Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:01/13/14

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

Past journals announcements

Past conferences and other announcements

 
       

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

 

Past Conferences and Other Announcements - 2013

ATC 2013 10th IEEE International Conference on Autonomic and Trusted Computing, Sorrento Peninsula, Italy, December 18-21, 2013. [posted here 07/15/13]
Computing systems including hardware, software, communication, and networks are growing towards an ever-increasing scale and heterogeneity, becoming overly complex. Such complexity is getting even more critical with the ubiquitous permeation of embedded devices and other pervasive systems. To cope with the growing and ubiquitous complexity, Autonomic Computing (AC) focuses on self-manageable computing and communication systems that exhibit self-awareness, self-configuration, self-optimization, self-healing, self-protection and other self-x operations to the maximum extent possible without human intervention or guidance. Organic Computing (OC) additionally addresses adaptivity, robustness, and controlled emergence as well as nature-inspired concepts for self-organization. Any autonomic or organic system must be trustworthy to avoid the risk of losing control and retain confidence that the system will not fail. Trust and/or distrust relationships in the Internet and in pervasive infrastructures are key factors to enable dynamic interaction and cooperation of various users, systems, and services. Trusted/Trustworthy Computing (TC) aims at making computing and communication systems as well as services available, predictable, traceable, controllable, assessable, sustainable, dependable, persistent, security/privacy protectable, etc. ATC 2013 will offer a forum for researchers to exchange ideas and experiences in the most innovative research and development in these challenging areas and includes all technical aspects related to autonomic/organic computing (AC/OC) and trusted computing (TC).

For more information, please see http://cse.stfx.ca/~atc2013/.

BigSecurity 2013 1st International Workshop on Security and Privacy in Big Data, Held in conjunction with Globecom 2013, Atlanta, Georgia, USA, December 9-13, 2013. [posted here 05/13/13]
As we are deep into the Information Age, we witness the explosive growth of data available on the Internet. For example, human beings create about 2.5 quintillion bytes of data every day in 2012, which come from sensors, individual archives, social networks, Internet of Things, enterprise and Internet in all scales and formats. We face one of the most challenging issues, i.e., how to effectively manage such a large amount of data and identify new ways to analyze large amounts of data and unlock information. The issue is also known as Big Data, which has been emerging as a hot topic in Information and Communication Technologies (ICT) research. Security and privacy issue is critical for Big Data. Many works have been carried out focusing on business, application and information processing level from big data, such as data mining and analysis. However, security and privacy issues in Big Data are seldom mentioned to date. Due to its extraordinary scale, security and privacy in Big Data faces many challenges, such as efficient encryption and decryption algorithms, encrypted information retrieval, attribute based encryption, attacks on availability, reliability and integrity of Big Data. This workshop offers a timely venue for researchers and industry partners to present and discuss their latest results in security and privacy related work of Big Data.

For more information, please see http://www.nsp.org.au/CFP/BigSecurity/.

INSCRYPT 2013 9th International Conference on Information Security and Cryptology, Guangzhou, China, November 27-30, 2013. [posted here 07/29/13]
Inscrypt 2013 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of information security, cryptology, and their applications. Areas of interest include, but are not limited to:
- Access Control
- Authentication and Authorization
- Biometric Security
- Distributed System Security
- Big Data and Cloud Security
- Electronic Commerce Security
- Intrusion Detection
- Information Hiding and Watermarking
- Key Management and Key Recovery
- Network Security
- Security Protocols and Their Analysis
- Security Modeling and Architectures
- Provable Security
- Secure Multiparty Computation
- Foundations of Cryptography
- Secret Key and Public Key Cryptosystems
- Implementation of Cryptosystems
- Hash Functions and MACs
- Block Cipher Modes of Operation
- Intellectual Property Protection
- Mobile System Security
- Operating System Security
- Risk Evaluation and Security Certification
- Prevention and Detection of Malicious Codes

For more information, please see http://www.inscrypt.cn/.

RFIDsec-Asia 2013 Workshop on RFID and IoT Security, Guangzhou, China, November 27, 2013. [posted here 03/18/13]
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers, enterprises and governments a platform to investigate, discuss and propose new solutions on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications. Papers with original research in theory and practical system design concerning RFID/IoT security are solicited. Topics of interest include, but are not limited to, the following:
- New applications for secure RFID/IoT systems
- Data integrity and privacy protection techniques for RFID/IoT
- Attacks and countermeasures on RFID/IoT systems
- Design and analysis on secure RFID/IoT hardware
- Risk assessment and management on RFID/IoT applications
- Trust model, data aggregation and information sharing for EPCglobal network
- Resource efficient implementation of cryptography
- Integration of secure RFID/IoT systems

For more information, please see http://www.inscrypt.cn/2013/Inscrypt_2013/CFP-RFIDsecAsia.htm.

SIN 2013 6th International Conference on Security of Information and Networks, Aksaray, Turkey, November 26-28, 2013. [posted here 03/04/13]
The 6th International Conference on Security of Information and Networks (SIN 2013) provides an international forum for presentation of research and applications of security in information and networks. Papers addressing all aspects of security in information and networks are being sought. Researchers and industrial practitioners working on the following and related subjects are especially encouraged: Development and realization of cryptographic solutions, security schemes, new algorithms; critical analysis of existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy; detection and prevention of cybercrimes such as fraud and phishing; next generation network architectures, protocols, systems and applications; industrial experiences and challenges of the above.

For more information, please see http://www.sinconf.org.

SADFE 2013 8th International Workshop on Systematic Approaches to Digital Forensics Engineering, Hong Kong, November 21-22, 2013. [posted here 07/15/13]
We invite you to SADFE-2013, the eighth international conference on Systematic Approaches to Digital Forensic Engineering to be held in Hong Kong, China, November 21-22, 2013. SADFE-2013 investigates the application of digital forensic engineering expertise to advance a variety of goals, including criminal and corporate investigations, as well as documentation of individual and organizational activities. We believe digital forensic engineering is vital to security, the administration of justice and the evolution of culture. We welcome previously unpublished papers on digital forensics, security and preservation as to civil, criminal and national security investigations for use within a court of law, the execution of national policy or to aid in understanding the past and digital knowledge in general. Potential topics to be addressed by submissions include, but are not limited to:
- Digital Data and Evidence Management: advanced digital evidence discovery, collection, management, storage and preservation
- Digital Evidence, Data Integrity and Analytics: advanced digital evidence and digitized data analysis, correlation, and presentation
- Forensics of embedded or non-traditional devices (e.g. digicams, cell phones, SCADA, obsolete storage media)
- Forensic and digital data integrity issues for digital preservation and recovery
- Scientific Principle-Based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds
- Legal, Ethical and Technical Challenges

For more information, please see http://conf.ncku.edu.tw/sadfe/sadfe13/.

ICICS 2013 15th International Conference on Information and Communications Security, Beijing, China, November 20-22, 2013. [posted here 02/11/13]
The 2013 International Conference on Information and Communications Security will be the 15th event in the ICICS conference series, started in 1997, that brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange of ideas. Original papers on all aspects of Information and Communications Security are solicited for submission to ICICS 2013. Areas of interest include, but are not limited to:
- Access control
- Information Hiding and Watermarking
- Anonymity
- Intellectual Property Protection
- Anti-Virus and Anti-Worms
- Intrusion Detection
- Authentication and Authorization
- Key Management and Key Recovery
- Biometric Security
- Language-based Security
- Cloud Security
- Network Security
- Computer / Digital Forensics
- Operating System Security
- Data and System Integrity
- Privacy Protection
- Database Security
- Risk Evaluation and Security Certification
- Distributed Systems Security
- Security for Mobile Computing
- Electronic Commerce Security
- Security Models
- Engineering issues of Crypto/Security Systems
- Security Protocols
- Fraud Control
- Smartphone Security
- Grid Security
- Trusted and Trustworthy Computing

For more information, please see http://icsd.i2r.a-star.edu.sg/icics2013/.

IWSEC 2013 8th International Workshop on Security, Okinawaken Shichouson Jichikaikan, Japan, November 18-20, 2013. [posted here 03/18/13]
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2013. Topics of interest for IWSEC 2013 include but are not limited to:
- Anonymity
- Application Security
- Authentication, Authorization and Access Control
- Biometrics
- Block/Stream Ciphers
- Cloud Computing Security
- Cryptographic Implementations and their Analysis
- Cryptographic Protocols
- Cryptanalysis
- Data and System Integrity
- Database Security
- Digital Forensics
- Digital Signatures
- E-business/e-commerce/e-government Security
- Hash Functions
- Information Hiding
- Information Law and Ethics
- Intellectual Property Protection
- Intrusion Prevention and Detection
- Malware Prevention and Detection
- Mobile System Security
- Network Security
- Privacy Preserving Systems
- Public Key Cryptosystems
- Quantum Security
- Risk Analysis and Risk Management
- Security Architectures
- Security for Consumer Electronics
- Security for Critical Infrastructures
- Security Management
- Secure Multiparty Computation
- Security for Ubiquitous/Pervasive Computing
- Smart Card and RFID Security
- Software Security
- System Security
- Web Security

For more information, please see http://www.iwsec.org/2013/.

ISC 2013 16th Information Security Conference, Dallas, Texas, USA, November 13-15, 2013. [posted here 07/29/13]
The Information Security Conference (ISC) is an annual international conference covering research in theory and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. Topics of interest include, but are not limited to:
- access control
- accountability
- anonymity and pseudonymity
- applied cryptography
- authentication
- biometrics
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital right management
- economics of security and privacy
- electronic frauds
- formal methods in security
- identity management
- information dissemination control
- information hiding and watermarking
- intrusion detection
- network security
- peer-to-peer security
- privacy
- secure group communications
- security and privacy in pervasive/ubiquitous computing
- security in information flow
- security in IT outsourcing
- security for mobile code
- secure cloud computing
- security of eCommerce, eBusiness and eGovernment
- security in location services
- security modeling and architectures
- security models for ambient intelligence environments
- security in social networks
- trust models and trust management policies
- embedded security

For more information, please see http://www.utdallas.edu/isc/.

HST 2013 13th annual IEEE Conference on Technologies for Homeland Security, Waltham, Massachusetts, USA, November 12 - 14, 2013. [posted here 01/21/13]
The 13th annual IEEE Conference on Technologies for Homeland Security (HST '13), will be held 12 - 14 November will bring together innovators from leading academic, industry, business, Homeland Security Centers of Excellence, and government programs to provide a forum to discuss ideas, concepts, and experimental results. Produced by IEEE with technical support from DHS S&T, IEEE Boston Section, and IEEE-USA and organizational support from MIT Lincoln Laboratory, Raytheon, Battelle, and MITRE, this year's event will once again showcase selected technical paper and posters highlighting emerging technologies in the areas of Cyber Security, Attack and Disaster Preparation, Recovery, and Response, Land and Maritime Border Security and Biometrics & Forensics.

