|
Past Conferences and Journal Special Issues
Last Modified:12/22/14
Note: Please contact
cipher-cfp@ieee-security.org by email if you have any questions..
Contents
InTust 2014
6th International Conference on Trustworthy Systems,
Beijing, China, December 16-17, 2014.
[posted here 10/13/14]
The InTrust conference focuses on the theory, technologies and applications of trustworthy
systems. It is devoted to all aspects of trustworthy computing systems, including trusted
modules, platforms, networks, services and applications, as well as security concerns and
privacy issues of systems, from their fundamental features and functionalities to design
principles, architecture and implementation technologies. The goal of the conference is
to bring academic and industrial researchers, designers, and implementers together with
end-users of trusted systems, in order to foster the exchange of ideas in this
challenging and fruitful area.
For more information, please see
http://crypto.fudan.edu.cn/intrust2014/.
PPREW 2014
4th Program Protection and Reverse Engineering Workshop,
Co-Located with the Annual Computer Security Applications Conference (ACSAC 2014),
New Orleans, LA, USA, December 9, 2014.
[posted here 08/18/14]
Program protection and reverse engineering are dualisms of good and evil.
Beneficial uses of reverse engineering abound: malicious software needs to
be analyzed and understood in order to prevent their spread and to assess their
functional footprint; owners of intellectual property (IP) at times need to
recover lost or unmaintained designs. Conversely, malicious reverse
engineering allows illegal copying and subversion; designers can employ obfuscation and
tamper-proofing on IP to target various attack vectors. In this sense,
protecting IP and protecting malware from detection and analysis is a
double-edged sword: depending on the context, the same techniques are either
beneficial or harmful. Likewise, tools that deobfuscate malware in good
contexts become analysis methods that support reverse engineering for illegal activity.
PPREW invites papers on practical and theoretical approaches for
program protection and reverse engineering used in beneficial contexts,
focusing on analysis/ deobfuscation of malicious code and methods/tools
that hinder reverse engineering. Ongoing work with preliminary results,
theoretical approaches, tool-based methods, and empirical studies on various
methods are all appropriate. Studies on hardware/circuit based methods or
software/assembly based mechanisms are within scope of the workshop. We
expect the workshop to provide exchange of ideas and support for cooperative
relationships among researchers in industry, academia, and government.
Topics of interest include, but are not limited, to the following:
- Obfuscation / Deobfuscation (polymorphism)
- Tamper-proofing / Hardware-based protection
- Theoretic proofs for exploitation or protection
- Software watermarking / Digital fingerprinting
- Reverse engineering tools and techniques
- Side channel analysis and vulnerability mitigation
- Program / circuit slicing
- Information hiding and discovery
- Virtualization for protection and/or analysis
- Forensic and anti-forensic protection
- Moving target and active cyber defense
- Theoretic analysis frameworks (Abstract Interpretation,
Homomorphic Encryption, Term Rewriting Systems, Machine Learning,
Large Scale Boolean Matching)
- Component / Functional Identification
- Program understanding
- Source code (static/dynamic) analysis techniques
For more information, please see
http://www.pprew.org.
ACSAC 2014
Annual Computer Security Applications Conference,
New Orleans, LA, USA, December 8-12, 2014.
[posted here 06/02/14]
ACSAC is an internationally recognized forum where practitioners, researchers, and
developers in information system security meet to learn and to exchange practical ideas
and experiences. If you are developing practical solutions to problems relating to protecting
commercial enterprises' or countries' information infrastructures, consider submitting your
work to the Annual Computer Security Applications Conference. We especially encourage
submissions in the area of our Hard Topic Theme for 2014, Cybersecurity for
Cyber-Physical Systems. We are interested in submissions that address the application of
security technology, the implementation of systems, and lessons learned. Some example
topics are:
- Access control
- Assurance
- Audit
- Biometrics
- Boundary control
- Cloud security
- Cybersecurity
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation and compliance
- Resilience
- Security engineering
- Security usability
- Software security
- Supply chain risk
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security
For more information, please see
http://www.acsac.org.
SKM 2014
International Conference on Secure Knowledge Management,
BITS Pilani, Dubai, December 8-9, 2014.
[posted here 05/05/14]
The conference on Secure Knowledge Management will bring together researchers and
practitioners from academia, industry and government to raise the awareness and share
recent advances in knowledge management. The conference will provide a venue to
discuss and develop the next set of challenges in knowledge management that needs
to be tackled by the community.
Topics of interest include, but are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion
Markup Language, B2B Circles of Trust)
- Return on Investment in Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains,
Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security
- Security in B2B marketplace
- Security and Privacy in Online Social Media
- Wireless security in the context of Knowledge Management
- Data Mining for Fraud Detection (Financial Fraud Detection, Network Intrusion Detection)
- Risk Assessment
- Secure Knowledge Management in Distributed Systems
- Trust and Privacy in Knowledge management systems
- Security, Privacy, and Trustworthiness in Semantic web
- Secure Knowledge management in Big-data applications like Healthcare, finance, cloud etc.
For more information, please see
http://www.bits-dubai.ac.ae/skm2014/index.html.
IWSAC 2014
2nd International Workshop on Security Assurance in the Cloud,
Held in conjunction with the 10th International Conference on Signal Image Technology
& Internet Based Systems (SITIS 2014),
Marrakech, Morocco, November 23-27, 2014.
[posted here 09/22/14]
The ongoing merge between Service-Oriented Architectures (SOAs) and the Cloud
computing paradigm provides a new environment fostering the integration of services
located within company boundaries with those in the Cloud. An increasing number of
organizations implement their business processes and applications via runtime composition
of services made available in the Cloud by external suppliers. This scenario is changing
the traditional view of security introducing new service security risks and threats, and
requires re-thinking of current assurance, development, testing, and verification
methodologies. In particular, security assurance in the cloud is becoming a pressing need
to increase the confidence of the cloud actors that the cloud and its services are
behaving as expected, and requires novel approaches addressing SOA and cloud
peculiarities. IWSAC 2014 is the continuation of the International Workshop on Securing
Services on the Cloud, held in September 2011, Milan, Italy. It aims to address the
security assurance issues related to the deployment of services in the Cloud, along
with evaluating their impact on traditional security solutions for software and network
systems. The workshop seeks submissions from academia and industry presenting novel
research on all theoretical and practical aspects of security and assurance of services
implemented in the Cloud, as well as experimental studies in Cloud infrastructures, the
implementation of services, and lessons learned. Topics of interest include, but are not
limited to:
- Authentication and access control in the cloud
- Challenges in moving critical systems to the cloud
- Cloud accountability
- Cloud audit
- Cloud compliance
- Cloud certification
- Cloud transparency, introspection, and outrospection
- Cybersecurity in the cloud
- Data security and privacy in the Cloud
- Information assurance and trust management
- Intrusion detection in the Cloud
- Security assurance in the cloud
- Security and assurance protocols in the Cloud
- Service level agreements
- Service procurement in the cloud
- Service verification in critical cloud services
- Test-based and monitoring-based verification of cloud services
For more information, please see
http://sesar.di.unimi.it/IWSAC2014.
VizSec 2014
11th Visualization for Cyber Security,
Paris, France, November 10, 2014.
[posted here 04/14/14]
The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers
and practitioners from academia, government, and industry to address the needs of the cyber
security community through new and insightful visualization and analysis techniques. VizSec
provides an excellent venue for fostering greater exchange and new collaborations on a
broad range of security- and privacy-related topics.
Full papers describing novel contributions in security visualization are solicited. Papers may present
techniques, applications, practical experience, theory, analysis, or experiments and evaluations.
We encourage the submission of papers on technologies and methods that promise to improve
cyber security practices, including, but not limited to:
- Situation awareness and/or understanding
- Incident handling including triage, exploration, correlation, and response
- Computer forensics
- Recording and reporting results of investigations
- Reverse engineering and malware analysis
- Multiple data source analysis
- Analyzing information requirements for computer network defense
- Evaluation and/or user testing of VizSec systems
- Criteria for assessing the effectiveness of cyber security visualizations
(whether from a security goal perspective or a human factors perspective)
- Modeling system and network behavior
- Modeling attacker and defender behavior
- Studying risk and impact of cyber attacks
- Predicting future attacks or targets
- Security metrics and education
- Software security
- Mobile application security
- Social networking privacy and security
For more information, please see
http://www.vizsec.org.
LISA 2014
28th Large Installation System Administration Conference,
Seattle, WA, USA, November 9–14, 2014.
[posted here 03/03/14]
USENIX’s Large Installation System Administration (LISA) conference - now in its 28th year -
is the premier meeting place for professionals who make computing work across a
variety of industries. If you’re an IT operations professional, site-reliability engineer,
system administrator, architect, software engineer, researcher, or otherwise involved in
ensuring that IT services are effectively delivered to others - this is
your conference, and we’d love to have you here. At LISA, systems theory meets operational
practice. This is the best environment for you to talk about what you’ve been working on
with other professionals—both in industry and in academia. Giving a
presentation at LISA is the path to real-world impact by highlighting
your team’s or project’s achievements. We are actively soliciting talks
in areas such as cloud computing, creating a positive ops culture,
software-defined networking, large-scale computing, distributed systems,
security, analytics, visualization, and IT management methods -
but we will consider exciting, engaging talks on any topic relevant to LISA attendees.
For more information, please see
https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf.
CCSW 2014
ACM Cloud Computing Security Workshop (CCSW),
Held in conjunction with the 21st ACM Conference on Computer and Communications Security (CCS 2014),
Scottsdale, Arizona, USA, November 7, 2014.
[posted here 06/02/14]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale
computing and cloud-like infrastructures are here to stay. The exact form they take is still
for the markets to decide, yet one thing is certain: clouds bring with them new deployment
models and hence new adversarial threats and vulnerabilities. CCSW brings together researchers
and practitioners in all security aspects of outsourced computing, including:
- practical cloud security solutions
- practical cryptography for cloud security
- secure cloud resource virtualization
- network virtualization
- secure data management outsourcing
- practical privacy & integrity for outsourcing
- foundations of cloud-centric threat models
- secure & verifiable computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- cloud-aware web service security paradigms
- cloud-centric regulatory compliance
- business & security risk models in the cloud
- cost & usability models and their interaction with security
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis for remote attestation and cloud protection
- cloud network security (DoS defense, IDS)
- security for cloud programming models
- energy/costs/efficiency of security in clouds
For more information, please see
http://digitalpiglet.org/nsac/ccsw14/.
ACM-CCS 2014
21st ACM Conference on Computer and Communications Security,
The Scottsdale Plaza Resort, Scottsdale, Arizona, USA, November 3-7, 2014.
[posted here 03/17/14]
The conference seeks submissions from academia, government, and industry presenting
novel research results in all practical and theoretical aspects of computer and
communications security. Papers should be related to the construction, evaluation,
application, or operation of secure systems. Theoretical papers must make a convincing
argument for the relevance of the results to secure systems. All topic areas related to
computer and communications security are of interest and in scope. Accepted papers
will be published by ACM Press in the conference proceedings. Outstanding papers will
be invited for possible publication in a special issue of the ACM Transactions on Information
and System Security. Further concrete instructions and submissions rules and regulations
will be published in the Call for Papers which will be accessible via the conference web page.
For more information, please see
http://www.sigsac.org/ccs/CCS2014/.
SafeConfig 2014
Workshop on Cyber Security Analytics and Automation,
Held in conjunction with the 21st ACM Conference on Computer and Communications Security (CCS 2014),
Scottsdale, Arizona, USA, November 3, 2014.
[posted here 06/30/14]
Ensuring correctness and integrity of system configurations and associated policies are key to
proper functioning, accessibility, security, privacy and resilience of modern information systems
and services. However, this is a daunting in large enterprise systems that may contain millions of
physical and/or virtual components that must be properly configured and secured from unauthorized
access. Furthermore, the configuration variables often have explicit or hidden interdependencies
that must be understood in order to ensure proper end to end behavior.
