/information flow security, Trusted computing, Traces and reflective/adaptive/self-adjusting systems, Digital libraries)
- Workflows/scientific computation (Efficient/incremental recomputation, Scientific data exploration and visualization, Workflow provenance querying, User interfaces)

For more information, please see http://www.usenix.org/events/tapp10/cfp/.

SNDS 2010 18th Euromicro International Conference on Parallel, Distributed and network-based Processing, Special Session on Security in Networked and Distributed Systems, Pisa, Italy, February 17-19, 2010. [posted here 8/3/09]
SNDS 2010 aims to bring together researchers and practitioners involved in multiple disciplines concerning security in distributed systems to exchange ideas and to learn the latest developments in this important field. We will focus on issues related to network and distributed system security. Previously unpublished papers offering novel research contributions to the theoretical and practical aspects of security in distributed systems are solicited for submission. Topics of interest include, but are not limited to:
- Adaptive security
- Applied cryptography
- Authentication, authorization and access control
- Computer and network forensics
- Data mining, machine learning, and bio-inspired approaches for security
- Deception systems and honeypots
- Denial-of-service attacks and countermeasures
- Digital rights management
- Embedded System Security
- Internet and web security
- Intrusion detection and prevention
- Malware
- Reputation based security
- Risk analysis and risk management
- Security and privacy in pervasive and ubiquitous computing
- Security evaluation
- Security for grid computing
- Security of emerging technologies (sensor, wireless, peer-to-peer networks)
- Security modeling and simulation
- Security policies
- Security protocols
- Software security
- Survivability
- Tamper resistance
- Trust management
- Trusted computing

For more information, please see http://www.comsec.spb.ru/SNDS10/.

SPattern 2010 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland, February 15-18, 2010. [posted here 8/24/09]
Security patterns have arrived to a stage where there are a significant number of them, two books about them have been published, and industry is starting to accept and use them. Analysis and design patterns have been around for about ten years and have found practical use in many projects. They have been incorporated into several software development methodologies where less experienced developers can use them to receive the advice and knowledge of experts. The situation is not so clear for security patterns because no accepted methodology exists for their use.

Catalogs of security patterns are a good step, but they are not enough. Building secure systems is a difficult process where security aspects are interlaced with the satisfaction of functional requirements. Developers are typically experts on a language or a development methodology but know little about security, which results in them not knowing what security mechanisms make sense at which moments. We need methodologies that guide a designer at each stage of the development cycle. A few of them have appeared, but none of them has been tested in production applications.

This workshop focuses on secure software methodologies. We seek papers describing individual security patterns, new methodologies, new aspects of existing methodologies, pattern languages to use in the methodologies, reference architectures, blueprints, and related aspects. Experiences in applying the methodologies to real situations are especially welcome.

For more information, please see http://www-ifs.uni-regensburg.de/spattern10/.

SecSE 2010 4th International Workshop on Secure Software Engineering, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland, February 15-18, 2010. [posted here 8/24/09]
Software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defence mechanisms like IDS and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This workshop will focus on techniques, experiences and lessons learned for building secure and dependable software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering

For more information, please see http://www.sintef.org/secse.

COSADE 2010 1st Workshop on Constructive Side-channel analysis and Secure Design, Darmstadt, Germany, February 4-5, 2010. [posted here 10/12/09]
Side-channel analysis (SCA) has become an important field of research at universities and in the industry. Of particular interest is constructive side-channel analysis, as successful attacks support a target-oriented associated design process. In order to enhance the side-channel resistance of cryptographic implementations within the design phase, constructive SCA may serve as a quality metric to optimize the design- and development process. This workshop provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to meet experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributing talks. The topics of COSADE 2010 include but are not limited to:
- Constructive side-channel attacks in general
- Stochastic approach in power analysis
- Interaction between side-channel analysis and design
- Advanced stochastic methods in side-channel analysis, especially in power analysis and EM analysis
- Leakage models and security models for side-channel analysis in the presence and absence of countermeasures
- Side-channel analysis under black-box assumption
- Evaluation methodologies for side-channel resistant designs, acquisition and analysis
- Side-channel leakage assessment methodologies, models, and metrics
- SCA-aware design criteria and design techniques
- Verification methods and models for side-channel leakages within the design phase
- Methods, tools, and platforms for evaluation of side-channel characteristics of a design
- Criteria for the design flow of countermeasures
- HW / SW-acceleration for (constructive) SCA
- Leakage-resilient designs
- Countermeasures for HW / SW-Co-Design architectures
- Countermeasures against implementation attacks at algorithmic-, logic-, register transfer- and physical level
- Countermeasures against side-channel attacks on FPGAs, HW / SW Co-design architectures, SoC
- Countermeasures against attacks at the algorithmic-, logic-, register transfer-, and physical levels

For more information, please see http://cosade2010.cased.de/.