For more information, please see http://www.ieee-hst.org.

SPSM 2013 3rd Workshop on Security and Privacy in Smartphones and Mobile Devices, Held in conjunction with the ACM CCS 2013, Berlin, Germany, November 8, 2013. [posted here 05/13/13]
The SPSM workshop intends to provide a venue for interested researchers and practitioners to get together and exchange ideas. The workshop will deepen our understanding of various security and privacy issues on smartphones. As with the two very well received previous editions, the topics of interest to SPSM 2013 include (but are not limited to) the following subject categories:
- Device/hardware security
- OS/Middleware security
- Application security
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Privacy
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile security

For more information, please see http://www.spsm-workshop.org/2013/.

CCS 2013 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 4-8, 2013. [posted here 03/18/13]
The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.

For more information, please see http://www.sigsac.org/ccs/CCS2013/.

WPES 2013 12th Workshop on Privacy in the Electronic Society, Collocated with the ACM Conference on Computer & Communications Security (CCS) 2013, Berlin, Germany, November 4, 2013. [posted here 07/22/13]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
- anonymity, pseudonymity, and unlinkability
- crowdsourcing for privacy and security
- data correlation and leakage attacks
- data security and privacy
- electronic communication privacy
- economics of privacy
- information dissemination control
- models, languages, and techniques for big data protection
- personally identifiable information
- privacy-aware access control
- privacy and anonymity on the Web
- privacy in cloud and grid systems
- privacy and confidentiality management
- privacy and data mining
- privacy in the digital business
- privacy in the electronic records
- privacy enhancing technologies
- privacy in health care and public administration
- privacy and human rights
- privacy metrics
- privacy in mobile systems
- privacy in outsourced scenarios
- privacy policies
- privacy vs. security
- privacy in social networks
- privacy threats
- privacy and virtual identity
- public records and personal privacy
- user profiling
- wireless privacy

For more information, please see http://wpes2013.di.unimi.it.

TrustED 2013 3rd International Workshop on Trustworthy Embedded Devices, Collocated with the ACM Conference on Computer & Communications Security (CCS) 2013, Berlin, Germany, November 4, 2013. [posted here 06/10/13]
In this workshop we consider selected aspects of cyber physical systems and their environments. We aim to bring together experts from academia, research institutions, industry, and government to discuss problems, challenges, and some recent scientific and technological developments in this field. In particular, we are keenly interested in the participation of industry representatives. The workshop topics include, but are not limited to:
- embedded system security
- privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
- physical and logical convergence (e.g., secure and privacy-preserving facility management)
- hardware entangled cryptography
- foundation, development, and applications of physical security primitives (e.g., physical unclonable functions - PUFs)
- remote attestation
- IP protection for embedded systems
- reverse engineering
- secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- new protection paradigms for trustworthy embedded systems

For more information, please see http://trusted.trust.cased.de/.

CRiSIS 2013 8th International Conference on Risks and Security of Internet and Systems, La Rochelle, France, October 23-25, 2013. [posted here 03/25/13]
The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, as well as security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as tele medicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to:
- Analysis and management of risk
- Attacks and defenses
- Attack data acquisition and network monitoring
- Cryptography, Biometrics, Watermarking
- Dependability and fault tolerance of Internet applications
- Distributed systems security
- Embedded system security
- Empirical methods for security and risk evaluation
- Hardware-based security and Physical security
- Intrusion detection and Prevention systems
- Organizational, ethical and legal issues
- Privacy protection and anonymization
- Risk-aware access and usage control
- Security and risk assessment
- Security and risks metrics
- Security and dependability of operating systems
- Security and safety of critical infrastructures
- Security and privacy of peer-to-peer system
- Security and privacy of wireless networks
- Security models and security policies
- Security of new generation networks, security of VoIP and multimedia
- Security of e-commerce, electronic voting and database systems
- Security of social networks
- Smartphone security and privacy
- Traceability, metrology and forensics
- Trust management
- Use of smart cards and personal devices for Internet applications
- Web and cloud security

For more information, please see http://secinfo.msi.unilim.fr/crisis2013/.

SafeConfig 2013 6th Symposium on Security Analytics and Automation, Washington, D.C., USA, October 14, 2013. [posted here 05/13/13]
The new sophisticated cyber security threats demand new security management approaches that offer a holistic security analytics based on the system data including configurations, logs and network traffic. Security analytics must be able to handle large volumes of data in order to model, integrate, analyze and respond to threats at real time. The system configuration/policy is a key component that determines the security and resiliency of networked information systems and services. However, a typical enterprise networked environment contains thousands of network and security devices and millions of inter-dependent configuration variables (e.g., rules) that orchestrate the end-to-end system behavior globally. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing), the need for security analytics and automation significantly increases. The coupled integration of network sensor data and configuration in a unified framework will enable intelligent response, automated defense, and network resiliency/agility. This symposium offers a unique opportunity by bringing together researchers form academic, industry as well as government agencies to discuss these challenges, exchange experiences, and propose joint plans for promoting research and development in this area. SafeConfig Symposium is a one day program that will include invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig Symposium solicits the submission of original unpublished ideas in 8-page long papers, 4-page sort papers, or 2-pages posters. Security analytics and automation for new emerging application domains such as clouds and data centers, cyber-physical systems software defined networking and Internet of things are of particular interest to SafeConfig community.

For more information, please see http://www.safeconfig.org.

CNS 2013 1st IEEE Conference on Communications and Network Security, Washington D.C., USA, October 14-16, 2013. [posted here 10/08/12]
Cyber security has become an important research and development area for academia, government, and industry in recent years. As government and industry investment in cyber security research continues to grow, there will be a dramatic increase in the amount of new results generated by the research community, which must be disseminated widely amongst the research community in order to provide the peer review feedback that is needed to ensure that high-quality solutions that address important and emerging security issues are developed. As a leading professional society focusing on communications technologies, IEEE Communications Society (ComSoc) has identified the need for a high-quality security conference that would focus on communications-oriented aspects of security. IEEE ComSoc has thus decided to launch a new conference dedicated to Communications and Network Security. This new conference is positioned to be a core ComSoc conference (at a level comparable to IEEE INFOCOM ) and will serve as a premier forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to security and privacy. IEEE CNS seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. Particular topics of interest include, but are not limited to:
- Security and Privacy in the Internet, peer-to-peer networks, overlay networks
- Security and Privacy in Wi-Fi, Wi-Max, ad hoc, mesh, sensor, and RFID networks
- Security and Privacy in emerging technologies: social networks, cognitive radio networks, disruption/delay tolerant networks, vehicular networks, cloud computing, smart grid
- Cross-layer methods for enhancing security
- Information-theoretic security
- Anonymization and privacy in communication systems
- Traffic analysis, location privacy and obfuscation of mobile device information
- Physical layer security methods: confidentiality and authentication
- Secure routing, network management
- Intrusion detection
- Computer and network forensics
- Vulnerability, exploitation tools, Malware, Botnet, DDoS attacks
- Key management and PKI
- Security metrics and performance evaluation, traffic analysis techniques
- Web, e-commerce, m-commerce, and e-mail security
- Social, economic and policy issues of trust, security and privacy
- Ensuring the availability of communications, survivability of networks in the presence of denial of service
- Jamming and jamming-resistance
- Multipath routing around network holes

For more information, please see http://www.ieee-cns.org.

VizSec 2013 10th International Symposium on Visualization for Cyber Security, Atlanta, GA, USA, October 14, 2013. [posted here 03/04/13]
The 10th International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec will provide an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

For more information, please see http://www.vizsec.org/.

SeTTIT 2013 Workshop on Security Tools and Techniques for Internet of Things, Co-located with the BODYNETS 2013 conference, Boston, Massachusetts, USA, September 30 - October 2, 2013. [posted here 03/18/13]
E-health systems have the objective to continuously monitor the state of patients in order to increase knowledge and understanding of their physical status. Being a system of systems, the Internet of Things (IoT) has to master the challenge of integrating heterogeneous systems across technology boundaries. Timely delivery of observation data is a key aspect to identifying potential diseases and anomalies. IoT systems are vulnerable to attacks since communication is mostly wireless and thus vulnerable to eavesdropping, things are usually unattended and thus vulnerable to physical attacks, and most IoT elements are short on both the energy and computing resources necessary for the implementation of complex security-supporting schemes. Among the plethora of applications that can benefit from the IoT, the workshop will have a particular focus on security aspects in eHealth and in the broad-sense of well-being. Security aspects in other application domains of the IoT are also of interest. The workshop will address security issues that are particular to the context of using IoT for eHealth including threat modeling, risk assessment, privacy, access control, and fault-tolerance. Theoretical, modeling, implementation, and experimentation issues will be discussed to build an accurate general view on the security of medical BANs. One of the major challenges that will be underlined by the workshop participants is the combination of different security models needed for the sub-networks of the IoT (e.g., BAN, PAN, LAN, MANET) with consideration of the severe computational, storage, and energy limitations of the elementary smart nodes. We encourage contributions describing innovative work addressing the use of information and communication technologies in medical applications. Topics of interest include, but are not limited to:
- Definition of accurate metrics to assess the threats and the risks associated to IoT for eHealth
- Identification and description of new attack scenarios that are specific to IoT architectures
- Context-awareness for IoT security in eHealth
- Soft trust management in IoT
- Risk-based adaptive security for IoT
- Analytics and predictive models for adaptive security in IoT
- Adaptive security decision-making models for IoT
- Evaluation and validation models for adaptive security in IoT
- Lightweight cryptographic protocols for IoT
- Investigation of the security properties that should be fulfilled by the transmission of patient data across body area networks
- Designing secure heterogeneous BAN architectures for eHealth applications
- Implementing practical testbeds that allow the analysis of the security performance of BANs
- Monitoring the security level of the eHealth applications relying on IoT
- Analyzing the results of experiments conducted using real patient data and studying the security performance of the associated architectures

For more information, please see http://settit.bodynets.org/2013/show/home.

SECURECOMM 2013 9th International ICST Conference on Security and Privacy in Communication Networks, Sydney, Australia, September 25-27, 2013. [posted here 03/18/13]
Securecomm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Topics of interest include, but are not limited to, the following:
- Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks
- Network Intrusion Detection and Prevention, Firewalls, Packet Filters
- Malware, botnets and Distributed Denial of Service
- Communication Privacy and Anonymity
- Network and Internet Forensics Techniques
- Public Key Infrastructures, Key Management, Credential Management
- Secure Routing, Naming/Addressing, Network Management
- Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs
- Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems

For more information, please see http://securecomm.org/2013/.