The new sophisticated cyber security threats demand new security techniques and approaches
that offer proactive, intelligent and a holistic security analytics based on analyzing the system
artifacts including system traces, configurations, logs, incident reports, alarms and network
traffic. Scalable analytics techniques are essential to handle large volumes of data and to
normalize, model, integrate, analyze and respond to threats in real time. As the current technology
moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and
virtual computing) and integration of large variety of sensors, the need for large-scale security
analytics and automation becomes essential to enable intelligent response, automated defense,
and network resilience and agility.
This workshop offers a unique opportunity by bringing together researchers from academia,
industry as well as government agencies to discuss the challenges listed above, to exchange
experiences, and to propose joint plans for promoting research and development in this area.
SafeConfig is a one day forum that includes invited talks, technical presentations of
peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration.
SafeConfig was started in 2009 and has been continuously running since then. It provides
a unique forum to explore theoretical foundations, algorithmic advances, modeling, and
evaluation of configuration related challenges for large scale cyber and cyberphysical systems.
For more information, please see
http://www.cyberdna.uncc.edu/safeconfig/2014/.
WISCS 2014
1st ACM Workshop on Information Sharing and Collaborative Security,
Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014),
Scottsdale, Arizona, USA, November 3, 2014.
[posted here 04/28/14]
Sharing of security related information is believed to greatly enhance the ability of
organizations to defend themselves against sophisticated attacks. If one organization
detects a breach the automated sharing of observed security indicators (such as IP addresses,
domain names etc.) provide valuable, actionable information to others. Through analyzing
shared data it seems possible to get much better insights into emerging attacks. Sharing
higher level intelligence about campaigns, threat actors and mitigations is also of great
interest. Both in the US and the EU there are major efforts underway to strengthen
information sharing. Yet there are a number of technical and policy challenges to realizing this vision.
Which information exactly should be shared? How can privacy and confidentiality be protected? How
can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives?
The first Workshop on Information Sharing and Collaborative Security (WISCS 2014) aims to bring together
experts and practitioners from academia, industry and government to present innovative research, case
studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to:
- Collaborative intrusion detection
- Case studies for information sharing
- Domain name and IP address blacklisting
- Collaborative approaches to spear-phishing and DDoS attacks
- Data deidentification
- Privacy and confidentiality
- Cryptographic protocols for collaborative security
- Scalability of security analysis on shared data
- Ontologies and standards for sharing security data
- Human factors in collaboration
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration
For more information, please see
https://sites.google.com/site/wiscs2014/.
MTD 2014
1st ACM Workshop on Moving Target Defense,
Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014),
Scottsdale, Arizona, USA, November 3, 2014.
[posted here 04/21/14]
The static nature of current computing systems has made them easy to attack and harder to
defend. Adversaries have an asymmetric advantage in that they have the time to study a
system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum
benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric
disadvantage on the attacker by making systems dynamic and harder to predict. With a
constantly changing system and its ever adapting attack surface, the attacker will have
to deal with a great deal of uncertainty just like defenders do today. The ultimate goal is to
level the cybersecurity playing field for defenders versus attackers.
This workshop seeks to bring together researchers from academia, government, and industry to
report on the latest research efforts on moving-target defense, and to have productive discussion
and constructive debate on this topic. We solicit submissions on original research in the broad
area of MTD, with possible topics such as those listed below. Since this is still a research area
in a nascent stage, the list should only be used as a reference. We welcome all works that fall
under the broad scope of moving target defense, including research that shows negative results.
Topics include:
- System randomization
- Artificial diversity
- Cyber maneuver
- Bio-inspired defenses
- Dynamic network configuration
- Moving target in the cloud
- System diversification techniques
- Dynamic compilation techniques
- Adaptive defenses
- Analytical models for MTD
- Large-scale MTD (using multiple techniques)
For more information, please see
http://csis.gmu.edu/MTD2014.
TrustED 2014
4th International Workshop on Trustworthy Embedded Devices,
Co-located with the ACM Conference on Computer & Communications Security (CCS 2014),
Scottsdale, Arizona, USA, November 3, 2014.
[posted here 05/12/14]
TrustED considers selected security and privacy aspects of cyber physical
systems and their environments. We aim to bring together experts from
academia, research institutions, industry, and government to discuss
problems, challenges, and recent scientific and technological advances
in this field. In particular, we strongly encourage industry participation
and submissions. The workshop topics include, but are not limited to:
- Embedded system security
- Privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
- Physical and logical convergence (e.g., secure and privacy-preserving facility management)
- Hardware entangled cryptography
- Foundation, development, and applications of physical security primitives (e.g., physical
unclonable functions - PUFs)
- Remote attestation and integrity verification
- IP protection for embedded systems
- Reverse engineering
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- New protection paradigms for trustworthy embedded systems
For more information, please see
http://www.trusted-workshop.de.
CNS 2014
2nd IEEE Conference on Communications and Network Security,
San Francisco, CA, USA, October 29-31, 2014.
[posted here 01/13/14]
IEEE Conference on Communications and Network Security (CNS) is a new
conference series in IEEE Communications Society (ComSoc) core conference
portfolio and the only ComSoc conference focusing solely on cyber security.
IEEE CNS is a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking.
The goal of CNS is to provide an outstanding forum for cyber security researchers,
practitioners, policy makers, and users to exchange ideas, techniques and tools,
raise awareness, and share experience related to all practical and theoretical
aspects of communications and network security.
Building on the success of last year's inaugural conference, IEEE CNS 2014 seeks
original high-quality technical papers from academia, government, and industry.
Topics of interest encompass all practical and theoretical aspects of communications
and network security, all the way from the physical layer to the various network
layers to the variety of applications reliant on a secure communication substrate.
Submissions with main contribution in other areas, such as information security,
software security, system security, or applied cryptography, will also be considered
if a clear connection to secure communications/networking is demonstrated.
For more information, please see
http://ieee-cns.org.
M2MSec 2014
International Workshop on Security and Privacy in Machine-to-Machine Communications,
Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014),
San Francisco, CA, USA, October 29, 2014.
[posted here 04/21/14]
The First International Workshop on Security and Privacy in Machine-to-Machine
Communications (M2MSec'14) aims to foster innovative research and discuss about security
and privacy challenges, solutions, implementations, and standardization in emerging M2M
communication systems. Papers from academic researchers, industry practitioners, and
government institutions offering
novel research contributions in all theoretical and practical aspects of security and privacy in
M2M communications are solicited for submission to M2MSec'14. The scope of this workshop
covers all aspects of security and privacy in M2M communications and particular topics
of interest include, but are not limited to:
- Threat and vulnerability analysis in M2M communications
- Attacks and countermeasures in M2M communications
- System architecture for security and privacy in M2M communications
- Physical layer security in M2M communications
- Cross layer design for security and privacy in M2M communications
- Security and privacy in smart grid, RFID, near field communications (NFC), bluetooth,
wireless sensor networks, body area networks, e-health, vehicular ad-hoc networks
- Lightweight cryptographic primitives and protocols
- Trust and assurance in M2M communications
- Hardware security module and platform for M2M communications
- Identity and credential management in M2M communications
- Standardization for M2M communications
- Cloud computing and M2M communications
- Device-to-Device (D2D) networks such as LTE-direct
- Pervasive sensing Networks, including mobile crowdsourcing, participatory sensing
- Novel attacks resulting in IoT environments
- Data mining, cleaning and analysis techniques for IoT
- Real world deployment and experiences
- Prototype IoT systems and applications
For more information, please see
http://www.m2m-sec.org/.
BDSP 2014
1st IEEE International Workshop on Big Data Security and Privacy,
Washington DC, USA, October 27-30, 2014.
(Submission Due 30 August 2014) [posted here 05/12/14]
Big Data is characterized by the integration of a significant amount of data, of varying
modalities or types, at a pace that cannot be handled by traditional data management
systems. This has sparked innovation in the collection, processing and storage of this data.
The analytic systems built to leverage Big Data have yielded (and hold even greater promise
to uncover) remarkable insights that enable a host of new applications that were not
thought possible prior to the era of Big Data. However, with this capacity to contribute
to and benefit the greater good comes the responsibility to protect the subjects referenced
in the data sets. In this context, the old adage is correct - "With great power, comes great
responsibility". Ultimately, the data subjects own the data and they stand to suffer most
significantly from the data's compromise.
Thus, there needs to be advances in techniques for 1) ingesting Big Data in a secure and
privacy-preserving, 2) performing Big Data analysis in a secure environment and in a
privacy-preserving manner, and 3) storing and enforcing retention policy securely (and
in private modes) for Big Data systems. If these solutions are not in place, then the
willingness of people to contribute their data to be included in a Big Data system decreases.
Additionally, Big Data professionals need to perform risk analyses, as they relate to
security and privacy, to get a realistic view of the safety of the landscape.
There is a lot of work to be done in this emerging field. This workshop is a venue for
researchers and practitioners to come together and tackle them in a supportive and
stimulating environment.
For more information, please see
http://www.bigdatasecurityprivacyworkshop.com.
CANS 2014
13th International Conference on Cryptology and Network Security,
Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014.
[posted here 02/03/14]
Papers offering novel research contributions are solicited for submission
to the 13rd International Conference on Cryptology and Network Security
(CANS-2014). The focus is on original, high quality, unpublished research
and implementation experiences. We encourage submissions of papers
suggesting novel paradigms, original directions, or non-traditional
perspectives. Submitted papers must not substantially overlap with papers that have
been published or that are submitted in parallel to a journal or a
conference with formally published proceedings.
Topics include (but not limited to):
- Access Control for Networks Mobile Code Security
- Anonymity & Pseudonymity Multicast Security
- Attacks & Malicious Code Network Security
- Authentication, Identification Peer-to-Peer Security
- Block & Stream Ciphers Public Key Cryptography
- Cloud Security Security Modeling
- Cryptographic Algorithms Security Architectures
- Cryptographic Protocols Security in Location Services
- Denial of Service Protection Security in Social Networks
- Embedded Platform Security Sensor Network Security
- Hash Functions Spam & SPIT Protection
- Identity & Trust Management Spyware Analysis and Detection
- (Future) Internet Security Virtual Private Networks
- Key Management Wireless and Mobile Security
For more information, please see
http://www.ics.forth.gr/cans2014.
TrustCol 2014
9th IEEE International Workshop on Trusted Collaboration,
Held in conjunction with IEEE CollaborateCom 2014,
Miami, Florida, USA, October 22, 2014.
[posted here 07/21/14]
The key goal of this workshop is to foster active interactions among diverse
researchers and practitioners, and generate added momentum towards research
in finding viable solutions to the security and privacy challenges faced by the
current and future collaborative systems and infrastructures.
We solicit unpublished research papers, both regular (8 pages max) and short
(4 pages max) papers, that address theoretical issues and practical
implementations/experiences related to security and privacy solutions for
collaborative systems. Topics of interest include, but are not limited to:
- Secure dynamic coalition environments
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Security and privacy challenges in cloud-based collaborative applications
- Insider threats in collaborative systems/applications
For more information, please see
http://honeynet.asu.edu/trustcol2014.
WESS 2014
9th Workshop on Embedded Systems Security,
New Delhi, India, October 17, 2014.
[posted here 06/02/14]
Embedded computing systems are continuously adopted in a wide range of application
areas and importantly, they are responsible for a large number of safety-critical systems
as well as for the management of critical information. The advent of Internet-enabled
embedded systems introduces a large number of security issues: the Internet can be used
to attack embedded systems and embedded systems can be used to attack the Internet.
Furthermore, embedded systems are vulnerable to many attacks not relevant to servers
because they are physically accessible. Inadvertent threats due to bugs, improper system
use, etc. can also have effects that are indistinguishable from malicious attacks.
This workshop will address the range of problems related to embedded system security.
Of particular interest are security topics that are unique to embedded systems. The
workshop will provide proceedings to the participants and will encourage discussion
and debate about embedded systems security. Topics of Interest (but not limited to):
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware, hyperware and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software co-design for secure embedded systems
- Specialized hardware support for security protocols
- Efficient and secure implementation of cryptographic primitives
For more information, please see
http://www.wess-workshop.org/.
NordSec 2014
19th Nordic Conference on Secure IT Systems,
Tromsø, Norway, October 15-17, 2014.
