Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Past Conferences and Journal Special Issues

Last Modified:12/22/14

Note: Please contact cipher-cfp@ieee-security.org by email if you have any questions..

Contents

 

Past Conferences and Other Announcements - 2014

InTust 2014 6th International Conference on Trustworthy Systems, Beijing, China, December 16-17, 2014. [posted here 10/13/14]
The InTrust conference focuses on the theory, technologies and applications of trustworthy systems. It is devoted to all aspects of trustworthy computing systems, including trusted modules, platforms, networks, services and applications, as well as security concerns and privacy issues of systems, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area.

For more information, please see http://crypto.fudan.edu.cn/intrust2014/.

PPREW 2014 4th Program Protection and Reverse Engineering Workshop, Co-Located with the Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA, USA, December 9, 2014. [posted here 08/18/14]
Program protection and reverse engineering are dualisms of good and evil. Beneficial uses of reverse engineering abound: malicious software needs to be analyzed and understood in order to prevent their spread and to assess their functional footprint; owners of intellectual property (IP) at times need to recover lost or unmaintained designs. Conversely, malicious reverse engineering allows illegal copying and subversion; designers can employ obfuscation and tamper-proofing on IP to target various attack vectors. In this sense, protecting IP and protecting malware from detection and analysis is a double-edged sword: depending on the context, the same techniques are either beneficial or harmful. Likewise, tools that deobfuscate malware in good contexts become analysis methods that support reverse engineering for illegal activity. PPREW invites papers on practical and theoretical approaches for program protection and reverse engineering used in beneficial contexts, focusing on analysis/ deobfuscation of malicious code and methods/tools that hinder reverse engineering. Ongoing work with preliminary results, theoretical approaches, tool-based methods, and empirical studies on various methods are all appropriate. Studies on hardware/circuit based methods or software/assembly based mechanisms are within scope of the workshop. We expect the workshop to provide exchange of ideas and support for cooperative relationships among researchers in industry, academia, and government. Topics of interest include, but are not limited, to the following:
- Obfuscation / Deobfuscation (polymorphism)
- Tamper-proofing / Hardware-based protection
- Theoretic proofs for exploitation or protection
- Software watermarking / Digital fingerprinting
- Reverse engineering tools and techniques
- Side channel analysis and vulnerability mitigation
- Program / circuit slicing
- Information hiding and discovery
- Virtualization for protection and/or analysis
- Forensic and anti-forensic protection
- Moving target and active cyber defense
- Theoretic analysis frameworks (Abstract Interpretation, Homomorphic Encryption, Term Rewriting Systems, Machine Learning, Large Scale Boolean Matching)
- Component / Functional Identification
- Program understanding
- Source code (static/dynamic) analysis techniques

For more information, please see http://www.pprew.org.

ACSAC 2014 Annual Computer Security Applications Conference, New Orleans, LA, USA, December 8-12, 2014. [posted here 06/02/14]
ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. If you are developing practical solutions to problems relating to protecting commercial enterprises' or countries' information infrastructures, consider submitting your work to the Annual Computer Security Applications Conference. We especially encourage submissions in the area of our Hard Topic Theme for 2014, Cybersecurity for Cyber-Physical Systems. We are interested in submissions that address the application of security technology, the implementation of systems, and lessons learned. Some example topics are:
- Access control
- Assurance
- Audit
- Biometrics
- Boundary control
- Cloud security
- Cybersecurity
- Denial of service protection
- Distributed systems security
- Electronic commerce security
- Enterprise security management
- Forensics
- Identity management
- Incident response planning
- Insider threat protection
- Integrity
- Intellectual property rights protection
- Intrusion detection and prevention
- Malware
- Mobile and wireless security
- Multimedia security
- Network resiliency
- Operating systems security
- Peer-to-peer security
- Privacy and data protection
- Privilege management
- Product evaluation and compliance
- Resilience
- Security engineering
- Security usability
- Software security
- Supply chain risk
- Trust management
- Virtualization security
- VoIP security
- Web 2.0/3.0 security

For more information, please see http://www.acsac.org.

SKM 2014 International Conference on Secure Knowledge Management, BITS Pilani, Dubai, December 8-9, 2014. [posted here 05/05/14]
The conference on Secure Knowledge Management will bring together researchers and practitioners from academia, industry and government to raise the awareness and share recent advances in knowledge management. The conference will provide a venue to discuss and develop the next set of challenges in knowledge management that needs to be tackled by the community. Topics of interest include, but are not limited to:
- Secure Languages (Secure Knowledge Query Manipulation Language, Security Assertion Markup Language, B2B Circles of Trust)
- Return on Investment in Secure Knowledge Systems
- Digital Rights Management (Digital Policy Management)
- Secure Content Management (Secure Content Management in Authorized Domains, Secure Content Delivery, Content Trust Index)
- Knowledge Management for National Security
- Security in B2B marketplace
- Security and Privacy in Online Social Media
- Wireless security in the context of Knowledge Management
- Data Mining for Fraud Detection (Financial Fraud Detection, Network Intrusion Detection)
- Risk Assessment
- Secure Knowledge Management in Distributed Systems
- Trust and Privacy in Knowledge management systems
- Security, Privacy, and Trustworthiness in Semantic web
- Secure Knowledge management in Big-data applications like Healthcare, finance, cloud etc.

For more information, please see http://www.bits-dubai.ac.ae/skm2014/index.html.