CMS 2013 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security, Magdeburg, Germany, September 25-26, 2013. [posted here 02/11/13]
The conference provides a forum for engineers and scientists in information security. Both state-of-the-art issues and practical experiences as well as new trends in these areas will be once more the focus of interest just like at preceding conferences. The conference will address in particular security and privacy issues in mobile contexts, web services (including social networking) and ubiquitous environments. We solicit papers describing original ideas and research results on topics that include, but are not limited to: applied cryptography, biometrics, forensics, secure documents and archives, multimedia systems security, digital watermarking, distributed DRM policies, attack resistant rndering engines, adaptive anomaly detection, censorship resistance, risk management, mobility and security/privacy, mobile identities, privacy enhanced identity management, security/privacy policies and preferences, social networks security/privacy, security/privacy in geo-localized applications, security/privacy in VoIP`, security policies (including usage control), web services security, economics of network and information security (NIS), SOA security, ubiquitous and ambient computing security, cloud computing security/privacy, wireless and ad hoc network security, RFID tags and (multimedia) sensor nodes security, security technology effectiveness, incentivizing security.

For more information, please see http://www.cms2013.de.

eCrime 2013 8th IEEE eCrime Researchers Summit, San Francisco, California, USA, September 17-18, 2013. [posted here 05/13/13]
eCRS 2013 consist of two full days which bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it. Topics of interests include (but are not limited to):
- Case studies of current attack methods, including phishing, malware, rogue antivirus, pharming, crimeware, botnets, and emerging techniques
- Case studies of online advertising fraud, including click fraud, malvertising, cookie stuffing, and affiliate fraud
- Case studies of large-scale take-downs, such as coordinated botnet disruption
- Technical, legal, political, social and psychological aspects of fraud and fraud prevention
- Economics of online crime, including measurement studies of underground economies and models of e-crime
- Uncovering and disrupting online criminal collaboration and gangs
- Financial infrastructure of e-crime, including payment processing and money laundering
- Techniques to assess the risks and yields of attacks and the effectiveness of countermeasures
- Delivery techniques, including spam, voice mail, social network and web search manipulation; and countermeasures
- Techniques to avoid detection, tracking and take-down; and ways to block such techniques
- Best practices for detecting and avoiding damages to critical internet infrastructure, such as DNS and SCADA, from electronic crime activities

For more information, please see http://ecrimeresearch.org/events/eCrime2013/cfp.

CRITIS 2013 8th International Workshop on Critical Information Infrastructures Security, Amsterdam, The Netherlands, September 16-18, 2013. [posted here 04/15/13]
The annually held CRITIS conference is devoted to Critical (Information) Infrastructure security, protection and resilience. Modern societies increasingly depend on critical infrastructures. Those themselves increasingly depend on and are entangled with Information and Communication Technologies (ICT). Disruption or loss of (ICT-based) critical infrastructures may result in serious consequences for the functioning of the society, the economy, the functioning of governments, the ecology and social well-being of people, and in the most unfortunate cases loss of human lives, livestock and other animals. As a consequence, the security, reliability and resilience of these infrastructures are critical for the society. Critical (Information) Infrastructure Protection (C(I)IP) is therefore a major objective for governments, companies, operators of these infrastructures and the worldwide research community. CRITIS 2013 is set to continue a well-established tradition of presenting innovative research and exploring new challenges for the protection of critical information-based infrastructures (CIP/CIIP). CRITIS brings together stakeholders from industry, operators and governments as well as researchers and professionals from academia, applied research organisations and industry interested in all different aspects of C(I)IP. One focus of CRITIS 2013 is on the new challenges of cyber resilience of smart cities and smart mobility, a topic that will be highlighted by thought provoking and visionary keynote speeches and by conference papers.

For more information, please see http://www.critis2013.nl.

QASA 2013 2nd International Workshop in Quantitative Aspects in Security Assurance, Held in conjunction with ESORICS 2013, Egham, U.K., September 12-13, 2013. [posted here 04/15/13]
There is an increasing demand for techniques to deal with quantitative aspects of security assurance at several levels of the development life-cycle of systems & services, e.g., from requirements elicitation to run-time operation and maintenance. The aim of this workshop is to bring together researchers and practitioners interested in these research topics with a particular emphasis techniques for service oriented architectures. The scope of the workshop, is intended to be broad, including aspects as dependability, privacy, risk and trust. The list of topics includes, but it is not limited to:
- Probabilistic/stochastic model checking
- Quantitative information flow analysis
- Quantitative issues in access and usage control
- Security testing techniques
- Static/dynamic code analysis techniques
- Metrics for security, trust and privacy
- Incremental/modular security assurance analysis
- Process compliance assurance techniques
- Tool support for quantitative security assurance
- Simulation techniques
- Model-driven techniques for security, trust, risk and privacy
- Assurance cases modelling and analysis

For more information, please see http://www.iit.cnr.it/qasa2013.

DPM 2013 8th International Workshop on Data Privacy Management, Held in conjunction with ESORICS 2013, Egham, U.K., September 12-13, 2013. [posted here 04/15/13]
The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. Topics of interest include, but are not limited to the following:
- Privacy Information Management
- Privacy Policy-based Infrastructures and Architectures
- Privacy-oriented Access Control Languages and Models
- Privacy in Trust Management
- Privacy Data Integration
- Privacy Risk Assessment and Assurance
- Privacy Services
- Privacy Policy Analysis
- Lightweight cryptography & Cryptanalysis
- Query Execution over Privacy Sensitive Data
- Privacy Preserving Data Mining
- Hippocratic and Water-marking Databases
- Privacy for Integrity-based Computing
- Privacy Monitoring and Auditing
- Privacy in Social Networks
- Privacy in Ambient Intelligence (AmI) Applications
- Individual Privacy vs. Corporate/National Security
- Code-based Cryptology
- Privacy in computer networks
- Privacy and RFIDs
- Privacy and Big Data
- Privacy in sensor networks

For more information, please see http://research.icbnet.ntua.gr/DPM2013/.

TClouds 2013 Workshop on Trustworthy Clouds, Co-located with ESORICS 2013, Egham, U.K, September 12-13, 2013. [posted here 07/15/13]
The workshop aims at bringing together researchers and practitioners working in cryptography, security, and distributed systems, from academia and industry, who are interested in the security and resilience of cloud computing. Security and resilience are widely regarded as a key concern for cloud-service providers, who want to protect their platforms and isolate tenants, as well as for cloud-customers, who want to minimize exposure of their data and computations. The goal is to create a dialogue about common goals and to discuss solutions for security problems in cloud computing, relying on operating system techniques, secure distributed protocols, cryptographic methods, and the trusted computing paradigm. Topics include cryptographic protocols, secure virtualization mechanisms, resilient distributed protocols, privacy and integrity for outsourced data, trusted computing etc.

For more information, please see http://workshop13.tclouds-project.eu/.

SeCIHD 2013 3rd IFIP International Workshop on Security and Cognitive Informatics for Homeland Defense, Held in conjunction with the 8th ARES Conference (ARES 2013), Regensburg, Germany, September 2-6, 2013. [posted here 03/18/13]
In the last years significant work has been undertaken by Governments and local agencies with respect to the protection of critical infrastructures and public-private sector coordination in the event of a cyber-attack. Threats to cities and their social infrastructures, e.g. from crime, and terrorism, endanger human life directly and indirectly. Resilience of critical infrastructures is gaining importance as a core concept to cope with such threats. In general, this means strengthening social infrastructures to prevent or mitigate such threats and to consistently deliver the intended services in a trustworthy and "normal" way even in changing situations. Information and communication infrastructure (ICT) is a primary part of the social infrastructure and therefore one of the central objects of these attacks. As a consequence, effective response capabilities must be properly organized and closely coordinated because, at the time of a cyber-attack, it is not possible to immediately determine whether the attacker is a script kiddie, an insider, a rogue actor (organized crime, terrorist organization, or radical), or a nation state. Unlike traditional Defense categories (i.e., land, air, and sea), the capabilities required to respond to an attack on critical infrastructures will necessarily involve infrastructure owned and operated by both the public and the private sector. Exercising for effective digital systems security becomes thus a crucial task in order to strengthen the resilience of IT systems against arising threats. Advanced information technologies that are able to analyze and interpret complex patterns or situations and take the proper decisions in terms on countermeasures the basic building blocks of the above solutions. In this context, it is worth noting research that combines security and defense aspects with achievements in designing advanced systems for the acquisition and sophisticated semantic analysis of complex image patterns and group behaviors. Such systems use cognitive models of semantic interpretation and can be applied to develop e.g., algorithms and protocols used for the security of computer systems themselves, but also to ensure the confidentiality and security of communication networks. Thus, the aim of this workshop is collecting and discussing new ideas and solutions that can be used to develop globally understood safe solutions connected with activities to strengthen national defense capability. The workshop topics include (but are not limited to):
- Homeland Security and Information Processing
- Investigative and Computer System Related Forensic Techniques, Trends and Methods
- Network Forensics, Wireless and Mobile Forensics
- Cyber-Defense Threat Analysis
- Emergency Management, Including Prevention, Planning, Response, and Recovery
- Secure Communications, Cyber-Attack Countermeasures
- Vulnerability Analysis and Countermeasures
- Anomaly Detection
- Information Sharing and Secrecy
- Cryptographic Models for Homeland Defense
- Personal Security and Biometric
- Intelligent Robots and Unmanned Vehicles
- Target and Pattern Recognition
- Sensor and Data Analysis
- Semantic Image and Data Processing
- Information Fusion
- Emerging Threats in Intelligent Energy Systems
- Advanced Vision Algorithms
- Security and Privacy in Ambient Intelligence
- Context and Location-aware Computing
- Embedded Systems in Security
- Knowledge-based Systems for Internet Security
- Security Issues and Protocols for Internet Services
- Privacy and Trust for Internet Services
- Artificial Intelligence and Computational Intelligence
- Cognitive Informatics
- Security and Privacy in Power-Grid Systems
- Cognitive Models of the Brain
- Mathematical Foundations of Computing and Cryptography
- Biologically Inspired Information Systems and Secret Data Management
- Cognitive Image and Scene Understanding
- Intelligent Health Technologies

For more information, please see http://isyou.info/conf/secihd13/.

ECTCM 2013 1st International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with ARES 2013, University Regensburg, Germany, September 2-6, 2013. [posted here 03/04/13]
The First International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. After organizing three informal workshops on Early Warning Systems in IT in the past three years, we strongly believe that the next step is to give the workshop a more formal structure in context of an internationally acclaimed scientific conference. The focus of this year's workshop is on IT Early Warning, Malware Detection and Analysis, Targeted Attacks, Cryptanalysis, and Privacy Protection. Contributions demonstrating both current weaknesses and threats as well as new countermeasures are welcome.