[posted here 03/03/14]
NordSec addresses a broad range of topics within IT security with the aims of bringing
together computer security researchers and encourage interaction between academia
and industry. In 2014 the conference has special focus on Security and Privacy for Cloud
Computing and Big Data. Contributions within, but not limited to, the following areas
are welcome:
- Applied cryptography
- Communication and network security
- Internet and web-security
- Operating system security
- Software security
- Language-based techniques for security
- Security protocols
- Access control and security models
- Privacy and privacy-enhancing technologies
- Trust and reputation management
- Security evaluation and measurements
- Commercial security policies and enforcement
- Computer crime and information warfare
- Social engineering and phishing
- Intrusion detection
- Security management and audit
- New ideas and paradigms in security
- Usable security and privacy
For more information, please see
http://site.uit.no/nordsec2014/.
LASER 2014
2014 Workshop on Learning from Authoritative Security Experiment Results,
Arlington, Virginia, USA, October 15-16, 2014.
[posted here 05/05/14]
The LASER workshop invites papers that strive to exemplify the practice of science
in cyber security. The goal of this series of workshops, now in its third year, is
to address the practice of good science. We encourage participants who want
to help others improve their practice and participants who want to improve their
own practice. LASER seeks to foster a dramatic change in the paradigm of cyber security
research and experimentation. Participants will find LASER to be a constructive and highly
interactive venue featuring informal paper presentations and extended discussions.
LASER welcomes papers that are:
- Exemplars of the practice of science in cyber security
- Promising works-in-progress that would benefit from expert feedback
For more information, please see
http://www.laser-workshop.org.
ISC 2014
17th Information Security Conference,
Hong Kong, October 12-14, 2014.
[posted here 05/12/14]
The Information Security Conference (ISC), which started as a workshop
(ISW) in 1997, is one of the first conferences bringing together computer
security and cryptographers. It has been held in 5 different continents.
Its proceedings are published by Springer.
Potential topics to be addressed by submissions include, but are not limited to:
- applied information security in the context of: eBusiness, eCommerce, eGovernment
- computer security, e.g.: access control, database security, e-voting, formal methods, intrusion detection,
trust models, watermarking
- cryptography, e.g.: anonymity, authentication, e-voting, fingerprinting, key management, privacy
- general topics: anonymity, authentication, biometrics, insider threats, location services, network security, privacy
- hardware aspects and embedded systems,
- management aspects of security: economic aspects, digital right management, dissemination control,
identity management, incident response, trust management
- security (aspects) of: cloud computing, outsourcing IT, pervasive computing, social networks, user-friendliness
- software issues: malware, mobile code aspects, operating system security, predicting malware, software
security, web security
For more information, please see
http://isc14.ie.cuhk.edu.hk.
ProvSec 2014
8th International Conference on Provable Security,
Hong Kong, October 9-10, 2014.
[posted here 05/12/14]
Provable security is an important research area in modern cryptography.
Cryptographic primitives or protocols without a rigorous proof cannot be
regarded as secure in practice. In fact, there are many schemes that were
originally thought as secure but eventually broken, which clearly
indicates the need of formal security assurance. With provable security,
we are confident in using cryptographic schemes and protocols in various
real-world applications. Meanwhile, schemes with provable security
sometimes give only theoretical feasibility rather than a practical
construction, and correctness of the proofs may be difficult to verify.
ProvSec conference thus provides a platform for researchers, scholars and
practitioners to exchange new ideas for solving these problems in the
provable security area. All aspects of provable security for cryptographic primitives or
protocols, include but are not limited to the following areas:
- Asymmetric provably secure cryptography
- Cryptographic primitives
- Lattice-based security reductions
- Leakage-resilient cryptography
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis
For more information, please see
http://home.ie.cuhk.edu.hk/~provsec14.
OSDI 2014
11th USENIX Symposium on Operating Systems Design and Implementation,
Broomfield, CO, USA, October 6–8, 2014.
[posted here 03/03/14]
The 11th USENIX Symposium on Operating Systems Design and Implementation seeks to
present innovative, exciting research in computer systems. OSDI brings together professionals
from academic and industrial backgrounds in what has become a premier forum for discussing
the design, implementation, and implications of systems software. The OSDI Symposium
emphasizes innovative research as well as quantified or insightful experiences in systems
design and implementation. OSDI takes a broad view of the systems area and solicits
contributions from many fields of systems practice, including, but not limited to, operating
systems, file and storage systems, distributed systems, cloud computing, mobile systems,
secure and reliable systems, embedded systems, virtualization, networking as it relates to
operating systems, management and troubleshooting of complex systems. We also welcome
work that explores the interface to related areas such as computer architecture, networking,
programming languages, and databases. We particularly encourage contributions containing
highly original ideas, new approaches, and/or groundbreaking results.
For more information, please see
https://www.usenix.org/conference/osdi14/call-for-papers.
eCrime 2014
9th Symposium on Electronic Crime Research,
Held in conjunction with the 2014 APWG General Meeting,
Birmingham, Alabama, USA, September 23-25, 2014.
[posted here 03/31/14]
The eCrime Symposium consists of two full days which bring together academic
researchers, security practitioners, and law enforcement to discuss all aspects of
electronic crime and ways to combat it. Topics of interest include (but are not
limited to):
- Emerging attack methods
- Online advertising fraud
- Large-scale take-downs
- Economics of online crime
- Technical, legal, political aspects of online fraud
- Assessing the risks and yields of modern attacks
- Defending critical internet infrastructure
For more information, please see
http://ecrimeresearch.org/events/ecrime2014.
SLSS 2014
International Workshop on System Level Security of Smartphones,
Held in conjunction with SecureComm 2014,
Beijing, China, September 23, 2014.
[posted here 05/26/14]
This workshop will discuss various aspects of system level security
of smartphones, and stitch together the aspects into holistic and deep
understandings. Some specific aspects include system metadata abuse,
.so level rootkits in Android, finer-grained protection domains, cross-layer
vulnerability analysis, and context-aware access control.
Through the workshop, some new vulnerabilities and attack on Android/IOS systems
could be revealed, and some security design principles of next generation
smartphone Operating Systems could be identified. The workshop will be more
discussion oriented than regular workshops, it will include a few selected
presentations, each with a 15 minutes speech and 45 minutes discussion.
Research contributions are solicited in all aspects related to system level
security of smartphones, including but not limited to:
- System level vulnerabilities of Android/ IOS system, for example
cross-layer vulnerability analysis, service vulnerabilities, etc.
- New attacks on Android/IOS systems, for example metadata-based attack,
.so level rootkits, etc.
- Design of next generation secure smartphone systems, for example finer-grained
protection domains, context-aware access control, etc.
For more information, please see
http://www.dacas.cn/slss2014.
RAID 2014
17th International Symposium on Research in Attacks, Intrusions and Defenses,
Gothenburg, Sweden, September 17-19, 2014.
[posted here 03/03/14]
The 17th International Symposium on Research in Attacks, Intrusions and Defenses aims
at bringing together leading researchers and practitioners from academia, government, and
industry to discuss novel research contributions related to any area of computer and information
security. As in previous years, all topics related to intrusion detection and prevention are within
scope. In addition, topics of interest also include but are not limited to:
- Intrusion detection and prevention
- Malware and botnet analysis, detection, and mitigation
- Smartphone and other embedded systems security
- Network & active defenses
- Web application security
- New attacks against computers and networks
- Insider attack detection
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis
- Secure software development
- Machine learning for security
- Computer security visualization techniques
- Network exfiltration
- Online money laundering and underground economy
- Hardware vulnerabilities
- Binary analysis and reverse engineering
- Digital forensics
- Security and privacy
For more information, please see
http://www.raid2014.eu/cfp.html.
NSPW 2014
New Security Paradigms Workshop,
Victoria, British Columbia, Canada, September 15-18, 2014.
[posted here 03/03/14]
The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security.
By encouraging participants to think “outside the box” and giving them an opportunity to interact with open-minded
peers, NSPW seeks to foster paradigm shifts in the field of information security. NSPW is a highly interactive
venue, with informal paper presentations, lively, extended discussions, shared activities, and group meals,
all in the spectacular setting of Victoria, British Columbia, Canada. Most of the papers accepted to NSPW
push the boundaries of science and engineering beyond what would be considered mainstream in more
traditional security conferences. We are particularly interested in perspectives that augment traditional
computer security, both from other areas of computer science and other sciences that study
adversarial relationships such as biology, economics, and the social sciences.
For more information, please see
http://www.nspw.org/2014/cfp.
SMPE 2014
1st Workshop on Security and Privacy Aspects of Mobile Environments,
Co-located with ACM MobiCom 2014,
Maui, Hawaii, USA, September 11, 2014.
[posted here 05/12/14]
Increased adoption of mobile communications technologies (e.g., smartphones and Internet
tablets), along with the growing popularity of mobile applications and online social network
services (e.g., mobile Facebook, Foursquare, mobile YouTube), dramatically changed the
computing and networking landscapes. Such mobile environments, while creating and
promoting several new opportunities for users, businesses and enterprises by complementing
and often supplanting traditional Internet communication, opened up new challenges with
new forms of security risks and privacy threats. Mobile devices security and privacy research
has been very active and productive since the inception of smartphones and app markets.
Both regulatory and technology efforts are also underway to address some of the privacy
and security requirements of mobile systems and services. The workshop will discuss
issues in mobile devices and applications, mobile location-based services, ad-hoc and
infrastructure-based mobile networks, with particular focus on theoretical and practical
aspects of design, usability and performance evaluation of security and privacy.
This workshop will solicit research papers, work-in-progress papers, industry and
regulatory position reports from academia, industry, and government agencies. The
proposed workshop seeks to promote dynamic interdisciplinary discussions and
collaboration on the various aspects of security and privacy of mobile devices,
applications and mobile networking operations.
Topics of interest include but are not limited to:
- Mobile networks security
- Mobile handsets devices security
- Security and privacy of mobile applications
- Hardware enabled security
- Usability of security and privacy
- New economic models of privacy-preserving mobile systems/applications
- Mobile identity management systems
- Mobile payment systems
- Privacy and security threats identification
- Censorship resistance in mobile environments
- Privacy preserving analytics in mobile environments
- Contextual (context-based) security and privacy
- Security and privacy in next generation mobile networks
- Security and privacy in wearable technologies
For more information, please see
http://www.smpe2014.org/.
BADGERS 2014
3rd International Workshop on Building Analysis Datasets and Gathering
Experience Returns for Security,
Held in conjunction with ESORICS 2014,
Wroclaw, Poland, September 11, 2014.
[posted here 06/23/14]
The BADGERS workshop is the venue for research on Big Data for security. In contrast
to the systems community, security researchers have only recently started collecting
and looking at Internet-scale, real-world data (e.g., the EU WOMBAT and the US PREDICT
initiatives). Experimental security analysis performed on such data is often hampered by
concerns such as confidentiality, privacy, and liability. However attackers have become
experts in leveraging the whole Internet to achieve their goals. To understand the modus
operandi and the motivations of attackers, both the access to Internet-scale, real-world
data and the techniques to mine it for relevant security knowledge are necessary. Hence
there is a growing need to widen the scope of data-driven security analysis.
The BADGERS workshop is positioned at the confluence of computer security and general
purpose large-scale data processing and aims at bringing together people (e.g., researchers,
practitioners, system administrators, security analysts) active in the emerging domain of
security-related data collection and analysis for Internet-scale computer systems and networks.
By giving visibility to existing solutions, the workshop promotes and encourages the better
sharing of data and knowledge. The increasing availability of tools and techniques to
process large-scale data (aka Big Data) will benefit computer security.
For more information, please see
http://necoma-project.eu/badgers14/.
SETOP 2014
7th SETOP International Workshop on Autonomous and Spontaneous Security,
Held in conjunction with ESORICS 2014,
Wroclaw, Poland, September 11, 2014.
[posted here 03/31/14]
Autonomous and Spontaneous security focuses on the dynamics of system behaviour
in response to threats, their detection, characterisation, diagnosis and mitigation in
particular through architectural and behavioural reconfiguration. Such approaches are
needed in Embedded Systems, Pervasive Computing, and Cloud environments, which
bridge the physical, social, and computing worlds and challenge traditional security
provisions from different perspectives. Systems must be agile and continue to operate
in the presence of compromise, introspective and self-protecting rather than just
hardened, resilient to more complex threats yet more vulnerable as they are physically
accessible, widely heterogeneous and need to integrate long-term legacy components.