ESSoS 2010 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy, February 3-4, 2010. [posted here 6/29/09]
The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. Topics of interest include, but are not limited to:
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
- support for assurance, certification and accreditation

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2010.

WECSR 2010 Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain, January 28-29, 2010. [posted here 8/24/09]
Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field.

For more information, please see http://www.cs.stevens.edu/~spock/wecsr2010/.

RLCPS 2010 1st Workshop on Real-Life Cryptographic Protocols and Standardization, Held in conjunction with the Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain, January 25-28, 2010. [posted here 9/21/09]
As a fruit of modern cryptographic research, we have seen many cryptographic primitives such as public-key encryption and digital signature algorithms deployed in real life systems, and standardized in many international organizations such as ISO, ITUT, IEEE, IETF, and many others. We have also seen some cryptographic protocols as well, such as key distribution and entity authentication, and some dedicated protocols for limited purpose systems. This workshop aims to bring researchers and engineers together to share their experiments regarding the design of cryptographic primitives and protocols deployed in real life systems. These schemes may not be published in current conferences due to the perceived lack of novelty of their core design components. However, the process of designing the best suitable protocol in the presence of hardware and software limitations in a real life system is worth sharing. This workshop also aims to stimulate discussions on standardizing cryptographic protocols.

For more information, please see https://www.nec.co.jp/rd/en/event/RLCPS10.html.

WLC 2010 1st International Workshop on Lightweight Cryptography for Resource-Constrained Devices, Held in conjunction with the Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain, January 25-28, 2010. [posted here 9/21/09]
Lightweight devices like smart cards and RFID tags are at the core of novel emerging technologies in the information society. These devices must be cheap so as to permit their cost-effective massive manufacturing and deployment. Unfortunately, their low-cost limits their computational power. Other devices, like nodes of sensor networks suffer from an additional constraint, namely, their limited battery life. Secure applications designed for these devices can not make use of classical cryptographic primitives designed for full-fledged computers. In this sense, research on low-cost cryptography is fundamental. This workshop aims to be a forum for the presentation and discussion of current research on different topics related to low-cost cryptography, from cipher design to implementation details. This workshop focuses on (but is not limited to) the following topics:
- Smart cards
- RFID tags
- Sensor networks
- Lightweight public key cryptography
- Elliptic and hyperelliptic curves
- Lightweight block ciphers
- Stream ciphers
- Lightweight authentication protocols
- Business models requiring low-cost cryptography
For more information, please see http://www.wlc2010.udl.cat/.

FC 2010 Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain, January 25-28, 2010. [posted here 7/6/09]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged.

For more information, please see http://fc10.ifca.ai/.

HICSS-DF 2010 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii, January 5-8, 2010. [posted here 5/11/09]
This is a call for "original" papers addressing the area of digital forensics - to include research endeavors, industrial experiences and pedagogy . This minitrack is attempting to bring together an international collection of papers from academia, industry and law enforcement which address current directions in digital forensics. Digital forensics includes the use of software, computer science, software engineering, and criminal justice procedures to explore and or investigate digital media with the objective of finding evidence to support a criminal or administrative case. It involves the preservation, identification, extraction, and documentation of computer or network evidence. This minitrack is interested in a wide variety of papers which address the following areas as well as others:
- Pedagogical papers that describe digital forensics degree programs or the teaching of digital forensics within other programs internationally.
- Papers that address a research agenda that considers practitioner requirements, multiple investigative environments and emphasizes real world usability.
- Papers that present an experience report involving the discovery, explanation and presentation of conclusive, persuasive evidence from digital forensics investigation.
- Papers that combine research and practice.
- Processes for the incorporation of rigorous scientific methods as a fundamental tenant of the evolving science of Digital Forensics.
- Tools and techniques being developed through research activity.

For more information, please see http://www.hicss.hawaii.edu/hicss_43/apahome43.html.

IFIP-DF 2010 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong, January 3-6, 2010. [posted here 2/2/09]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in the emerging field of digital forensics. The Sixth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network forensics
- Portable electronic device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org/Conferences/WG11-9-CFP-2010.pdf.