For more information, please see http://www.ectcm.net.

TGC 2013 8th International Symposium on Trustworthy Global Computing, Buenos Aires, Argentina, August 30-31, 2013. [posted here 03/18/13]
The Symposium on Trustworthy Global Computing is an international annual venue dedicated to safe and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms and protocols for designing open-ended, large-scaled applications and for reasoning about their behaviour and properties in a rigorous way. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to):
- theories, languages, models and algorithms
- language concepts and abstraction mechanisms
- security, trust, privacy and reliability
- resource usage and information flow policies
- software development and software principles
- model checkers, theorem provers and static analyzers

For more information, please see http://sysma.lab.imtlucca.it/tgc2013/.

PROOFS 2013 2nd International Workshop on Security Proofs for Embedded Systems, Santa Barbara, California, USA, August 24, 2013. [posted here 06/10/13]
Formal methods are used to increase the confidence level in system designs. They are customarily used for safety and dependability testing. The focus of the PROOFS workshop is the study of formal methods applied at the design stage with a view to preventing implementation-level attacks. As analog devices (random number generation, physically unclonable functions, etc.) are involved in some protection schemes, their experimental security proof are also emerging as a hot topic. Thus the workshop welcomes contributions in the following fields:
- modelization of the threat
- model verification and analysis with mathematical methods
- protections, with their formal proof (at algorithmic or at code-level)
- cyber-security patterns against viruses and malicious intrusions
- resilience approaches to side-channel attacks
- resilience approaches to perturbation attacks
- resilience approaches to invasive attacks
- formal verification of embedded software, at source code or assembly level
- formal verification of VLSI designs, at RTL or netlist-level
- formal verification of hardware designs of crypto algorithms
- formal techniques for malicious circuits detection in embedded system
- return on experiment about common criteria certification at EAL6 or EAL7

For more information, please see http://www.proofs-workshop.org/.

GreenCom 2013 IEEE International Conference on Green Computing and Communications, Security, Privacy, and Trust Computing Track, Beijing, China, August 20-23, 2013 . [posted here 04/01/13]
Computer networks, communication systems, and other IT infrastructures have caused severe environmental problems by consuming significant amounts of power, increasing greenhouse gas emissions, and lead to pollution during the production and disposal. To reduce such environmental problems and create a sustainable environment, new energy models, algorithms, methodologies, platforms, tools and systems are pressing. Thus, green computing and communications solutions should be designed with more renewable energy, higher energy efficiency, lower greenhouse gas emission, and less harmful materials. The 2013 IEEE International Conference on Green Computing and Communications (GreenCom 2013) will be an exciting international forum for scientists, engineers, and researchers to exchange their novel works regarding advancements in the state-of-art of green computing and communications, as well as to identify the emerging research topics and open issues for further researches. The Security, Privacy, and Trust Computing Track of the conference seeks submissions from the industry and academia, presenting novel research contributions to computer security, privacy, and trust management. Topics of interest include, but are not limited to:
- Coding and cryptography for green communications and computing
- Remote data integrity and possession
- Dependability, availability and forensics in clouds
- Secure cooperative computation
- Private information retrieval from clouds
- Distributed computation and access control on encrypted data
- Security and privacy in vehicular networks
- Privacy enhanced social networks
- Security and privacy in electronic healthcare networks
- Security and privacy in Internet of things
- Privacy in data disclosure and mining
- Green cryptography for resource-constraint information systems
- Secure smart grid technology for future green energy management
- Lightweight cryptography for green computing
- Digital forensics and crimes
- Cloud computing security
- Security policy and privacy requirements
- Cyber security
- Biometrics
- Digital watermarking
- Quantum cryptography
- Physical layer security for communications
- Security algorithms and applications

For more information, please see http://www.china-iot.net/GreenCom2013.htm.

CHES 2013 Workshop on Cryptographic Hardware and Embedded Systems, Co-located with the 33rd Annual International Cryptology Conference (CRYPTO 2013), Santa Barbara, California, USA, August 20-23, 2013. [posted here 12/24/12]
CHES covers new results on all aspects of the design and analysis of cryptographic hardware and software implementations. The workshop builds a bridge between the cryptographic research community and the cryptographic engineering community. With participants from industry, academia, and government organizations, the number of participants has grown to over 300 in recent years. CHES 2013 will be co-located with the 33rd Annual International Cryptology Conference, CRYPTO 2013, in Santa Barbara, California, USA. This will provide unique interaction opportunities for the communities of both conferences. In addition to a track of high-quality presentations, CHES 2013 will offer invited talks, tutorials, a poster session, and a rump session. The topics of CHES 2013 include but are not limited to:
- Cryptographic implementations
- Attacks against implementations and countermeasures against these attacks
- Tools and methodologies
- Interactions between cryptographic theory and implementation issues
- Applications

For more information, please see http://www.chesworkshop.org/ches2013/.

WISA 2013 14th International Workshop on Information Security Applications, Jeju Island, Korea, August 19-21, 2013. [posted here 04/15/13]
This year's program committee chairs decide to convert WISA to be a venue for discussing system security and offensive technology issues among researchers in Asia. More specifically, it will resemble two well-known conferences: USENIX Security and WOOT. The primary focus of WISA 2013, therefore, is on systems and network security, and the secondary focus is on offensive technology. Accordingly, the workshop will be composed of two tracks: regular and OT (Offensive Technology). Regular paper submissions are solicited in all areas relating to systems and network security, including:
- Analysis of network and security protocols
- Anonymity and censorship-resistant technologies
- Applications of cryptographic techniques
- Authentication and authorization of users, systems, and applications
- Automated tools for source code/binary analysis
- Botnet defense
- Critical infrastructure security
- Cryptographic implementation analysis and construction
- Denial-of-service attack countermeasures
- Embedded systems security
- Forensics
- Hardware and physical security
- Human-computer interaction, security, and privacy
- Intrusion/anomaly detection and prevention
- Malware analysis
- Mobile/wireless/cellular system security
- Network infrastructure security
- Operating system security
- Physical security
- Security architectures
- Security in heterogeneous and large-scale environments
- Security in ubiquitous computing environments
- Security policy
- Storage and file system security
- Techniques for developing secure systems
- Trustworthy computing
- Web security, including client-side and server-side security

For more information, please see http://www.wisa.or.kr/.

USENIX-Security 2013 22nd USENIX Security Symposium, Washington, DC. USA, August 14–16, 2013. [posted here 01/21/13]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The USENIX Security Symposium is primarily a systems security conference. Papers whose contributions are primarily new cryptographic algorithms or protocols, cryptanalysis, electronic commerce primitives, etc., may not be appropriate for this conference. Refereed paper submissions are solicited in all areas relating to systems and network security, including:
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks with novel insights, techniques, or results
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- Embedded systems security
- File and filesystem security
- Forensics and diagnostics for security
- Hardware security
- Human-computer interaction, security, and privacy
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Mobile system security
- Network infrastructure security
- Operating system security
- Privacy-enhancing technologies
- Security architectures
- Security education and training
- Security for critical infrastructures
- Security in heterogeneous and large-scale environments
- Security in ubiquitous computing environments
- Security policy
- Self-protecting and self-healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Wireless security
- Web security, including client-side and server-side security

For more information, please see https://www.usenix.org/conference/usenixsecurity13.

SECRYPT 2013 10th International Conference on Security and Cryptography, Reykjavik, Iceland, July 29-31, 2013. [posted here 02/11/13]
SECRYPT is an annual international conference covering research in information and communication security. The 10th International Conference on Security and Cryptography (SECRYPT 2013) will be held in Reykjavik, Iceland. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. The conference topics include, but are not limited to:
- Access Control
- Applied Cryptography
- Biometrics Security and Privacy
- Critical Infrastructure Protection
- Data Integrity
- Data Protection
- Database Security and Privacy
- Digital Forensics
- Digital Rights Management
- Ethical and Legal Implications of Security and Privacy
- Formal Methods for Security
- Human Factors and Human Behavior Recognition Techniques
- Identification, Authentication and Non-repudiation
- Identity Management
- Information Hiding
- Information Systems Auditing
- Insider Threats and Countermeasures
- Intellectual Property Protection
- Intrusion Detection & Prevention
- Management of Computing Security
- Network Security
- Organizational Security Policies
- Peer-to-Peer Security
- Personal Data Protection for Information Systems
- Privacy
- Privacy Enhancing Technologies
- Reliability and Dependability
- Risk Assessment
- Secure Software Development Methodologies
- Security and privacy in Complex Systems
- Security and Privacy in Crowdsourcing
- Security and Privacy in IT Outsourcing
- Security and Privacy in Location-based Services
- Security and Privacy in Mobile Systems
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grids
- Security and Privacy in Social Networks
- Security and Privacy in the Cloud
- Security and Privacy in Web Services
- Security and Privacy Policies
- Security Area Control
- Security Deployment
- Security Engineering
- Security in Distributed Systems
- Security Information Systems Architecture
- Security Management
- Security Metrics and Measurement
- Security Protocols
- Security requirements
- Security Verification and Validation
- Sensor and Mobile Ad Hoc Network Security
- Service and Systems Design and QoS Network Security
- Software Security
- Trust management and Reputation Systems
- Ubiquitous Computing Security
- Wireless Network Security

For more information, please see http://secrypt.icete.org.

SOUPS-RISK 2013 Workshop on Risk Perception in IT Security and Privacy, Newcastle, UK, July 24-26, 2013. [posted here 03/04/13]
This workshop is an opportunity to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Willingness to perform actions for security purposes is strongly determined by the costs and perceived benefit to the individual. When end-users' perceptions of risk are not aligned with organization or system, there is a mismatch in perceived benefit, leading to poor user acceptance of the technology. For example, organizations face complex decisions when pushing valuable information across the network to mobile devices, web clients, automobiles and other embedded systems. This may impose burdensome security decisions on employees and clients due to the risks of devices being lost or stolen, shoulder surfing, eavesdropping, etc. Effective risk communication can provide a shared understanding of the need for, and benefits of secure approaches and practices. While risk perception has been studied in non-IT contexts, how well people perceive and react to IT risk is less well understood. How systems measure IT risk, how it is best communicated to users, and how to best align these often misaligned perspectives is poorly understood. Risk taking decisions (policies) are increasingly being pushed out to users who are frequently ill prepared to make complex technical security decisions based on limited information about the consequences of their actions. In other risk domains we know that non-experts think and respond to risk very differently than experts. Non-experts often rely on affect, and may be unduly influenced by the perceived degree of damage that will be caused. Experts, and risk evaluation systems, use statistical reasoning to assess risk. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Topics of interest include:
- Human decision and different attack types: Malware, eavesdropping, inadvertent loss / disclosure of information, phishing, browser attacks, etc.
- Research methods and metrics for assessing perception of risk
- Assessing value of assets and resources at risk
- Communicating and portrayal of risk - security indicators, status indicators, etc.
- Organizational versus personal risk
- The psychology of risk perception
- Behavioral aspects of risk perception
- Real versus perceived risk
- Other topics related to measuring IT risk and/or user perception of IT risk

For more information, please see http://cups.cs.cmu.edu/soups/2013/risk.html.