Ensuring their resilience and protecting such systems at scale requires novel solutions across
a broad spectrum of computational and resource environments, that integrate techniques
from different areas including security, network management, machine learning, knowledge
representation, control theory, stochastic analysis and software engineering amongst others.
SETOP invites submissions of novel research results and practical experiences relevant to
autonomous and spontaneous security approaches.
For more information, please see
http://www.setop.info.
STM 2014
10th International Workshop on Security and Trust Management,
Held in conjunction with ESORICS 2014,
Wroclaw, Poland, September 10-11, 2014.
[posted here 04/28/14]
The workshop seeks submissions from academia, industry, and government
presenting novel research on all theoretical and practical aspects of security
and trust in ICTs. Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Applied cryptography
- Authentication
- Complex systems security
- Data and application security
- Data protection
- Data/system integrity
- Digital right management
- Economics of security and privacy
- E-services
- Formal methods for security and trust
- Identity management
- Legal and ethical issues
- Networked systems security
- Operating systems security
- Privacy
- Security and trust metrics
- Security and trust policies
- Security and trust management architectures
- Security and trust in cloud environments
- Security and trust in grid computing
- Security and trust in pervasive computing
- Security and trust in social networks
- Social implications of security and trust
- Trust assessment and negotiation
- Trust in mobile code
- Trust models
- Trust management policies
- Trust and reputation systems
- Trusted platforms
- Trustworthy systems and user devices
- Web services security
For more information, please see
http://stm14.uni.lu/.
SecATM 2014
International Workshop on Security in Air Traffic Management and other Critical Infrastructures,
Held in conjunction with ARES 2014,
University of Fribourg, Switzerland, September 9-12, 2014.
[posted here 03/03/14]
Global air traffic management (ATM) is evolving from siloed, local, proprietary systems to
interconnected wide-area information systems. There is rapid development, as demonstrated by the
US NextGen and the European Single European Sky ATM Research programme.
Increased automation and interconnection also translates into increased security risks, and this
workshop will focus on security of next-generation air traffic management systems and similar
critical information infrastructures. Throughout the recent years the understanding was
developed that the security. Suggested topics include, but are not limited to the
following in ATM and related critical infrastructures:
- Security Policy
- Risk assessment
- Security management
- Security validation
- Best practices
- Secure middleware solutions
- Experience reports
- Challenges of security assessment in a safety-oriented environment
For more information, please see
http://www.secatm.org.
SIN 2014
7th International Conference on the Security of Information and Networks,
Glasgow, UK, September 9-11, 2014.
[posted here 05/26/14]
The 7th International Conference on Security of Information and Networks (SIN 2014)
provides an international forum for presentation of research and applications of
security in information and networks. SIN 2014 features contributed as well as
invited papers, special sessions, workshops, and tutorials on theory and practice.
Its drive is to convene a high quality, well-attended, and up-to-date conference
on scientific and technical issues of security in information, networks, and
systems. Topics of interest include (but are not limited to):
- Access control and intrusion detection
- Cyber Physical Systems
- Autonomous and adaptive security
- Security tools and development platforms
- Computational intelligence techniques in security
- Security ontology, models, protocols & policies
- Computer network defense
- Standards, guidelines and certification
- Cryptographic techniques and key management
- Security-aware software engineering
- Industrial applications of security
- Trust and privacy
- Information assurance
- Cyber Warfare (attacks and defenses)
- Next generation network architectures
- Malware analysis
- Network security and protocols
- Security challenges in Mobile/Embedded Systems
For more information, please see
http://www.sinconf.org/sin2014/.
ECTCM 2014
2nd International Workshop on Emerging Cyberthreats and Countermeasures,
Co-located with International Conference on Availability, Reliability and Security (ARES 2014),
Fribourg, Switzerland, September 8-12, 2014.
[posted here 03/03/14]
ECTCM aims at bringing together researchers and practitioners working in different areas related
to cybersecurity. All unveilings regarding massive worldwide online surveillance in the past year
led to a somewhat changed cyber world. We want to contribute to the current discussions about
all technical aspects of this problem. Therefore this years' workshop focuses on new Targeted
Attacks, Malware and all aspects of Privacy. Contributions demonstrating current weaknesses
and threats as well as new countermeasures are warmly welcome.
For more information, please see
http://www.ectcm.net/.
ACC 2014
IEEE International Workshop on Autonomic Cloud Cybersecurity,
Held in conjunction with the IEEE International Conference on Cloud and
Autonomic Computing (CAC 2014),
London, UK, September 8, 2014.
[posted here 03/03/14]
Cloud computing services offer cost effective, scalable, and reliable outsourced platforms.
Cloud adoption is becoming rapidly ubiquitous; therefore, private and sensitive data is being
moved into the cloud. This move is introducing new security and privacy challenges, which should
be diligently addressed in order to avoid severe security repercussions. The focus of this workshop
is to offer a discussion forum about autonomous cybersecurity systems, which offer viable and
well-suited solutions for cloud threat prediction, detection, mitigation, and prevention.
The workshop is part of the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014),
and is collocated with The 8th IEEE Self-Adaptive and Self-Organizing System Conference and The 14th
IEEE Peer-to-Peer Computing Conference. We are soliciting original and unpublished results of ongoing
research projects, emerging trends, uses cases, and implementation experiences in autonomous cloud
cybersecurity systems and solutions. The topics covered include, but are not limited to:
- Self-protection techniques of computing systems, networks and applications
- Performance evaluation and metrics of self-protection algorithms
- Metrics to characterize and quantify the cybersecurity algorithms (confidentiality, integrity,
and availability of autonomic systems)
- Anomaly behavior analysis and discovery of autonomic systems and services
- Data mining, stochastic analysis and prediction of autonomic systems and applications
- Datasets and benchmarks to compare and evaluate different self-protection techniques
- Autonomic prediction of cyber crime
- Cloud cryptographic systems
- Autonomous cyber threat mitigation methods
- Cloud security protocols
- Automated cloud security analysis
- Cloud cybersecurity tools
For more information, please see
http://sesar.dti.unimi.it/ACC2014.
ESORICS 2014
19th European Symposium on Research in Computer Security,
Wroclaw, Poland, September 7-11, 2014.
[posted here 03/17/14]
ESORICS (European Symposium on Research in Computer Security) is the premier
European research conference in computer security. ESORICS started in 1990 and
has been held in several European countries, attracting an international audience from
both the academic and industrial communities. ESORICS 2014, the 19th symposium in
the series, will be held in Poland at the Institute of Mathematics and Computer Science,
Wroclaw University of Technology. Papers offering novel research contributions in all
aspects of computer security are solicited for submission to ESORICS 2014. The primary
focus is on original, high quality, unpublished research, but submissions describing
implementation experiences and industrial research and development are also encouraged.
All topics related to security, privacy and trust in computer systems and networks are of
interest and in scope. Purely theoretical papers, e.g. in cryptography, must be explicit
about the relevance of the theory to the security of IT systems.
For more information, please see
http://esorics2014.pwr.wroc.pl/index.html.
TGC 2014
9th Symposium on Trustworthy Global Computing,
Co-located with Concur 2014,
Rome, Italy, September 5-6, 2014.
[posted here 01/13/14]
The Symposium on Trustworthy Global Computing is an international annual
venue dedicated to secure and reliable computation in the so-called global
computers, i.e., those computational abstractions emerging in large-scale
infrastructures such as service-oriented architectures, autonomic systems,
and cloud computing.
The TGC series focuses on providing frameworks, tools, algorithms, and
protocols for rigorously designing, verifying, and implementing open-ended,
large-scaled applications. The related models of computation incorporate
code and data mobility over distributed networks that connect
heterogeneous devices and have dynamically changing topologies.
We solicit papers in all areas of global computing, including (but not limited to):
- languages, semantic models, and abstractions
- security, trust, and reliability
- privacy and information flow policies
- algorithms and protocols
- resource management
- model checking, theorem proving, and static analysis
- tool support
For more information, please see
http://www.cs.le.ac.uk/events/tgc2014/.
LightSEC 2014
3rd International Workshop on Lightweight Cryptography for Security & Privacy,
Istanbul, Turkey, September 1-2, 2014.
[posted here 04/28/14]
LightSEC 2014 promotes and initiates novel research on the security & privacy
issues for applications that can be termed as lightweight security, due to the associated
constraints on metrics such as available power, energy, computing ability, area, execution
time, and memory requirements. As such applications are becoming ubiquitous, providing
an immense value to society, they are also affecting a greater portion of the public &
leading to a plethora of economical & security and privacy related concerns. Topics
of interest include:
- Design, analysis and implementation of lightweight cryptographic protocols
- Cryptographic hardware development for constrained domains
- Security & privacy solutions for wireless embedded systems
- Lightweight privacy-preserving protocols & systems
- Design and analysis of fast and compact cryptographic algorithms
- Wireless network security for low-resource devices
- Low-power crypto architectures
- Scalable protocols and architectures for security and privacy
- Formal methods for analysis of lightweight cryptographic protocols
- Security and privacy issues in RFID and NFC
- Embedded systems security
- PUF based crypto protocols
- Security of ubiquitous and pervasive computing
- Side channel analysis and countermeasures on lightweight devices
- Efficient and scalable cryptographic protocols for the Next Generation Secure Cloud
For more information, please see
http://www.light-sec.org.
USENIX-Security 2014
23rd USENIX Security Symposium. USENIX Security,
San Diego, CA, USA, August 20-22, 2014.
[posted here 04/28/14]
The USENIX Security Symposium brings together researchers, practitioners, system
administrators, system programmers, and others interested in the latest advances in the security
and privacy of computer systems and networks.
All researchers are encouraged to submit papers covering novel and scientifically significant
practical works in computer security. Refereed paper submissions are solicited in all areas
relating to systems research in security and privacy, including but not limited to:
- Cloud computing security
- Cryptographic implementation analysis and construction, applied cryptography
- Distributed systems security
- Forensics and diagnostics for security
- Hardware security (Embedded systems security, Methods for
detection of malicious or counterfeit hardware, Randomness, Secure computer architectures,
Side channels)
- Human-computer interaction, security, and privacy
- Intrusion and anomaly detection and prevention
- Malware (Detection, mitigation, Malicious code analysis, anti-virus, anti-spyware)
- Mobile system security
- Network security (Botnets, Denial-of-service attacks and countermeasures, Network infrastructure security)
- Operating system security
- Privacy-enhancing technologies, anonymity
- Programming language security
- Public good (Research on computer security law and policy, Research on security education and training,
Research on social values, surveillance, and censorship)
- Security analysis (Analysis of network and security protocols, Attacks with novel insights, techniques, or results)
- Security applications (Security in critical infrastructures, Security in electronic voting,
Security in health care and medicine, Security in ubiquitous computing, sensors, actuators)
- Security economics, electronic commerce
- Security measurement studies (Large-scale measurement of fraud, malware, spam,
Large-scale measurement of human behavior and security)
- Security tools (Automated security analysis of hardware designs and implementation,
Automated security analysis of source code and binaries, program analysis,
Novel tools to improve the trustworthiness of computer systems)
- Storage security (Database security and privacy, File systems)
- Web security
- Wireless security
For more information, please see
https://www.usenix.org/conference/usenixsecurity14.
SAC 2014
Conference on Selected Areas in Cryptography,
Concordia University, Montreal, Quebec, Canada, August 14-15, 2014.
[posted here 04/28/14]
Authors are encouraged to submit original papers related to the following themes for the
SAC 2014 conference. Note that the first three are traditional SAC areas and the fourth
topic is intended to be the special focus for this year's conference:
- Design and analysis of symmetric key primitives and cryptosystems, including block and
stream ciphers, hash function, MAC algorithms, cryptographic permutations, and
Authenticated Encryption Schemes
- Efficient implementations of symmetric and public key algorithms
- Mathematical and algorithmic aspects of applied cryptology
- Algorithms for cryptography, cryptanalysis and their complexity analysis
For more information, please see
http://users.encs.concordia.ca/~youssef/SAC2014-WebSite/.
PLAS 2014
9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,
Uppsala, Sweden, July 29, 2014.