DIMVA 2013 10th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Berlin, Germany, July 18-19 2013. [posted here 12/24/12]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA solicits submission of high-quality, original scientific papers presenting novel research on malware analysis, intrusion detection, and related systems security topics.

For more information, please see http://www.dimva.org/dimva2013.

VOTE-ID 2013 4th International Conference on E-voting and Identity, University of Surrey, Guildford, UK, July 17-19, 2013. [posted here 12/24/12]
Electronic voting is a very active research area covering a broad range of issues, from computer security and cryptographic issues to human psychology and legal issues. The aim of Vote-ID is to bring together researchers and practitioners from academia, industry and governmental institutions, all working on e-voting systems. The scope covers all aspects of electronic voting systems, including, but not limited to:
- Design and evaluation of e-voting systems
- Security requirements and formal analysis
- Voter authentication and identity management
- Cryptographic voting schemes
- Verifiable election technologies
- Methods for reconciling voter identification with vote privacy
- Usability and accessibility
- Deployment and lifecycle concerns
- Implementation issues and trade-offs
- Legal, political and other interdisciplinary issues

For more information, please see http://www.voteid13.org/.

DBSEC 2013 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Rutgers University, Newark, NJ, USA, July 15-17, 2013. [posted here 12/24/12]
The 27th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Both papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Logics for security and privacy
- Organizational security
- Privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management

Additional topics of interest include (but are not limited to): Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Database Forensics, Electronic Commerce Security, and Security in Digital Health Care

For more information, please see http://dbsec2013.business.rutgers.edu/.

PST 2013 11th International Conference on Privacy, Security and Trust, Tarragona, Catalonia, July 10-12, 2013. [posted here 12/24/12]
PST2013 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2013 will include one day of tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic techniques for privacy preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and Physical Social Systems

For more information, please see http://unescoprivacychair.urv.cat/pst2013/index.php?m=cfp.

RFIDSEC 2013 9th Workshop on RFID Security, Graz, Austria, July 9-11, 2013. [posted here 12/24/12]
RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency Identification (RFID) with participants throughout the world. RFIDsec brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks and contributed presentations. Topics of the workshop include but are not limited to:
- New applications for secure RFID, NFC, and other constrained systems
- Resource-efficient implementations of cryptography o Small-footprint hardware and/or software o Low-power and/or low energy implementations
- Attacks on RFID systems: Side-channel attacks, Fault attacks, Hardware tampering
- Data protection and privacy-enhancing techniques
- Cryptographic protocols: Authentication protocols, Key distribution, Scalability issues
- Integration of secure RFID systems: Infrastructures, Middleware and security, Data mining and other systemic approaches to RFID security
- RFID hardware security: Physical Unclonable Functions (PUFs), RFID Trojans
- Case studies

For more information, please see http://rfidsec2013.iaik.tugraz.at/.

NFSP 2013 2nd International Workshop on Network Forensics, Security and Privacy, Held in conjunction with the 33rd International Conference on Distributed Computing Systems (ICDCS 2013), Philadelphia, PA, USA, July 8, 2013. [posted here 12/24/12]
Cyberspace has been reshaped as an integration of businesses, governments and individuals, such as e-business, communication and social life. At the same time, it has also been providing convenient platforms for crimes, such as financial fraud, information phishing, distributed denial of service attacks, and fake message propagation. Especially, the emergence of social networks has raised significant security and privacy issues to the public. We have seen news of various network related security attacks from time to time, and defenders are usually vulnerable to detect, mitigate and traceback to the source of attacks. It is a new research challenge of fighting against criminals in the cyber space. The potential solutions involve various disciplines, such as networking, watermarking, information theory, game theory, mathematical and statistical modelling, data mining, artificial intelligence, multimedia processing, neural network, pattern recognition, cryptography and forensic criminology, etc.

For more information, please see http://www.faculty.umassd.edu/honggang.wang/nfsp2013/.

FCS 2013 Workshop on Foundations of Computer Security, Tulane University, New Orleans, Louisiana, USA, June 29, 2013. [posted here 03/04/13]
The aim of the workshop FCS'13 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submissions of papers both on mature work and on work in progress. Possible topics include, but are not limited to:
- Automated reasoning techniques
- Composition issues
- Formal specification
- Foundations of verification
- Information flow analysis
- Language-based security
- Logic-based design
- Program transformation
- Security models
- Static analysis
- Statistical methods
- Tools
- Trust management

For more information, please see http://prosecco.inria.fr/personal/bblanche/fcs13/.

CSAW 2013 Cloud Security Auditing Workshop, Held in conjunction with the IEEE 9th World Congress on Services, Santa Clara, CA, USA, June 27 - July 2, 2013. [posted here 03/04/13]
Security concerns are a major impediment to the widespread adoption of cloud services. Cloud services often deal with sensitive information and operations. Thus, cloud service providers must provision services to rapidly identify security threats for increased information assurance. In addition, when a threat is identified or an attack is detected, incident reporting should be timely and precise to allow cloud tenants and users to respond appropriately. Detection and reporting require meta-information to be captured across the cloud in order to audit and monitor it for potential threats that may lead to attacks and to discern when and where an attack has already occurred. Capturing security relevant information and auditing the results to determine the existence of security threats in the cloud is challenging for multiple reasons. Cloud tenants rely on the cloud for diverse tasks and have services and data that may require isolation or be provisioned for composition with other services in cloud applications. Organizations may not have the logging capabilities in place for their services or may not be predisposed to share the information. Cloud management services are needed to log relevant events at their endpoints, including user interactions and interactions within the cloud federation. Consistent formats for capturing events and generating logs to be hosted within the cloud are not specified as part of current service level agreements (SLAs). Near real-time analysis is needed for prediction of potential threats in order to respond quickly to prevent an attack. Centralized analysis of information captured may present too much overhead for timely alerts and incident reporting. But distributed analysis must guarantee that the partial information it uses is sufficient to determine a threat. All analyses must consider the configuration of the cloud and its tenant services and resources. The goal of this one day workshop is to bring together researchers and practitioners to explore and assess varied and viable technologies for capturing security relevant events throughout the cloud and performing monitoring and analyses on the captured information to detect, prevent, and mitigate security threats. List of topics include:
- Languages and protocols for specifying, composing, and analyzing security-relevant, distributed logs of audit data from a cloud-wide perspective
- Cloud security, threat modeling, and analysis, including centralized/distributed attack detection and prediction/prevention algorithms based on audited information, and automated tools for capturing, integrating, and analyzing cloud audit data
- Algorithms and protocols for audit data stream delivery, manipulation, and analysis for big cloud audit data
- Access control and information flow control models for disclosure and modification of sensitive cloud audit data
- Methods for expressing and representing the cloud infrastructure and configuration to influence logging and monitoring processes
- Information assurance (authenticity, integrity, confidentiality and availability) of cloud audit data, including security and privacy policies and compliance with security controls such as NIST sp800-53 and Cloud Security Alliance guidance 3.0
- Service-level agreements that formalize and guarantee logging and analysis capabilities

For more information, please see http://www.csaw2013.org.

CSF 2013 26th IEEE Computer Security Foundations Symposium, Tulane University, New Orleans, Louisiana, USA, June 26 - 28, 2013. [posted here 11/19/12]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, e.g., formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. New theoretical results in computer security are welcome. Possible topics include, but are not limited to:
- Access control
- Accountability
- Anonymity and Privacy
- Authentication
- Cryptographic protocols
- Data and system integrity
- Database security
- Data provenance
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Game Theory and Decision Theory
- Hardware-based security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Socio-technical security
- Trust and trust management

For more information, please see http://csf2013.seas.harvard.edu/.

ACNS 2013 11th International Conference on Applied Cryptography and Network Security, Banff, Alberta, Canada, June 25-28, 2013. [posted here 10/15/12]
The 11th International Conference on Applied Cryptography and Network Security seeks submissions from academia, industry, and government presenting novel research on all aspects of applied cryptography as well as network security and privacy. Papers describing novel paradigms, original directions, or non-traditional perspectives are also encouraged. The conference has two tracks: a research track and an industry track. Topics of interest include, but are not limited to:
- Access control
- Applied cryptography
- Automated protocols analysis
- Biometric security and privacy
- Complex systems security
- Critical infrastructure protection
- Cryptographic primitives and protocols
- Database and system security
- Data protection
- Digital rights management
- Email and web security
- Identity management
- Intellectual property protection
- Internet fraud
- Intrusion detection and prevention
- Key management
- Malware
- Network security protocols
- Privacy, anonymity, and untraceability
- Privacy-enhancing technology
- Protection for the future Internet
- Secure mobile agents and mobile code
- Security in e-commerce
- Security in P2P systems
- Security in pervasive/ubiquitous computing
- Security and privacy in cloud and grid systems
- Security and privacy in distributed systems
- Security and privacy in smart grids
- Security and privacy in wireless networks
- Security and privacy metrics
- Trust management
- Usability and security

For more information, please see http://acns2013.cpsc.ucalgary.ca/.

PRISMS 2013 International Conference on Privacy and Security in Mobile Systems, Atlantic City, NJ, USA, June 24 - 27, 2013. [posted here 03/18/13]
PRISMS is the successor of MobiSec (International Conference on Security and Privacy in Mobile Information and Communication Systems). The conference under a new name (PRISMS) is organized this year with the co-sponsorship of IEEE. Its focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile devices, to privacy respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. PRISMS strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices.

For more information, please see http://www.gws2013.org/prisms/.

SOUPS 2013 Symposium On Usable Privacy and Security, Northumbria University, Newcastle, UK, July 24-26, 2013. [posted here 11/19/12]
The 2013 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- the impact of organizational policy or procurement decisions
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see http://cups.cs.cmu.edu/soups/.

MWSN 2013 IEEE International Workshop on Security and Privacy of Mobile, Wireless and Sensor Networks, New Orleans, LA, USA, June 23, 2013. [posted here 02/11/13]
To cope with the rapid increase in mobile users and the increasing demand for mobile, wireless and sensor networks (MWSNs), it is becoming imperative to provide the necessary security protocols and privacy guarantees to users of MWSNs. In turn, these specific demands in security and privacy require new methodologies that are specifically designed to cope with the strict requirements of the networks. In general, the real-world performance of MWSNs crucially depends on the selected protocols, and their suitability and efficiency for the layers of the implementation. A satisfactory security design and protocol are therefore crucial for the performance of MWSNs. It is a great challenge to achieve efficient and robust realizations of such highly dynamic and secure MWSNs. Moreover, the study of security and privacy in the context of MWSNs provides insights into problems and solutions that are orthogonal to programming languages, programming paradigms, computer hardware, and other aspects of the implementation. The objective for this workshop is to address those topics, which we believe will play an important role in current and future research on and education of MWSNs.