[posted here 03/03/14]
PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming
language and program analysis techniques to improve the security of software systems.
Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known
techniques in practical settings, and discussions of emerging threats and important problems.
The scope of PLAS includes, but is not limited to:
- Compiler-based security mechanisms or runtime-based security mechanisms such
as inline reference monitors
- Program analysis techniques for discovering security vulnerabilities
- Automated introduction and/or verification of security enforcement mechanisms
- Language-based verification of security properties in software, including
verification of cryptographic protocols
- Specifying and enforcing security policies for information flow and access control
- Model-driven approaches to security
- Security concerns for web programming languages
- Language design for security in new domains such as cloud computing and embedded platforms
- Applications, case studies, and implementations of these techniques
For more information, please see
http://researcher.ibm.com/researcher/view_project.php?id=5237.
PST 2014
12th Annual Conference on Privacy, Security and Trust,
Toronto, Canada, July 23-24, 2014.
[posted here 02/03/14]
PST2014 provides a forum for researchers world-wide to unveil their latest work in
privacy, security and trust and to show how this research can be used to enable
innovation. PST2014 topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic techniques for privacy preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and Physical
Social Systems
For more information, please see
http://pst2014.ryerson.ca.
SHPCS 2014
9th Workshop on Security and High Performance Computing Systems,
Held in conjunction with the International Conference on High Performance
Computing & Simulation (HPCS 2014),
Bologna, Italy, July 21 - July 25, 2014.
[posted here 02/03/14]
Providing high performance computing and security is a challenging
task. Internet, operating systems and distributed environments
currently suffer from poor security support and cannot resist common
attacks. Adding security measures typically degrade performance. This
workshop addresses relationships between security and high performance
computing systems in three directions.
First, it considers how to add security properties (authentication,
confidentiality, integrity, non-repudiation, access control) to high
performance computing systems and how they can be formally verified
both at design-time (formal verification) and at run-time (run-time
verification). In this case, safety properties can also be addressed,
such as availability and fault tolerance for high performance computing
systems. Second, it covers how to use high performance computing
systems to solve security problems. For instance, a grid computation
can break an encryption code, a cluster can support high performance
intrusion detection or a distributed formal verification system. More
generally, this topic addresses every efficient use of a high
performance computing systems to improve security. Third, it
investigates the tradeoffs between maintaining high performance and
achieving security in computing systems and solutions to balance the
two objectives. In all these directions, various formal analyses, as
well as performance analyses or monitoring techniques can be conducted
to show the efficiency of a security infrastructure.
The workshop seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of computer and
network security, as well as case studies and implementation experiences.
Papers should have practical relevance to the construction, evaluation,
application, or operation of secure systems.
For more information, please see
http://hpcs2014.cisedu.info/.
WiSec 2014
7th ACM Conference on Security and Privacy in Wireless and Mobile Networks,
Oxford, United Kingdom, July 21-25, 2014.
[posted here 10/4/13]
ACM WiSec has been broadening its scope and seeks to present high quality
research papers exploring security and privacy aspects of wireless communications,
mobile networks, and their applications. In addition to the traditional ACM WiSec
topics of physical, link, and network layer security, we welcome papers focusing
on the security and privacy of mobile software platforms, usable security and
privacy, biometrics and the increasingly diverse range of mobile or wireless
applications. The conference welcomes both theoretical as well as systems
contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive,
avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security
For more information, please see
http://www.sigsac.org/wisec/WiSec2014/.
RFIDSec 2014
10th Workshop on RFID Security,
Co-located with ACM WiSec 2014,
Oxford, United Kingdom, July 21-23, 2014.
[posted here 10/24/13]
RFIDsec is the premier workshop devoted to security and privacy in Radio
Frequency Identification (RFID) with participants throughout the world.
RFIDsec brings together researchers from academia and industry for topics
of importance to improving the security and privacy of RFID, NFC, contactless
technologies, and the Internet of Things. RFIDsec bridges the gap between
cryptographic researchers and RFID developers through invited talks and
contributed presentations. Topics of interest include:
- New applications for secure RFID, NFC and other constrained systems
- Resource-efficient implementations of cryptography
- Attacks on RFID systems (e.g. side-channel attacks, fault attacks, hardware tampering)
- Data protection and privacy-enhancing techniques
- Cryptographic protocols (e.g. authentication, key distribution, scalability issues)
- Integration of secure RFID systems (e.g. infrastructures, middleware and security)
- Data mining and other systemic approaches to RFID security
- RFID hardware security (e.g. Physical Unclonable Functions (PUFs), RFID Trojans)
- Case studies
For more information, please see
http://rfidsec2014.cis.uab.edu/.
CSF 2014
27th IEEE Computer Security Foundations Symposium,
Vienna University of Technology, Vienna, Austria, July 19 - 22, 2014.
[posted here 11/25/13]
The Computer Security Foundations Symposium is an annual conference
for researchers in computer security. CSF seeks papers on foundational
aspects of computer security, e.g., formal security models,
relationships between security properties and defenses, principled
techniques and tools for design and analysis of security mechanisms, as
well as their application to practice. While CSF welcomes submissions
beyond the topics listed below, the main focus of CSF is foundational
security: submissions that lack foundational aspects risk rejection.
New results in computer security are welcome. Possible topics include,
but are not limited to: access control, accountability, anonymity,
authentication, critical infrastructure security, cryptography, data
and system integrity, database security, decidability and complexity,
distributed systems, electronic voting, executable content, formal
methods and verification, game theory and decision theory,
hardware-based security, humans and computer security, information flow,
intrusion detection, language-based security, network security, novel
insights on attacks, privacy, provenance, resource usage control,
security for mobile computing, security models, security protocols,
software security, socio-technical security, trust management, usable
security, web security.
For more information, please see
http://csf2014.di.univr.it/.
PETS 2014
14th Privacy Enhancing Technologies Symposium,
Amsterdam, Netherlands, July 16-18, 2014.
[posted here 12/2/13]
The Privacy Enhancing Technologies Symposium (PETS) aims to advance
the state of the art and foster a world-wide community of researchers
and practitioners to discuss innovation and new perspectives.
Suggested topics include but are not restricted to:
- Behavioral targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography,
psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and micro-blogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools
- Usability and user-centered design for PETs
For more information, please see
http://petsymposium.org/.
DBSec 2014
28th Annual IFIP WG 11.3 Working Conference on Data and Applications
Security and Privacy,
Vienna Technical University, Vienna, Austria, July 14-16, 2014.
[posted here 02/03/14]
The 28th Annual IFIP WG 11.3 Working Conference on Data and Applications
Security and Privacy provides a forum for presenting original unpublished research
results, practical experiences, and innovative ideas in data and applications
security and privacy. Papers and panel proposals are also solicited.
Papers may present theory, techniques, applications, or practical experience
on topics of relevance to IFIP WG 11.3:
- access control
- anonymity
- applied cryptography in data security
- authentication
- crowdsourcing for privacy and security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- knowledge discovery and privacy
- methodologies for data and application security and privacy
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in IT outsourcing
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
For more information, please see
http://dbsec2014.sba-research.org.
PIR 2014
Privacy-Preserving IR Workshop: When Information Retrieval Meets Privacy and Security,
Held in conjunction with ACM SIGIR 2014,
Gold Coast, Australia, July 11 2014.
[posted here 04/07/14]
With the emergence of online social networks and the growing popularity of digital communication,
more and more information about individuals is becoming available on the Internet. While
much of this information is not sensitive, it is not uncommon for users to publish sensitive
information online, especially on social networking sites. The availability of this publicly accessible
and potentially sensitive data can lead to abuse and expose users to stalking and identity theft.
An adversary can digitally "stalk" a victim (a Web user) and discover as much information as
possible about the victim, either through direct observation of posted information or by inferring
knowledge using simple inference logic. Information retrieval and information privacy/security are
two fast-growing computer science disciplines. Information retrieval provides a set of information
seeking, organization, analysis, and decision-making techniques. Information privacy/security
defends information from unauthorized or malicious use, disclosure, modification, attack, and
destruction. The two disciplines often appear as two areas with opposite goals: one is to seek
information from large amounts of materials, the other is to protect (sensitive) information from
being found out. On the other hand, there are many synergies and connections between these
two disciplines. For example, information retrieval researchers or practitioners often need to
consider privacy or security issues in designing solutions of information processing and management,
while researchers in information privacy and security often utilize information retrieval techniques
when they build the adversary models to simulate how the adversary can actively seek sensitive
information. However, there have been very limited efforts to connect the two important disciplines.
In addition, due to lack of mature techniques in privacy-preserving information retrieval, concerns
about information privacy and security have become serious obstacles that prevent valuable user
data to be used in IR research such as studies about query logs, social media, tweets, session
analysis, and medical record retrieval. For instance, the recent TREC Medical Record Retrieval
Tracks are halted because of the privacy issue and the TREC Microblog Tracks could not provide
participants with a standard testbed of tweets for system development. The situation needs to
be improved in a timely manner. All these motive this "privacy-preserving IR" workshop in
SIGIR.
For more information, please see
http://cs-sys-1.uis.georgetown.edu/~sz303/sigir2014-pir-workshop/.
DIMVA 2014
11th International Conference on Detection of Intrusions and Malware
& Vulnerability Assessment,
Royal Holloway London, Egham, UK, July 10-11, 2014.
[posted here 11/6/13]
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and vulnerability
assessment. Each year, DIMVA brings together international experts from academia,
industry, and government to present and discuss novel research in these areas.
DIMVA is organized by the special interest group "Security - Intrusion Detection
and Response" (SIDAR) of the German Informatics Society (GI). The conference
proceedings will appear as a volume in the Springer Lecture Notes in Computer
Science (LNCS) series (approval pending).
DIMVA encourages submissions from the following broad areas:
Intrusion Detection
- Novel approaches and domains
- Insider detection
- Prevention and response
- Data leakage and exfiltration
- Result correlation and cooperation
- Evasion and other attacks
- Potentials and limitations
- Operational experiences
Malware Detection
- Automated analyses
- Behavioral models
- Prevention and containment
- Infiltration
- Acquisition and monitoring
- Forensics and recovery
- Underground economy
Vulnerability Assessment
- Vulnerability detection
- Vulnerability prevention
- Fuzzing techniques
- Classification and evaluation
- Situational awareness
For more information, please see
http://www.dimva.org/dimva2014.
SOUPS 2014
Symposium On Usable Privacy and Security,
In-cooperation with USENIX,
Menlo Park, CA, USA, July 9-11, 2014.
[posted here 12/2/13]
The 2014 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners
in human computer interaction, security, and privacy. The program will
feature technical papers, a poster session, panels and invited talks,
lightning talks and demos, and workshops and tutorials. This year
SOUPS will be held at Facebook in Menlo Park, CA.
We invite authors to submit original papers describing research or
experience in all areas of usable privacy and security. Topics
include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of new or existing security or privacy features,
- security testing of new or existing usability features,
- longitudinal studies of deployed security or privacy features,
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and security features,
- reports of replicating previously published studies and experiments,
- reports of failed usable security studies or experiments, with the
focus on the lessons learned from such experience.
For more information, please see
http://cups.cs.cmu.edu/soups/.
WAY 2014
Workshop: Who are you?! Adventures in Authentication,
Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2014),
Menlo Park, CA, USA, July 9, 2014.
[posted here 05/05/14]
Our most common method of authentication continues to be based on the assumption of a
person using a desktop computer and keyboard, or a person authenticating to their mobile
phone. There has been an implicit assumption that the effort of authenticating, both in terms
of elapsed time, user actions, cognitive load and impact on a user's primary task, will be
amortized over a relatively long lifetime of the authenticated session with the system,
application or service. As computing moves into new environments, including mobile and
embedded systems, these assumptions may no longer be valid. The user's primary task
may be tending to a patient, driving a car, operating heavy machinery, or interacting with
friends and colleagues via mobile apps. Due to the nature of user interaction in these new
computing environments, and new threat models, methods of authenticating are needed
that are both robust, easy to use, and minimize impact on the user's primary task. The
time / cost of authentication needs to be commensurate with the level of engagement
with these kinds of systems and applications. The purpose of this workshop is to bring
together researchers and practitioners to share experiences, concerns, and ideas about
known and new authentication techniques. We are interested in discussing methods of
evaluating the impact and usability of various authentication techniques, and ideas
about novel authentication techniques that are secure, robust and usable.