For more information, please see http://www2.cs.uh.edu/mwsn/.

SPH 2013 26th International Symposium on Computer-Based Medical System, Security and Privacy in Healthcare IT Special track, Porto, Portugal, June 20-22, 2013. [posted here 02/05/13]
We are currently witnessing a rapidly moving transition trend towards electronic healthcare information systems. They have already proved to be essential tools in order to improve the management and quality of healthcare services. More recently, these systems have also started to promote great results on the improvement of patients’ health by enabling the creation of much more flexible, efficient and interoperable means by which practitioners and even patients can have access and manage healthcare data. However very complex technical challenges resulting from strict but necessary highly regulated environments, threats to patient safety, privacy, and security must be tackled and solved before we can safely have valuable and sensitive patient’s data being securely managed and used in much more flexible and potentially useful ways. Towards this end it is thus imperative to develop innovative methods and policies that ensure the secure acquisition and management of healthcare data, at the same time promoting its interoperability, it’s sharing, and its integrity and confidentiality in highly effective and secure ways. This special track focuses on original unpublished research on innovative methods, policies and concerns that can constitute the right building blocks for a new generation of electronic healthcare information systems that are at the same time more efficient, empowering and secure. So, it is expected novel articles about privacy, security, accountability and auditing for the healthcare sector. This special track also pretends to encourage the research dissemination to the stakeholders involved in healthcare information technologies, promoting the discussion on issues, challenges and solutions that are currently being developed all around the world.

For more information, please see http://www.dcc.fc.up.pt/sph.cbms2013/.

CLHS 2013 Workshop on Changing Landscapes in HPC Security, Held in conjunction with ACM HPDC, New York, NY, USA, June 18, 2013. [posted here 02/05/13]
Providing effective and non-intrusive security within a HPC environment provides a number of challenges for both researchers and operational personnel. What constitutes HPC has expanded to include cloud computing, 100G networking, cross-site integration, and web 2.0 based interfaces for job submission and reporting, increasing the complexity of the aggregate system dramatically. This growing complexity and it's new issues is set against a backdrop of routine user and application attacks, which remain surprisingly effective over time. The CLHS workshop will focus on the problems inherent in securing contemporary large-scale compute and storage systems. To provide some clarification we have broken this out into four general areas or questions. First is Attribution: who is doing what in terms of process activity and/or network traffic? Second is looking beyond the interactive nodes: what is going on in the computing pool? Third involves job scheduler activity and usage: what is being run, how has it is been submitted and is this activity abnormal? Finally a more philosophical topic of why securing complex systems is so difficult and what can be done about it. While these specific areas are interesting starting points for papers and presentations, any original and interesting topic will be considered.

For more information, please see https://commons.lbl.gov/display/CLHS.

TRUST 2013 6th International Conference on Trust and Trustworthy Computing, London, UK, June 17-19, 2013. [posted here 11/19/12]
TRUST 2013 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems. The conference solicits original papers on any aspect (technical, social or socio-economic) of the design, application and usage of trusted and trustworthy computing. Papers can address design, application and usage of trusted and trustworthy computing in a broad range of concepts including, but not limited to, trustworthy infrastructures, cloud computing, services, hardware, software and protocols.

For more information, please see http://trust2013.sba-research.org.

SACMAT 2013 18th ACM Symposium on Access Control Models and Technologies, Amsterdam, The Netherlands, June 12-14, 2013. [posted here 10/08/12]
The ACM Symposium on Access Control Models and Technologies (SACMAT) continues the tradition, first established by the ACM Workshop on Role-Based Access Control, of being the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The missions of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited for submission to the 18th ACM Symposium on Access Control Models and Technologies (SACMAT 2013). Topics of interest include but are not limited to:
- Access control models and extensions
- Access control requirements
- Access control design methodology
- Access control mechanisms, systems, and tools
- Access control in distributed and mobile systems
- Access control for innovative applications
- Administration of access control policies
- Economic models for access Control
- Hardware enhanced access Control
- Identity management
- Policy/Role engineering
- Safety analysis and enforcement
- Standards for access control
- Trust management
- Trust and risk models in access control
- Theoretical foundations for access control models
- Usability in access control systems
- Usage control

For more information, please see http://www.sacmat.org/.

D-SPAN 2013 4th IEEE Workshop on Data Security and Privacy in Wireless Networks, Co-located with the 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM 2013), Madrid, Spain, June 4, 2013. [posted here 01/21/13]
The workshop focuses on research developments related to data security and privacy in wireless and mobile networks. This workshop solicits papers from two main categories: (1) papers that consider the security and privacy of data collection, transmission, storage, publishing, and sharing in wireless networks broadly defined, e.g., MANET, cellular, vehicular, ad hoc, cognitive, and sensor networks; and (2) papers that use data analytics to address security and privacy problems in wireless networks. The workshop provides a venue for researchers to present new ideas with impact on three communities - wireless networks, databases, and security. Topics of interest include, but are not limited to:
- Secure Localization and location privacy
- Privacy and anonymity in wireless and mobile networks
- Secure query processing, data collection, and aggregation for wireless sensor networks
- Secure and private data streaming
- Key extraction, distribution, and management in wireless networks
- Secure data processing in mobile ad-hoc networks (MANET)
- Secure data collection in body-area networks
- Throughput-security tradeoffs in wireless networks
- Wireless and mobile security for health and smart grid applications

For more information, please see http://www.ee.washington.edu/research/nsl/DSPAN_2013/.

IFIP-TM 2013 7th IFIP International Conference on Trust Management, Málaga, Spain, June 3-7, 2013. [posted here 10/08/12]
IFIPTM 2013 will be the 7th International Conference on Trust Management under the auspices of IFIP. The mission of the IFIPTM 2013 Conference is to share research solutions to problems of Trust and Trust management, and to identify new issues and directions for future research and development work. IFIPTM 2013 invites submissions presenting novel research on all topics related to Trust, Security and Privacy.

For more information, please see http://conf2013.ifiptm.org/.

NSS 2013 7th International Conference on Network and System Security, Madrid, Spain, June 3-4, 2013. [posted here 10/15/12]
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
- Active Defense Systems
- Adaptive Defense Systems
- Analysis, Benchmark of Security Systems
- Applied Cryptography
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- High Performance Security Systems
- Hardware Security
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Policy
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

For more information, please see http://anss.org.au/nss2013/index.htm.

HOST 2013 IEEE International Symposium on Hardware-oriented Security and Trust, Austin Convention Center, Austin, TX, USA, June 2-3, 2013. [posted here 10/08/12]
Pervasive computing is now penetrating a wider range of domains and applications, including many safety-critical cyber-physical systems that we increasingly depend on. Trusted hardware platforms make up the backbone for successful deployment and operation of these systems. However, recent advances in tampering and reverse engineering show that important challenges in guaranteeing the trust of these components await us. For example, malicious alterations inserted into electronic designs can allow for backdoors into the system. Furthermore, new forms of attacks that exploit side-channel signals are being developed. Third, intellectual-property protection is becoming a major concern in the globalized, horizontal semiconductor business model. HOST 2013 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. The IEEE International Symposium on Hardware Oriented Security and Trust seeks original contributions in the area of hardware-oriented security. This includes tools, design methods, architectures, circuits, and novel applications of secure hardware. HOST 2013 seeks contributions based on, but not limited to, the following topics:
- Counterfeit detection and avoidance
- Cyber-physical security and trust
- Trojan detection and isolation
- Implementation attacks and countermeasures
- Side channel analysis and fault analysis
- Intellectual property protection and metering
- Hardware architectures for cryptography
- Hardware security primitives: PUFs and TRNGs
- Reliability-security optimization and tradeoffs
- Applications of secure hardware
- Tools and methodologies for secure hardware design

For more information, please see http://www.hostsymposium.org/.

WISTP 2013 7th Workshop in Information Security Theory and Practice, Heraklion, Greece, May 28-30, 2013. [posted here 01/31/13]
Current developments in IT are characterized by an increasing use of personal mobile devices and an increasing reliance on IT for supporting industrial applications in the physical world. A new persepctive on socio-technical and cyber-physical systems is required that sees in IT more than just an infrastructure but focuses on the ever closer integration between social and technical processes as well. Application markets, such as Google Play and Apple App Store drive a mobile ecosystem, offering new business models with high turnovers and new opportunities, which however, also attract cybercriminals and raise new privacy concerns. In the area of cyber-physical systems, research has to go beyond securing the IT infrastructure and to consider attacks launched by combining manipulations in physical space and cyber space. The workshop seeks submissions from academia and industry presenting novel research on all aspects of security and privacy of mobile devices, such as Android and iOS platforms, as well as studies on securing cyber-physical systems.

For more information, please see http://www.wistp.org.

W2SP 2013 Web 2.0 Security & Privacy Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA, May 24, 2013. [posted here 12/24/12]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We are seeking both short position papers (2–4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2013 includes, but is not limited to:
- Trustworthy cloud-based services
- Privacy and reputation in social networks
- Security and privacy as a service
- Usable security and privacy
- Security for the mobile web
- Identity management and psuedonymity
- Web services/feeds/mashups
- Provenance and governance
- Security and privacy policies for composible content
- Next-generation browser technology
- Secure extensions and plug-ins
- Advertisement and affiliate fraud
- Measurement study for understanding web security and privacy

For more information, please see http://www.w2spconf.com/2013/.

MoST 2013 Mobile Security Technologies Workshop, Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2013) and an event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2013), San Francisco, CA, USA, May 23, 2013. [posted here 12/24/12]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST 2013 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies

For more information, please see http://mostconf.org/2013/.