For more information, please see
https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html .
ACISP 2014
19 Australasian Conference on Information Security and Privacy,
Wollongong, NSW, Australia, July 7-9, 2014.
[posted here 02/03/14]
Original papers pertaining to all aspects of information security and privacy are solicited
for submission to the 19th Australasian Conference on Information Security and Privacy
(ACISP 2014). Papers may present theory, techniques, applications and practical
experiences on a variety of topics. The proceedings will be published by
Springer-Verlag as a volume of the Lecture Notes in Computer Science series.
The extended version of the selected papers from ACISP 2014 will be invited to the special
issue of International Journal of Information Security (IJIS) International Journal of Applied Cryptography.
We seek submissions from academic and industrial researchers on all theoretical and practical
aspects of information security. Suggested topics include, but are not restricted to, the following:
- Cryptography
- Network Security
- Copyright Protection
- Mobile Communications Security
- Secure Commercial Applications
- Security Architectures and Models
- Database Security
- Privacy Technologies
- Authentication and Authorization
- Smartcards
- Software Protection and Malware
- Distributed System Security
- Computer Forensic
- Key Management and Auditing
- Secure Operating System
- Secure Electronic Commerce
- Biometrics
- Secure Cloud Computing
For more information, please see
https://ssl.informatics.uow.edu.au/acisp2014/.
TRUST 2014
7th International Conference on Trust & Trustworthy Computing,
Hersonissos, Crete, Greece, June 30 - July 2, 2014.
[posted here 03/03/14]
TRUST 2014 is an international conference on the technical and socio-economic aspects
of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers,
practitioners, and decision makers to explore new ideas and discuss experiences in building,
designing, using and understanding trustworthy computing systems.
Topics of interest include, but are not limited to:
- Architecture and implementation technologies for trusted platforms and
trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing (including resilience)
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware
- Security hardware with cryptographic and security functions, physically unclonable functions (PUFs)
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing
- The role of trust in human-computer interactions
- Usability and user perceptions of trustworthy systems and risks
- Patterns of trust practices in human-computer interactions
- Effects of trustworthy systems upon user, corporate, and governmental behavior
- The impact of trustworthy systems in enhancing trust in cloud-like infrastructures
- The adequacy of guarantees provided by trustworthy systems for systems critically
dependent upon trust, such as elections and government oversight
- The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy systems
- Approaches to model and simulate scenarios of how trustworthy systems would be
used in corporate environments and in personal space
- Economic drivers for trustworthy systems in corporate environment
- Experimental economics studies of trustworthiness
- The interplay between privacy, privacy enhancing technologies and trustworthy systems
- Evaluation of research methods used in the research of trustworthy and trusted computing
- Critiques of trustworthy systems
- Metrics of trust
- Privacy Aspects of Trust Computing
- Engineering Processes for Trustworthy Computing
For more information, please see
http://www.ics.forth.gr/trust2014/.
WISTP 2014
8th Workshop in Information Security Theory and Practice,
Heraklion, Greece, June 30 - July 2, 2014.
[posted here 11/18/13]
Future ICT technologies, such as the concepts of Ambient Intelligence,
Cyber-physical Systems and Internet of Things provide a vision of the Information
Society in which: a) people and physical systems are surrounded with intelligent
interactive interfaces and objects, and b) environments are capable of recognising
and reacting to the presence of different individuals or events in a seamless,
unobtrusive and invisible manner. The success of future ICT technologies will
depend on how secure these systems may be, to what extent they will protect
the privacy of individuals and how individuals will come to trust them. WISTP 2014
aims to address security and privacy issues of smart devices, networks, architectures,
protocols, policies, systems, and applications related to Internet of Things, along
with evaluating their impact on business, individuals, and the society.
The workshop seeks original submissions from academia and industry presenting novel
research on all theoretical and practical aspects of security and privacy of Internet of
Things, as well as experimental studies of fielded systems, the application of security
technology, the implementation of systems, and lessons learned. We encourage
submissions from other communities such as law, business, and policy that present
these communities' perspectives on technological issues. Topics of interest include,
but are not limited to:
Security and Privacy in Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- Mobile Malware
- Mobile OSes Security Analysis
- New Applications for Secure RFID Systems
- RFID Systems
- Smart Card
- Smart Devices Applications
- Wireless Sensor Node
Security and Privacy in Networks
- Ad Hoc Networks
- Delay-Tolerant Network
- Domestic Network
- GSM/GPRS/UMTS Systems
- Peer-to-Peer Networks
- Security Issues in Mobile and Ubiquitous Networks
- Sensor Networks: Campus Area, Body Area, Sensor and Metropolitan Area Networks
- Vehicular Network
- Wireless Communication: Bluetooth, NFC, WiFi, WiMAX, others
Security and Privacy in Architectures, Protocols, Policies, Systems and Applications
- BYOD Contexts
- Cloud-enhanced Mobile Security
- Critical Infrastructure (e.g. for Medical or Military Applications)
- Cyber-Physical Systems
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Lightweight cryptography
- Localization Systems (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human)
- Mobile Commerce
- Multimedia Applications
- Public Administration and Governmental Services
- Pervasive Systems
- Privacy Enhancing Technologies
- Secure self-organization and self-configuration
- Security Models, Architecture and Protocol: for Identification and Authentication,
Access Control, Data Protection
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Measurements
- Smart Cities
- Systems Controlling Industrial Processes
For more information, please see
http://www.wistp.org/.
DASec 2014
1st International Workshop on Big Data Analytics for Security,
Held in conjunction with ICDCS 2014,
Madrid, Spain, June 30 - July 3, 2014.
[posted here 01/13/14]
In the last 10 years we have witnessed a strong integration of several
human activities with computers and digital networks. This has led to an
interconnected economy, where interactions occur through the mediation of
networked devices. The openness of this scenario was instrumental in creating
new business opportunities. However, it has also paved the way to new forms of
criminal activities that, while happening in the cyber domain, have strong implications
in the real world. The current trend towards an Internet of Things will possibly
worsen this scenario. In this context, private companies and public bodies struggle
to defend their businesses against a deluge of attacks spanning from complex online
frauds to malicious scanning activities of their IT infrastructures. As attacks continue
to grow in complexity, classic "border-control" approaches to system security quickly
prove to be ineffective, calling for an investigation into new methodologies and solutions.
At the same time, ongoing research efforts on "Big Data" systems are devising new
and innovative methodologies to manage and analyze large amounts of data with
the aim of recognizing specific patterns and behaviors.
The First International Workshop on Big Data Analytics for Security aims to bring
together people from both academia and industry to present their most recent
work related to trust, security and privacy issues in big data analytics, together
with application of big data technologies in the field of security. The purpose is to
establish if and how large-scale data analytics technologies can help in creating
new security solutions for today's complex IT infrastructures.
For more information, please see
http://www.dis.uniroma1.it/~dasec/.
SPE 2014
4th International Workshop on Security and Privacy Engineering,
Co-located with IEEE SERVICES 2014,
Anchorage, Alaska, USA, June 27 - July 2, 2014.
[posted here 02/03/14]
Built upon the success of spectrum of conferences within the IEEE World Congress on Services,
the Security and Privacy Engineering (SPE 2014) workshop is a unique place to exchange ideas
of engineering secure systems in the context of service computing, cloud computing, and big
data analytics. The emphasis on engineering in security and privacy of services differentiates
the workshop from other traditional prestigious security and privacy workshops, symposiums,
and conferences. The practicality and value realization are examined by practitioners from
leading industries as well as scientists from academia.
In line with the engineering spirit, we solicit original papers on building secure service
systems that can be applied to government procurement, digital medical records, cloud
environments, social networking for business purposes, multimedia application, mobile commerce,
education, and the like. Potential contributions could cover, but are not limited to,
methodologies, protocols, tools, or verification and validation techniques. We also welcome
review papers that analyze critically the status of current Security and Privacy (S&P) in a
specific area. Papers from practitioners who encounter security and privacy problems and seek
understanding are also welcome.
For more information, please see
http://sesar.dti.unimi.it/SPE2014/.
SACMAT 2014
19th ACM Symposium on Access Control Models and Technologies,
London, Ontario, Canada, June 25-27, 2014.
[posted here 12/2/13]
Papers offering novel research contributions in all aspects of access control are
solicited for submission to the 19th ACM Symposium on Access Control Models and
Technologies (SACMAT 2014).
We have expanded the scope to include several new topics that have relevance to
access control. These include cyber-physical systems, applications, systems,
hardware, cloud computing, and usability. The Program Committee for this year
reflects this expanded scope.
- Administration
- Applications
- Attribute-based systems
- Authentication
- Biometrics
- Cryptographic approaches
- Cyber-physical systems
- Design methodology
- Distributed, cloud, and mobile systems
- Economic models and game theory
- Enforcement
- Hardware enhanced
- Identity management
- Mechanisms, systems, and tools
- Models and extensions
- Obligations
- Policy engineering and analysis
- Requirements
- Risk
- Safety analysis
- Standards
- Theoretical foundations
- Trust management
- Usability
For more information, please see
http://www.sacmat.org.
WEIS 2014
13th Annual Workshop on the Economics of Information Security,
Pennsylvania State University, PA, USA, June 23-24, 2014.
[posted here 11/25/13]
The Workshop on the Economics of Information Security (WEIS) is the leading forum
for interdisciplinary scholarship on information security and privacy, combining expertise
from the fields of economics, social science, business, law, policy, and computer
science. Prior workshops have explored the role of incentives between attackers
and defenders of information systems, identified market failures surrounding Internet
security, quantified risks of personal data disclosure, and assessed investments in
cyber-defense. The 2014 workshop will build on past efforts using empirical and
analytic tools not only to understand threats, but also to strengthen security and
privacy through novel evaluations of available solutions. We encourage economists,
computer scientists, legal scholars, business school researchers, security and
privacy specialists, as well as industry experts to submit their research and
participate by attending the workshop. Suggested topics include (but are not
limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime (including botnets, phishing, and spam)
- Risk management and cyber-insurance
- Security standards and regulation
- Cyber-security and privacy policy
- Security and privacy models and metrics
- Economics of privacy and anonymity
- Behavioral security and privacy
- Vulnerability discovery, disclosure, and patching
- Cyber-defense strategy and game theory
- Incentives for information sharing and cooperation
For more information, please see
http://weis2014.econinfosec.org/.
ICC-CISS 2014
IEEE International Conference on Communications,
Communications and Information Systems Security Symposium,
Sydney, Australia, June 16-20, 2014.
[posted here 09/02/13]
The Communications and Information Systems Security Symposium (CISS) will
focus on all aspects of security, privacy, trust, and risk management, which
pose a serious challenge to today's globally connected society. The symposium
welcomes novel contributions on evaluation, modeling, analysis, and design of
communication and information systems security solutions, from the physical layer
to the application layer. In addition, this year's CISS puts a stronger emphasis on
network oriented security and privacy, such as security related topics of cloud
computing, networking related security in Big Data, IoT, and so on. To ensure
complete coverage of the advances in communication and information systems
security, the topics of interest of the CISS include, but are not limited to,
the following areas:
- Anonymity, anonymous communication, metrics and their performance analysis
- Authentication protocols and message authentication
- Authorization and access control
- Availability and survivability of secure services and systems
- Big Data security and privacy
- Biometric security
- Botnet detection, prevention, and defense
- Cloud and distributed application security
- Computer and network forensics
- Cryptography and evaluation
- Data center security
- Firewall technologies; intrusion detection, localization, and avoidance
- Formal trust models, security modeling and protocol design
- Key distribution and management
- Lightweight security
- Location-based services and their security and privacy aspects
- Mobile and Wireless network security
- Mobile App security and privacy
- Multi-mode surveillance and homeland security
- Network public opinion analysis and monitoring
- Network security metrics and their performance evaluation
- Operating systems and application security and analysis tools
- Online Social Networks and their security aspects
- Physical security and hardware/software security
- Privacy and privacy enhancing technologies
- Quantum cryptography and communication applications
- Resource allocation, incentives, and game-theoretic approaches
- Security in virtual machine environments
- Security in wired systems and optical networks
- Security of Cyber-physical systems
- Security risk management
- Trust models, management and certificate handling
- Virtual private networks and group security
- Vulnerability, exploitation tools and virus analysis
- Web, e-commerce, and m-commerce security
For more information, please see
http://www.ieee-icc.org/2014.
IFIP-SEC 2014
29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and
Privacy Protection,
Marrakech, Morocco, June 2-4, 2014.
[posted here 11/18/13]
This conference is the flagship event of the International Federation for Information
Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information
Processing Systems (TC-11, www.ifiptc11.org).
We seek submissions from academia, industry, and government presenting novel
research on all theoretical and practical aspects of security and privacy protection
in ICT Systems. Topics of interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Cloud and big data security
- Critical Infrastructure Protection
- Data and Applications Security
- Digital Forensics
- Human Aspects of Information Security and Assurance
- Identity Management
- Information Security Education
- Information Security Management
- Information Technology Mis-Use and the Law
- Managing information security functions
- Mobile security
- Multilateral Security
- Network & Distributed Systems Security
- Pervasive Systems Security
- Privacy protection
- Trust Management
- Audit and risk analysis
For more information, please see
http://www.ensa.ac.ma/sec2014/.
SP 2014
35th IEEE Symposium on Security and Privacy,
San Jose, CA, USA, May 18-21, 2014.
[posted here 09/02/13]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier
forum for computer security research, presenting the latest developments and
bringing together researchers and practitioners. We solicit previously unpublished
papers offering novel research contributions in any aspect of security or privacy.
Papers may present advances in the theory, design, implementation, analysis,
verification, or empirical evaluation and measurement of secure systems.
Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy
This topic list is not meant to be exhaustive; S&P is interested in all aspects
of computer security and privacy. Papers without a clear application to security
or privacy, however, will be considered out of scope and may be rejected without
full review.
Given the rapidly expanding and maturing security and privacy community, we hope to
increase the acceptance rate of papers that are more "far-reaching" and "risky," as long
as those papers also show sufficient promise for creating interesting discussions and
questioning widely-held beliefs.
Systematization of Knowledge Papers: Following the success of the previous
year’s conferences, we are also soliciting papers focused on systematization of knowledge
(SoK). The goal of this call is to encourage work that evaluates, systematizes, and
contextualizes existing knowledge. These papers can provide a high value to our community
but may not be accepted because of a lack of novel research contributions. Suitable
papers include survey papers that provide useful perspectives on major research areas,
papers that support or challenge long-held beliefs with compelling evidence, or papers
that provide an extensive and realistic evaluation of competing approaches to solving
specific problems. Submissions are encouraged to analyze the current research
landscape: identify areas that have enjoyed much research attention, point out
open areas with unsolved challenges, and present a prioritization that can guide
researchers to make progress on solving important challenges. Submissions will be
distinguished by the prefix “SoK:” in the title and a checkbox on the submission form.
They will be reviewed by the full PC and held to the same standards as traditional
research papers, except instead of emphasizing novel research contributions the
emphasis will be on value to the community. Accepted papers will be presented
at the symposium and included in the proceedings.
For more information, please see
http://www.ieee-security.org/TC/SP2014/cfp.html.
LangSec 2014
A Workshop on Language Theoretic Security,
Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014),
San Jose, CA, USA, May 18, 2014.
[posted here 02/03/14]
The LangSec workshop solicits contributions of research papers and panel proposals
related to the growing area of language-theoretic security. Language-theoretic
security (LangSec) is a design and programming philosophy that focuses on formally
correct and verifiable input handling throughout all phases of the software development
lifecycle. In doing so, it offers a practical method of assurance of software free from
broad and currently dominant classes of bugs and vulnerabilities related to incorrect
parsing and interpretation of messages between software components (packets,
protocol messages, file formats, function parameters, etc.). LangSec aims to (1)
produce verifiable recognizers, free of typical classes of ad-hoc parsing bugs, (2)
produce verifiable, composable implementations of distributed systems that ensure
equivalent parsing of messages by all components and eliminate exploitable differences
in message interpretation by the elements of a distributed system, and (3) mitigate
the common risks of ungoverned development by explicitly exposing the processing
dependencies on the parsed input.
For more information, please see
http://spw14.langsec.org/.
W2SP 2014
WEB 2.0 Security and Privacy Workshop,
Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014),
San Jose, CA, USA, May 18, 2014.
[posted here 02/03/14]
W2SP brings together researchers, practitioners, web programmers, policy makers,
and others interested in the latest understanding and advances in the security and
privacy of the web, browsers, cloud, mobile and their eco-system. We have had seven
years of successful W2SP workshops. This year, we will additionally invite selected
papers to a special issue of the journal. W2SP is held in conjunction with the IEEE
Symposium on Security and privacy, which will take place from May 18-21, 2014, at
the Fairmont Hotel in San Jose, California. W2SP will continue to be open-access: all
papers will be made available on the workshop website, and authors will not need to
forfeit their copyright. We are seeking both short position papers (2-4 pages) and
longer papers (a maximum of 10 pages). Papers must be formatted for US letter
(not A4) size paper with margins of at least 3/4 inch on all sides. The text must be
formatted in a two-column layout, with columns no more than 9 in. high and 3.375 in.
wide. The text must be in Times font, 10-point or larger, with 12-point or larger line
spacing. Authors are encouraged to use the IEEE conference proceedings templates.
The scope of W2SP 2014 includes, but is not limited to:
- Analysis of Web, Cloud and Mobile Vulnerabilities
- Forensic Analysis of Web, Cloud and Mobile Systems
- Security Analysis of Web, Cloud and Mobile Systems
- Advances in Penetration Testing
- Advances in (SQL/code) Injection Attacks
- Trustworthy Cloud-based, Web and Mobile services
- Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems
- Security and Privacy as a Service
- Usable Security and Privacy
- Security and Privacy Solutions for the Web, Cloud and Mobile
- Identity Management, Psuedonymity and ANonymity
- Security/Privacy Web Services/Feeds/Mashups
- Provenance and Governance
- Security and Privacy Policy Management for the Web, Cloud and Mobile
- Next-Generation Web/Mobile Browser Technology
- Security/Privacy Extensions and Plug-ins
- Online Privacy and Security frameworks
- Advertisement and Affiliate fraud
- Studies on Understanding Web/Cloud/Mobile Security and Privacy
- Technical Solutions for Security and Privacy legislation
- Solutions for connecting the Business, Legal, Technical and Social aspects on
Web/Cloud/Mobile Security and Privacy.
- Technologies merging Economics with Security/Privacy
- Innovative Security/Privacy Solutions for Industry Verticals
For more information, please see
https://www.easychair.org/conferences/?conf=w2sp2014 .
CREDS 2014
2nd Cyber-security Research Ethics Dialog & Strategy,
Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014),
San Jose, CA, USA, May 18, 2014.
[posted here 02/03/14]
The future of online trust, innovation & self-regulation is threatened by a widening
gap between users' expectations, formed by laws and norms, and the capacity for
great benefits and harms generated by technological advances. As this gap widens,
so too does ambiguity between asserted rights and threats. How do we close this
gap and thereby lower risks, while also instilling trust in online activities? The solution
embraces fundamental principles of ethics to guide our decisions in the midst of
information uncertainty. One context where this solution is germinating is cybersecurity
research. Commercial and public researchers and policymakers are tackling novel ethical
challenges that exert a strong influence for online trust dynamics. These challenges are
not exceptional, but increasingly the norm: (i) to understand and develop effective
defenses to significant Internet threats, researchers infiltrate malicious botnets; (ii)
to understand Internet fraud (phishing) studies require that users are unaware they
are being observed in order to ascertain typical behaviors; and (iii) to perform
experiments measuring Internet usage and network characteristics that require access
to sensitive network traffic. This workshop anchors off of discussions, themes,
and momentum generated from the inaugural CREDS 2013 workshop. Specifically, it
targets the shifting roles, responsibilities, and relationships between Researchers,
Ethical Review Boards, Government Agencies, Professional Societies, and Program
Committees in incentivizing and overseeing ethical research. Its objective is to spawn
dialogue and practicable solutions around the following proposition: Building a more
effective research ethics culture is a prerequisite for balancing research innovation
(i.e., academic freedom, reduced burdens and ambiguities) with public trust (i.e.,
respect for privacy and confidentiality, accountability, data quality), so we explore
the pillars of such a culture as well as the strategies that might be adopted to
incorporate them into research operations. CREDS II invites case studies, research
experience and position papers that explore the following questions:
- What can we learn from other domains that struggle with ethical issues?
- What leadership should be engaged (i.e., institutional, government, peer groups),
and what should their respective roles and responsibilities be?
- What education and awareness is needed?
- What information sharing/coordination needs to be improved: among researchers,
among oversight entities, and between researchers and oversight entities?
- What knowledge and technology-transfer mechanisms can meet stated needs?
For more information, please see
http://www.caida.org/workshops/creds/1405/.
IWCC 2014
International Workshop on Cyber Crime,
Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014),
Fairmont Hotel, San Jose, CA, USA, May 17-18, 2014.
[posted here 12/2/13]
Today's world's societies are becoming more and more dependent on open networks
such as the Internet - where commercial activities, business transactions and
government services are realized. This has led to the fast development of new
cyber threats and numerous information security issues which are exploited by
cyber criminals. The inability to provide trusted secure services in contemporary
computer network technologies has a tremendous socio-economic impact on
global enterprises as well as individuals. Moreover, the frequently occurring
international frauds impose the necessity to conduct the investigation of facts
spanning across multiple international borders. Such examination is often subject
to different jurisdictions and legal systems. A good illustration of the above
being the Internet, which has made it easier to perpetrate traditional crimes. It
has acted as an alternate avenue for the criminals to conduct their activities,
and launch attacks with relative anonymity. The increased complexity of the
communications and the networking infrastructure is making investigation of the
crimes difficult. Traces of illegal digital activities are often buried in large volumes
of data, which are hard to inspect with the aim of detecting offences and collecting
evidence. Nowadays, the digital crime scene functions like any other network,
with dedicated administrators functioning as the first responders. This poses new
challenges for law enforcement policies and forces the computer societies to utilize
digital forensics to combat the increasing number of cybercrimes. Forensic
professionals must be fully prepared in order to be able to provide court admissible
evidence. To make these goals achievable, forensic techniques should keep pace
with new technologies. The aim of this workshop is to bring together the research
accomplishments provided by the researchers from academia and the industry.
The other goal is to show the latest research results in the field of digital forensics
and to present the development of tools and techniques which assist the investigation
process of potentially illegal cyber activity. We encourage prospective authors to
submit related distinguished research papers on the subject of both: theoretical
approaches and practical case reviews. The workshop will be accessible to both
non-experts interested in learning about this area and experts interesting in
hearing about new research and approaches.
Topics of interest include, but are not limited to:
- Cyber crimes: evolution, new trends and detection
- Cyber crime related investigations
- Computer and network forensics
- Digital forensics tools and applications
- Digital forensics case studies and best practices
- Privacy issues in digital forensics
- Network traffic analysis, traceback and attribution
- Incident response, investigation and evidence handling
- Integrity of digital evidence and live investigations
- Identification, authentication and collection of digital evidence
- Anti-forensic techniques and methods
- Watermarking and intellectual property theft
- Social networking forensics
- Steganography/steganalysis and covert/subliminal channels
- Network anomalies detection
- Novel applications of information hiding in networks
- Political and business issues related to digital forensics and anti-forensic techniques
For more information, please see
http://stegano.net/IWCC2014/.
MOST 2014
Mobile Security Technologies Workshop,
An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014),
Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014),
San Jose, CA, USA, May 17, 2014.
[posted here 01/13/14]
Mobile Security Technologies (MoST) brings together researchers, practitioners,
policy makers, and hardware and software developers of mobile systems to explore
the latest understanding and advances in the security and privacy for mobile
devices, applications, and systems. We are seeking both short position papers
(2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST
2014 includes, but is not limited to, security and privacy specifically for mobile
devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies
For more information, please see
http://mostconf.org/2014/cfp.html.