SPW 2013 IEEE Computer Society Technical Committee on Security and Privacy Workshops, Co-located with the IEEE Symposium on Security and Privacy 2013, San Francisco, California, USA, May 19-22 2013. [posted here 07/23/12]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. In order to further expand the opportunities for scientific exchanges, we created a new venue within the IEEE CS Technical Committee on Security and Privacy called Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized workshop at IEEE SPW with just one trip. Furthermore, the co­location offers synergies for the organizers. Historically, we have had some workshops (e.g. W2SP, SADFE) co­located with IEEE SP the last few years; the success and popularity of these workshops has led to us formalizing the process and expanding our scope. There will be some interaction in deciding upon and setting up a workshop, but the initial proposal should already contain as much as possible of the following information:
- Contact information of the workshop organizer.
- Date (Thursday, May 23, or Friday, May 24) and expected length of the workshop (up to 2 days).
- Technical proposal (1 to 2 pages): Topics to be addressed, importance of these topics, fit for the S&P audience.
- Publication policy: with or without official proceedings; potential publication via web, technical report, or electronic media. Note that IEEE is explicitly not responsible for the publication of proceedings; nor are workshops required to use IEEE.
- Expected number of participants and other local meeting issues, such as any special requirements/equipment for the meeting room.
- Biographies of workshop organizer(s), including workshop organization experience; particularly SPW organization.
- Program committee: who has committed; who has been invited; who will be invited.
- Preliminary call for papers/posters/contributions.
- Commitment to use EsyCHair or reason for choosing otherwise.

All workshops associated with IEEE SPW will be under the financial and legal responsibility of the IEEE Computer Society. This has great advantages for organizers, e.g., with respect to risk coverage and insurance, but also brings some requirements. The SPW organizing committee can assist you with the following: meeting rooms at the conference hotel, collection of advance workshop registration fees, budgeting assistance, interaction with the IEEE, and linking to the workshop web pages from the main SPW web pages. All the actual running of the workshop remains the responsibility of the workshop organizers. If you proposal is selected, we will send you a more detailed list of the responsibilities, meeting room options, etc., and would work to jointly set up a successful workshop.

For more information, please see http://www.ieee-security.org/TC/SPW2013/cfw.php.

SP 2013 34th IEEE Symposium on Security and Privacy, San Francisco, California, USA, May 19-22 2013. [posted here 08/20/12]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usability and security
- Web security

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers
Following the success of the previous years' conferences, we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers can provide a high value to our community but may not be accepted because of a lack of novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions are encouraged to analyze the current research landscape: identify areas that have enjoyed much research attention, point out open areas with unsolved challenges, and present a prioritization that can guide researchers to make progress on solving important challenges. Submissions must be distinguished by a checkbox on the submission form. In addition, the paper title must have the prefix "SoK:". They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2013/.

ISPEC 2013 9th Information Security Practice and Experience Conference, Lanzhou, China, May 12-14, 2013. [posted here 10/08/12]
ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. Areas of interest include, but are not limited to:
- Access control
- Applied cryptography
- Availability, resilience, and usability
- Cryptanalysis
- Database Security
- Digital rights management
- Information security in vertical applications
- Multimedia security
- Network security
- Privacy and anonymity
- Risk evaluation and security certification
- Security of smart cards and RFID systems
- Security policies
- Security protocols
- Security systems
- Trust model and management
- Trusted computing

For more information, please see http://icsd.i2r.a-star.edu.sg/ispec2013/.

ASIACCS 2013 8th ACM Symposium on Information, Computer and Communications Security, Hangzhou, China, May 8-10, 2013. [posted here 10/08/12]
ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the newest cyber security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Areas of interest for ASIACCS 2013 include, but are not limited to:
- access control
- accounting and audit
- applied cryptography
- authentication
- cloud computing security
- data/system integrity
- data and application security
- digital rights management
- formal methods for security
- hardware-based security
- identity management
- inference control and disclosure
- intrusion detection
- key management
- malware and botnets
- mobile computing security
- operating system security
- phishing and countermeasures
- privacy-enhancing technology
- security architecture
- security in ubiquitous computing
- security management
- security verification
- smartcards
- software security
- trusted computing
- usable security and privacy
- wireless security
- web security

For more information, please see http://hise.hznu.edu.cn/asiaccs/index.html.

SCC 2013 International Workshop on Security in Cloud Computing, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. [posted here 01/21/13]
Cloud computing has emerged as today's most exciting computing paradigm shift in information technology. With the efficient sharing of abundant computing resources in the cloud, users can economically enjoy the on-demand high quality cloud applications and services without committing large capital outlays locally. While the cloud benefits are compelling, its unique attributes also raise many security and privacy challenges in areas such as data security, recovery, privacy, access control, trusted computing, as well as legal issues in areas such as regulatory compliance, auditing, and many others. This workshop aims to bring together the research efforts from both the academia and industry in all security aspects related to cloud computing. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories:
- Secure cloud architecture
- Cloud access control and key management
- Identification and privacy in cloud
- Integrity assurance for data outsourcing
- Integrity and verifiable computation
- Computation over encrypted data
- Software and data segregation security
- Secure management of virtualized resources
- Trusted computing technology
- Joint security and privacy aware protocol design
- Failure detection and prediction
- Secure data management within and across data centers
- Availability, recovery and auditing
- Secure computation outsourcing
- Secure mobile cloud

For more information, please see http://www.cs.cityu.edu.hk/~congwang/asiaccs-scc/.

SESP 2013 1st International Workshop on Security in Embedded Systems and Smartphones, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. [posted here 01/21/13]
Embedded computing has recently become more and more present in devices used in everyday life. A wide variety of applications, from consumer electronics to biomedical systems, require building up powerful yet cheap embedded devices. In this context, embedded software has turned out to be more and more complex, posing new security challenging issues. We broadly view that smartphones as mobile embedded systems. This workshop aims to bring together the research efforts from both the academia and industry in all security and privacy aspects related to embedded systems and smart phones. We encourage submissions on all theoretical and practical aspects, as well as experimental studies of deployed systems. Topics of interests include (but are not limited to) the following subject categories related to embedded systems and smart phone:
- Secure embedded system architecture
- System-level security design and simulation techniques for Embedded Systems
- Verification and validation of Embedded Systems
- Security and privacy for Cyber physical systems (Internet of Things) and networked sensor devices
- Security implications for multicore, SoC-based, and heterogeneous Embedded Systems and applications
- Secure data management in Embedded Systems
- Middleware and virtual machines security in Embedded Systems
- Secure management of virtualized resources
- Authenticating users to devices and services
- Mobile Web Browsers
- Usability
- Rogue application detection and recovery
- Vulnerability detection and remediation
- Secure application development
- Cloud support for mobile and embedded system security

For more information, please see http://doe.cs.northwestern.edu/SESP/.

AsiaPKC 2013 ACM Asia Public-Key Cryptography Workshop, Held in conjunction with the the 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013), Hangzhou, China, May 7, 2013. [posted here 01/21/13]
Public-key cryptography plays an essential role in processing various kinds of data while assuring different flavors of cryptographic properties. The theme of this workshop is focused on novel public-key cryptosystems and techniques that can be used to solve a wide range of real-life application problems. This workshop solicits original contributions on both applied and theoretic aspects of public-key cryptography. Topics of interest to the workshop include, but at not limited to:
- Applied public-key cryptography for solving emerging application problems
- Provably-secure public-key primitives and protocols
- Key management for, and by, public-key cryptosystems
- Privacy-preserving cryptographic computations
- Two-party and multi-party computations
- Homomorphic public-key cryptosystems
- Attributed-based and functional public-key cryptography
- Digital signatures with special properties
- System security properties of public-key cryptography
- Post-quantum public-key cryptography
- Fast implementation of public-key cryptosystems

For more information, please see http://www.cs.utsa.edu/~shxu/acm-asiapkc13/.

WISEC 2013 ACM Conference on Security and Privacy in Wireless and Mobile Networks, Budapest, Hungary, April 17-19, 2013. [posted here 10/08/12]
WiSec has been broadening its scope and seeks to present high quality research papers exploring security and privacy aspects of wireless communications, mobile networks, and their applications. Beyond the traditional Wisec staples of physical, link, and network layer security, we also welcome papers focusing on the security and privacy of mobile software platforms and the increasingly diverse range of mobile or wireless applications. The conference welcomes both theoretical as well as systems contributions.

For more information, please see http://www.sigsac.org/wisec/WiSec2013/.

IDMAN 2013 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, London, UK, April 8-9, 2013. [posted here 07/23/12]
IDMAN conference focuses on the theory, technologies and applications of identity management. The world of the 21st century is, more than ever, global and impersonal. As a result of increasing cyber fraud and cyber terrorism, the demand for better technical methods of identification is growing, not only in companies and organisations but also in the world at large. Moreover, in our society digital identities increasingly play a role in the provision of eGovernment and eCommerce services. For practical reasons, Identity Management Systems are needed that are usable and interoperable. At the same time, individuals increasingly leave trails of personal data when using the Internet, which allows them to be profiled and which may be stored for many years to come. Technical trends such as Cloud Computing and pervasive computing make personal data processing non-transparent, and make it increasingly difficult for users to control their personal spheres. As part of this tendency, surveillance and monitoring are increasingly present in society, both in the public and private domains. Whilst the original intention is to contribute to security and safety, surveillance and monitoring might, in some cases, have unintended or even contradictory effects. Moreover, the omnipresence of surveillance and monitoring systems might directly conflict with public and democratic liberties. These developments raise substantial new challenges for privacy and identity management at the technical, social, ethical, regulatory, and legal levels. Identity management challenges the information security research community to focus on interdisciplinary and holistic approaches, while retaining the benefits of previous research efforts. Papers offering research contributions to the area of identity management are solicited for submission to the 3rd IFIP WG-11.6 IDMAN conference. Papers may present theory, applications or practical experience in the field of identity management, from a technical, legal or socio-economic perspective, including, but not necessarily limited to:
- Novel identity management technologies and approaches
- Interoperable identity management solutions
- Privacy-enhancing technologies
- Identity management for mobile and ubiquitous computing
- Identity management solutions for eHealth, eGovernmeant and eCommerce
- Privacy and Identity (Management) in and for cloud computing
- Privacy and Identity in social networks
- Risk analysis techniques for privacy risk and privacy impact assessment
- Privacy management of identity management
- Identity theft prevention
- Attribute based authentication and access control
- User-centric identity management
- Legal, socio-economic, philosophical and ethical aspects
- Impact on society and politics
- Related developments in social tracking, tracing and sorting
- Quality of identity data, processes and applications
- User centered, usable and inclusive identity management
- Attacks on identity management infrastructures
- Methods of identification and authentication
- Identification and authentication procedures
- Applications of anonymous credentials
- (Privacy-preserving) identity profiling and fraud detection
- Government PKIs
- (Possible) role of pseudonymous and anonymous identity in identity management
- Electronic IDs: European and worldwide policies and cooperation in the field of identity management
- Surveillance and monitoring
- (Inter)national policies on unique identifiers /social security numbers / personalisation IDs
- Vulnerabilities in electronic identification protocols
- Federative identity management and de-perimeterisation
- Biometric verification
- (Inter)national applications of biometrics
- Impersonation, identity fraud, identity forge and identity theft
- Tracing, monitoring and forensics
- Proliferation/omnipresence of identification
- Threats to democracy and political control

For more information, please see http://www.idman2013.com.

WACCC 2013 1st Workshop on Adversarial Cryptography, Communications and Control, Co-located with the 7th Conference on Financial Cryptography and Data Security (FC 2013), Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1, 2013. [posted here 11/26/12]
The research community's understanding of attacker methodology is poor, and we are forced to rely on newspaper articles or hypotheticals in order to discuss defenses. Recent botnets and advanced persistent threats have posed serious challenges to the research community from both the reverse engineering and applied cryptography perspectives. Conversely, there is strong evidence that the hypotheticals we discuss are too complex, unreliable or arcane for attacker purposes. This workshop is focused on studying attacker behavior as it takes place now, through examining malware, occupied systems or by logs of actual attacks. This is a complex multidisciplinary task involving studying executable code, network communications and deceiving tools that actively try to thwart analysis. This workshop will focus on understanding the methods and tools used by current adversaries to author, distribute, and control malware. Relevant topics include communications techniques, cryptography, defeating reverse engineering and any other approach used by attackers here and now to evade defenders and analysts. Submissions must address current malware and attack experiences, hypothetical designs or future developments are not in scope. While we focus on sharing prior experiences and experiments in malware research, successful or not, we tap into topics in network security, computer security, and applied cryptography. This workshop will favor discussions among participants, in order to advance the field for both cryptographers, network analysts, and security practitioners.

For more information, please see http://www.cs.stevens.edu/~spock/waccc2013/cfp.html.

FC 2013 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1–5, 2013. [posted here 05/28/12]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged. Topics include:
- Anonymity and Privacy
- Auctions and Audits
- Authentication and Identification
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Data Outsourcing Security
- Information Security
- Game Theoretic Security
- Securing Emerging Computational Paradigms
- Identity Theft
- Fraud Detection
- Phishing and Social Engineering
- Digital Rights Management
- Digital Cash and Payment Systems
- Digital Incentive and Loyalty Systems
- Microfinance and Micropayments
- Contactless Payment and Ticketing Systems
- Secure Banking and Financial Web Services
- Security and Privacy in Mobile Devices and Applications
- Security and Privacy in Automotive and Transport Systems and Applications
- Smartcards, Secure Tokens and Secure Hardware
- Privacy-enhancing Systems
- Reputation Systems
- Security and Privacy in Social Networks
- Security and Privacy in Sound and Secure Financial Systems Based on Social Networks
- Risk Assessment and Management
- Risk Perceptions and Judgments
- Legal and Regulatory Issues
- Security Economics
- Spam
- Transactions and Contracts
- Trust Management
- Underground-Market Economics
- Usable Security
- Virtual Economies
- Voting Systems

For more information, please see http://fc13.ifca.ai/cfp.html.

SAC-CF 2013 28th Annual ACM Symposium on Applied Computing (SAC 2013), Computer Forensics Track, Coimbra, Portugal, March 18-22, 2013. [posted here 09/17/12]
With the exponential growth of computer users, the number of criminal activities that involves computers has increased tremendously. The field of Computer Forensics has gained considerable attention in the past few years. It is clear that in addition to law enforcement agencies and legal personnel, the involvement of computer savvy professionals is vital for any digital incident investigation. Unfortunately, there are not many well-qualified computer crime investigators available to meet this demand. An approach to solve this problem is to develop state-of-the-art research and development tools for practitioners in addition to creating awareness among computer users. The primary goal of this track will be to provide a forum for researchers, practitioners, and educators interested in Computer Forensics in order to advance research and education in this increasingly challenging field. We expect that through this forum people from academia, industry, government, and law enforcement will share their ideas on research, education, and practical aspects of Computer Forensics. We solicit original, previously unpublished papers in the following general (non-exhaustive) list of topics.
- Incident Response and Live Data Analysis
- Operating System and Application Analysis
- Forensics Education, Training, & Standards
- File System Analysis
- Network Evidence Collection
- Network Forensics
- Data Hiding and Recovery
- Digital Image Forensics
- Event Reconstruction and Tracking
- Forensics in Untrusted Environments
- Hardware Assisted Forensics
- Legal, Ethical and Privacy Issues
- Methods for Attributing Malicious Cyber Activity
- Design for Forensic Evaluation
- Visualization for Forensics
- SCADA Forensics

For more information, please see http://comp.uark.edu/~bpanda/sac2013cfp.pdf.

SPW 2013 21st International Workshop on Security Protocols, Sidney Sussex College, Cambridge, England, March 18-20, 2013. [posted here 11/19/12]
The theme of this year's workshop is "What's Happening on the Other Channel?" Many protocols use a secondary channel, either explicitly (as in multichannel protocols) but more usually implicitly, for example to exchange master keys, or their hashes. The role of the Other Channel is fundamental, and often problematic, and yet protocol composers typically take them as a given. Sometimes the Other Channel really is completely covert, but sometimes it just has properties that are different. And it's not only security properties that are relevant here: bandwidth, latency and error rate are often important considerations too. Even a line-of-sight channel usually doesn't quite have the properties that we unthinkingly attributed to it. Moriarty has been subscribing to the Other Channel for years: perhaps it's time for Alice and Bob to tune in too. This theme is not intended to restrict the topic of your paper, but to help provide a particular perspective and to focus the discussions. Our intention is to stimulate discussion likely to lead to conceptual advances, or to promising new lines of investigation, rather than merely to consider finished work.

For more information, please see http://spw.stca.herts.ac.uk/.

IFIP1110-CIP 2013 7th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Washington, DC, USA, March 18–20, 2013. [posted here 09/04/12]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first six conferences, the Seventh Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. A selection of papers from the conference will be published in an edited volume – the seventh in the series entitled Critical Infrastructure Protection (Springer) – in the fall of 2013. Revised and/or extended versions of outstanding papers from the conference will be published in the International Journal of Critical Infrastructure Protection (Elsevier). Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security

For more information, please see http://www.ifip1110.org/Conferences/WG11-10CallForPapers2013.pdf.

IMF 2013 7th International Conference on IT Security Incident Management & IT Forensics, Nuremberg, Germany, March 12-14, 2013. [posted here 10/08/12]
Today IT security is an integral aspect in operating IT-Systems. Yet, despite high-end precautionary measures taken, not every attack or security mishap can be prevented and hence incidents will go on happening. In such cases forensic capabilities in investigating incidents in both technical and legal aspects are paramount. Thus, capable incident response and forensic procedures have gained essential relevance in IT infrastructure operations and there is ample need for research and standardization in this area. In law enforcement IT forensics is an important branch and its significance constantly increases since IT has become an essential part in almost every aspect of daily life. IT systems produce traces and evidence in many ways that play a more and more relevant role in resolving cases. The IMF conference provides a platform for experts from throughout the world to present and discuss recent technical and methodical advances in the fields of IT security incident response and management and IT forensics. It shall enable collaboration and exchange of ideas between industry (both as users and solution providers), academia, law-enforcement and other government bodies.

For more information, please see http://www.imf-conference.org/imf2013/.

ESSoS 2013 5th International Symposium on Engineering Secure Software and Systems, Paris, France, February 27 - March 1, 2013. [posted here 05/14/12]
Trustworthy, secure software is a core ingredient of the modern world. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DLS's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements (in particular economic considerations)
- support for assurance, certification and accreditation
- empirical secure software engineering

For more information, please see http://distrinet.cs.kuleuven.be/events/essos2013/.

NDSS 2013 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA, February 24-27, 2013. [posted here 05/21/12]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. Special emphasis will be made to accept papers in the core theme of network and distributed systems security. Consequently, papers that cover networking protocols and distributed systems algorithms are especially invited to be submitted. Moreover, practical papers in these areas are also very welcome. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for Cloud Computing
- Security for electronic commerce: e.g., payment, barter, EDI, notarization, timestamping, endorsement, & licensing
- Security for emerging technologies: sensor networks, wireless/mobile (and ad hoc) networks, and personal communication systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems

For more information, please see http://www.internetsociety.org/events/ndss-symposium-2013.

CODASPY 2013 3nd ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA, February 18-20, 2013. [posted here 07/23/12]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy and to lay out directions for further research and development in this area. The conference seeks paper and poster submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computations
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy for mobile apps and devices
- Security and privacy in healthcare
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org.

IFIP119-DF 2013 9th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA, January 28-30, 2013. [posted here 09/04/12]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Ninth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the ninth in the series entitled Research Advances in Digital Forensics (Springer) in the summer of 2013. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org/Conferences/WG11-9-CFP-2013.pdf.

FloCon 2013 FloCon Network Security Conference, Albuquerque, New Mexico, USA, January 7–10, 2013. [posted here 08/13/12]
This open conference provides a forum for operational network analysts, tool developers, researchers, and other parties interested in the analysis of large volumes of traffic to showcase the next generation of flow-based analysis techniques. Flow is an abstraction of network traffic in which packets are aggregated by common attributes over time. This year's conference will focus on the challenges of "Analysis at Scale." In large network environments, flow data helps to provide a scalable way of seeing the big picture, as well as a streamlined platform for highlighting patterns of malicious behavior over time.

More and more commercial tools and platforms are available for collecting and storing not only flow data, but large volumes of other data such as DNS information, packet capture, security logs, and incident reports. How do we refine this "Big Data" into knowledge? How do we design methods for aggregated analyses at the network edge? How do we build systems for monitoring thousands or millions of assets at once?

The era of Big Data has brought with it the need to integrate cross-disciplinary expertise—in numerical methods, system design, software engineering, visualization, and analytical thinking—with the goal of gaining awareness and insight from raw records. Analysis of Big Data at the ISP and carrier-class network level adds challenges of data abstraction, context, and scope that must be addressed with the implementation of any system designed to help operational analysts use this data to learn about network threats.

For more information, please see http://www.cert.org/flocon/.

HICSS-CSS 2013 46th HAWAII International Conference on System Sciences, Internet and the Digital Economy Track, Cybercrime and Security Strategy Mini-track, Grand Wailea, Maui, Hawaii, USA, January 7 - 10, 2013. [posted here 04/30/2012]
We invite you to submit a paper for mini-track "Cybercrime and Security Strategy" scheduled for the 46th Hawaii International Conference on System Sciences (HICSS). The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion of computer-based criminal activity. There appears to be a need for research into cybercrime activities, and their causes. At the same time, it has become imperative to effectively protect information assets. The endeavor of this mini-track is to also enhance understanding about the issues associated with information security strategy. Few topics of interest include (but not limited to):
- Cyber crime activities, and their motivations
- Cyber security policy
- Cyber-infrastructure protection
- Legal and ethical challenges to cyber crime
- Digital forensics
- Cyber crime and societal implications
- Information security strategy
- Planning for information security
- Organizational barriers to security
- Understanding security culture

For more information, please see http://www.hicss.hawaii.edu/hicss_46/apahome46.htm.