SPW 2014
IEEE TCSP - Workshops of Security and Privacy (SPW),
Co-located with IEEE Symposium on Security and Privacy (SP 2014),
San Jose, California, USA, May 17-18, 2014.
[posted here 09/02/13]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier
forum for the presentation of developments in computer security and electronic
privacy, and for bringing together researchers and practitioners in the field.
In order to further expand the opportunities for scientific exchanges, we created a new
venue within the IEEE CS Technical Committee on Security and Privacy called Security
and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a
specific aspect of security and privacy in more detail, making it easy for the participants
to attend IEEE SP and a specialized workshop at IEEE SPW with just one trip. Furthermore,
the co-location offers synergies for the organizers. The workshops are
co-located with the IEEE Security and Privacy Symposium. We have had some workshops steadily
co-located with IEEE SP the last few years; the success and popularity of these
workshops has led to us formalizing the process and expanding our scope.
Workshops can be annual events (e.g. W2SP), one time events, or aperiodic.
For more information, please see
http://www.ieee-security.org/TC/SPW2014.
COSADE 2014
5th International Workshop on Constructive Side-Channel Analysis and Secure Design,
Paris, France, April 14-15, 2014.
[posted here 10/27/13]
Side-channel analysis (SCA) and implementation attacks have become an important
field of research at universities and in the industry. In order to enhance the resistance
of cryptographic and security critical implementations within the design phase,
constructive attacks and analyzing techniques may serve as a quality metric to
optimize the design and development process. Since 2010, COSADE provides an
international platform for researchers, academics, and industry participants to present
their work and their current research topics. It is an excellent opportunity to
exchange on new results with international experts and to initiate new collaborations
and information exchange at a professional level. The workshop will feature both
invited presentations and contributed talks.
The topics of COSADE 2014 include, but are not limited to:
- Constructive side-channel analysis and implementation attacks
- Semi-invasive, invasive and fault attacks
- Leakage models and security models for side-channel analysis
- Cache-attacks and micro-architectural analysis
- Decapsulation and preparation techniques
- Side-channel based reverse engineering
- Leakage Resilient Implementations
- Evaluation methodologies for side-channel resistant designs
- Secure designs and countermeasures
- Evaluation platforms and tools for testing side-channel characteristics
For more information, please see
http://www.cosade.org.
HotSoS 2014
Symposium and Bootcamp on the Science of Security,
Raleigh, North Carolina, USA, April 8-9, 2014.
[posted here 09/23/13]
Security has been intensively studied, however, previous research has often emphasized the
engineering of specific solutions and attacks without developing the scientific understanding
of the problem domain. All too often, security research focuses on responding to specific
threats in an apparently ad hoc manner. The motivation behind the nascent Science of
Security is to understand how computing systems are architected, built, used, and
maintained with a view to understanding and addressing security challenges
systematically across their life cycle. In particular, two features distinguish the
Science of Security from other research programs on security: scope and approach:
- Scope: The Science of Security considers not just computational artifacts, but
incorporates the human, social, and organizational aspects of computing within its purview.
- Approach: The Science of Security takes a decidedly scientific approach, based on
the understanding of empirical evaluation and theoretical foundations as developed in
the natural and social sciences, but adapted as appropriate for the artificial science
(in Herb Simon's term) that is computing.
For more information, please see
http://www.csc2.ncsu.edu/conferences/hotsos.
POST 2014
3rd Conference on Principles of Security and Trust,
Grenoble, France, April 7–11, 2014.
[posted here 05/13/13]
Principles of Security and Trust is a broad forum related to the theoretical and foundational
aspects of security and trust. Papers of many kinds are welcome: new theoretical results,
practical applications of existing foundational ideas, and innovative theoretical approaches
stimulated by pressing practical problems.
We seek submissions proposing theories to clarify security and trust within computer science;
submissions establishing new results in existing theories; and also submissions raising
fundamental concerns about existing theories. We welcome new techniques and tools to
automate reasoning within such theories, or to solve security and trust problems. Case
studies that reflect the strengths and limitations of foundational approaches are also
welcome, as are more exploratory presentations on open questions.
Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security
For more information, please see
http://www.etaps.org/2014/post-2014.
SAC-SEC 2014
29th ACM Symposium on Applied Computing,
Computer Security track,
Gyeongju, Korea, March 24-28, 2014.
[posted here 07/15/13]
For the past twenty-eight years, the ACM Symposium on Applied Computing has been
a primary gathering forum for applied computer scientists, computer engineers,
software engineers, and application developers from around the world.
The Security Track reaches its thirteenth edition this year, thus appearing
among the most established tracks in the Symposium. The list of issues remains
vast, ranging from protocols to work-flows. Topics of interest include
but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-DoS tools, firewalls, real-time monitoring,
mobile networks, sensor networks, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability
testing, fault-injection resilience, etc.)
- privacy and anonymity (trust management, pseudonymity, identity
management, electronic voting, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation,
intellectual property, etc.)
- security management and usability issues (security configuration,
policy management, usability trials etc.)
- workflow and service security (business processes, web services, etc.)
- security in cloud computing and virtualised environments
For more information, please see
http://www.dmi.unict.it/~giamp/sac/cfp2014.php.
SESOC 2014
6th International Workshop on Security and Social Networking,
Held in conjunction with PerCom 2014,
Budapest, Hungary, March 24, 2014.
[posted here 09/02/13]
The number of profiles on Social Networking Services, like Facebook,
Google-Plus, Snapchat, or Twitter have grown to account for a third of
the world's population. Acting as convenient link collections and
(group) communication media, they have evolved to central hubs for Web browsing
and Internet use. Encouraging their subscribers to publish self-descriptive and user-generated
content, usually covering topics, events, and opinions corresponding to their personal
environment, these services have become collections of highly detailed profiles of them.
A paramount paradigm change is a near to perfect identifiability of their subscribers, who
are forced to register using their clear names, instead of pseudonyms or throwaway
accounts in previous forums. The extent of information gathered about their subscribers
additionally allows the providers to check the credibility of the chosen handles and even
re-identify users who have chosen pseudonyms. While SNS previously have largely been
walled-gardens, the current development sees an extending integration with the conventional Web.
This both opens their content and interaction functions to become a social layer, and allows
the providers to even better track their users behavior and activities on the Web. The subscribers
additionally increasingly use their mobile applications, thus exposing even their whereabouts and
communication patterns beyond their activities on the Web.
These services, while offering extensive chances for enhanced communication between
their subscribers raise entirely new privacy concerns. They hence require new reflections
on security goals and services, and to revisit previously seemingly well understood
solutions for confidentiality, trust establishment, key management, or cooperation enforcement.
The aim of SESOC 2014 hence is to encompass research advances in all areas of security,
trust and privacy in pervasive communication systems with a special focus on the social
aspects of the services.
For more information, please see
http://www.sesoc.org.
FC 2014
18th Financial Cryptography and Data Security Conference,
Accra Beach Hotel & Spa, Barbados, March 3-7, 2014.
[posted here 09/25/13]
Financial Cryptography and Data Security is a major international
forum for research, advanced development, education, exploration,
and debate regarding information assurance, with a specific focus on
financial, economic and commercial transaction security. Original works
focusing on securing commercial transactions and systems are solicited;
fundamental as well as applied real-world deployments on all aspects
surrounding commerce security are of interest. Submissions need not be
exclusively concerned with cryptography. Systems security, economic or
financial modeling, and, more generally, inter-disciplinary efforts are
particularly encouraged.
Topics of interests include, but are not limited to:
- Anonymity and Privacy
- Applications of Game Theory to Security
- Auctions and Audits
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Data Outsourcing Security
- Digital Rights Management
- Digital Cash and Payment Systems
- Economics of Security and Privacy
- Electronic Crime and Underground-Market Economics
- Electronic Commerce Security
- Fraud Detection
- Identity Theft
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Devices and Applications Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Smartcards, Secure Tokens and Secure Hardware
- Smart Grid Security and Privacy
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security
For more information, please see
http://fc14.ifca.ai/.
ESSOS 2014
6th International Symposium on Engineering Secure Software and Systems,
Munich, Germany, February 26-28, 2014.
[posted here 06/10/13]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet.
Hostile, networked environments, like the Internet, can allow vulnerabilities in software
to be exploited from anywhere. To address this, high-quality security building blocks (e.g.,
cryptographic components) are necessary, but insufficient. Indeed, the construction of
secure software is challenging because of the complexity of modern applications, the
growing sophistication of security requirements, the multitude of available software
technologies and the progress of attack vectors. Clearly, a strong need exists for
engineering techniques that scale well and that demonstrably improve the software's
security properties. The Symposium seeks submissions on subjects related to its goals.
This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DSL's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements
(in particular economic considerations)
- support for assurance, certification and accreditation
- empirical secure software engineering
- security by design
For more information, please see
http://distrinet.cs.kuleuven.be/events/essos/2014/.
CT-RSA 2014
RSA Conference Cryptographers' Track,
San Francisco, CA, USA, February 24-28, 2014.
[posted here 08/26/13]
Original research papers pertaining to all aspects cryptography are solicited.
Topics include but are not limited to:
- Public-key encryption
- Symmetric-key encryption
- Digital signatures
- Hash functions
- Cryptographic protocols
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Network security
- E-commerce
- Cryptanalysis
- Hardware security
- Tamper-resistance
- Side-channel attacks and defenses
- Malware detection and prevention
- Spam and fraud deterrence
For more information, please see
http://research.microsoft.com/en-us/um/redmond/events/CT-RSA-2014/cfp.htm.
USEC 2014
Workshop on Usable Security,
Co-located with NDSS 2014,
San Diego, California, USA, February 23, 2014.
[posted here 10/17/13]
Many aspects of information security combine technical and human factors. If a highly
secure system is unusable, users will try to circumvent the system or move entirely to less
secure but more usable systems. Problems with usability are a major contributor to many
high-profile security failures today. However, usable security is not well-aligned with traditional
usability for three reasons. First, security is rarely the desired goal of the individual. In fact,
security is usually orthogonal and often in opposition to the actual goal. Second, security
information is about risk and threats. Such communication is often unwelcome. Increasing
unwelcome interaction is not a goal of usable design. Third, since individuals must trust their
machines to implement their desired tasks, risk communication itself may undermine the value
of the networked interaction. For the individual, discrete technical problems are all understood
under the rubric of online security (e.g., privacy from third parties use of personally identifiable
information, malware). A broader conception of both security and usability is therefore needed
for usable security. The workshop on Usable Security invites submissions on all aspects of
human factors and usability in the context of security. USEC'14 aims to bring together
researchers already engaged in this interdisciplinary effort with other computer science
researchers in areas such as visualization, artificial intelligence and theoretical computer
science as well as researchers from other domains such as economics or psychology.
For more information, please see
http://www.usecap.org/usec14.html.
NDSS 2014
21st Annual Network and Distributed System Security Symposium,
San Diego, California, USA, February 23-26, 2014.
[posted here 06/10/13]
The Network and Distributed System Security Symposium fosters information exchange among
researchers and practitioners of network and distributed system security. The target
audience includes those interested in practical aspects of network and distributed system
security, with a focus on actual system design and implementation. A major goal is to
encourage and enable the Internet community to apply, deploy, and advance the state
of available network and distributed systems security technologies.
Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering,
watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and
efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy
For more information, please see
http://www.internetsociety.org/events/ndss-symposium-2014.
IFIP119-DF 2014
10th Annual IFIP WG 11.9 International Conference on Digital Forensics,
Vienna University of Technology, Vienna, Austria, January 8-10, 2014.
[posted here 05/27/13]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org)
is an active international community of scientists, engineers and practitioners
dedicated to advancing the state of the art of research and practice in digital
forensics. The Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics
will provide a forum for presenting original, unpublished research results
and innovative ideas related to the extraction, analysis and preservation of
all forms of electronic evidence. Papers and panel proposals are solicited.
All submissions will be refereed by a program committee comprising members of
the Working Group. Papers and panel submissions will be selected based on their
technical merit and relevance to IFIP WG 11.9. The conference will be limited
to approximately sixty participants to facilitate interactions between researchers
and intense discussions of critical research issues.
Technical papers are solicited in all areas related to the theory and practice
of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving
digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see
http://www.ifip119.org.
|