IWSAC 2014 2nd International Workshop on Security Assurance in the Cloud, Held in conjunction with the 10th International Conference on Signal Image Technology & Internet Based Systems (SITIS 2014), Marrakech, Morocco, November 23-27, 2014. [posted here 09/22/14]
The ongoing merge between Service-Oriented Architectures (SOAs) and the Cloud computing paradigm provides a new environment fostering the integration of services located within company boundaries with those in the Cloud. An increasing number of organizations implement their business processes and applications via runtime composition of services made available in the Cloud by external suppliers. This scenario is changing the traditional view of security introducing new service security risks and threats, and requires re-thinking of current assurance, development, testing, and verification methodologies. In particular, security assurance in the cloud is becoming a pressing need to increase the confidence of the cloud actors that the cloud and its services are behaving as expected, and requires novel approaches addressing SOA and cloud peculiarities. IWSAC 2014 is the continuation of the International Workshop on Securing Services on the Cloud, held in September 2011, Milan, Italy. It aims to address the security assurance issues related to the deployment of services in the Cloud, along with evaluating their impact on traditional security solutions for software and network systems. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and assurance of services implemented in the Cloud, as well as experimental studies in Cloud infrastructures, the implementation of services, and lessons learned. Topics of interest include, but are not limited to:
- Authentication and access control in the cloud
- Challenges in moving critical systems to the cloud
- Cloud accountability
- Cloud audit
- Cloud compliance
- Cloud certification
- Cloud transparency, introspection, and outrospection
- Cybersecurity in the cloud
- Data security and privacy in the Cloud
- Information assurance and trust management
- Intrusion detection in the Cloud
- Security assurance in the cloud
- Security and assurance protocols in the Cloud
- Service level agreements
- Service procurement in the cloud
- Service verification in critical cloud services
- Test-based and monitoring-based verification of cloud services

For more information, please see http://sesar.di.unimi.it/IWSAC2014.

VizSec 2014 11th Visualization for Cyber Security, Paris, France, November 10, 2014. [posted here 04/14/14]
The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage the submission of papers on technologies and methods that promise to improve cyber security practices, including, but not limited to:
- Situation awareness and/or understanding
- Incident handling including triage, exploration, correlation, and response
- Computer forensics
- Recording and reporting results of investigations
- Reverse engineering and malware analysis
- Multiple data source analysis
- Analyzing information requirements for computer network defense
- Evaluation and/or user testing of VizSec systems
- Criteria for assessing the effectiveness of cyber security visualizations (whether from a security goal perspective or a human factors perspective)
- Modeling system and network behavior
- Modeling attacker and defender behavior
- Studying risk and impact of cyber attacks
- Predicting future attacks or targets
- Security metrics and education
- Software security
- Mobile application security
- Social networking privacy and security

For more information, please see http://www.vizsec.org.

LISA 2014 28th Large Installation System Administration Conference, Seattle, WA, USA, November 9–14, 2014. [posted here 03/03/14]
USENIX’s Large Installation System Administration (LISA) conference - now in its 28th year - is the premier meeting place for professionals who make computing work across a variety of industries. If you’re an IT operations professional, site-reliability engineer, system administrator, architect, software engineer, researcher, or otherwise involved in ensuring that IT services are effectively delivered to others - this is your conference, and we’d love to have you here. At LISA, systems theory meets operational practice. This is the best environment for you to talk about what you’ve been working on with other professionals—both in industry and in academia. Giving a presentation at LISA is the path to real-world impact by highlighting your team’s or project’s achievements. We are actively soliciting talks in areas such as cloud computing, creating a positive ops culture, software-defined networking, large-scale computing, distributed systems, security, analytics, visualization, and IT management methods - but we will consider exciting, engaging talks on any topic relevant to LISA attendees.

For more information, please see https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf.

CCSW 2014 ACM Cloud Computing Security Workshop (CCSW), Held in conjunction with the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA, November 7, 2014. [posted here 06/02/14]
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. The exact form they take is still for the markets to decide, yet one thing is certain: clouds bring with them new deployment models and hence new adversarial threats and vulnerabilities. CCSW brings together researchers and practitioners in all security aspects of outsourced computing, including:
- practical cloud security solutions
- practical cryptography for cloud security
- secure cloud resource virtualization
- network virtualization
- secure data management outsourcing
- practical privacy & integrity for outsourcing
- foundations of cloud-centric threat models
- secure & verifiable computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- cloud-aware web service security paradigms
- cloud-centric regulatory compliance
- business & security risk models in the cloud
- cost & usability models and their interaction with security
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis for remote attestation and cloud protection
- cloud network security (DoS defense, IDS)
- security for cloud programming models
- energy/costs/efficiency of security in clouds

For more information, please see http://digitalpiglet.org/nsac/ccsw14/.

ACM-CCS 2014 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA, November 3-7, 2014. [posted here 03/17/14]
The conference seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the relevance of the results to secure systems. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Further concrete instructions and submissions rules and regulations will be published in the Call for Papers which will be accessible via the conference web page.

For more information, please see http://www.sigsac.org/ccs/CCS2014/.

SafeConfig 2014 Workshop on Cyber Security Analytics and Automation, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. [posted here 06/30/14]
Ensuring correctness and integrity of system configurations and associated policies are key to proper functioning, accessibility, security, privacy and resilience of modern information systems and services. However, this is a daunting in large enterprise systems that may contain millions of physical and/or virtual components that must be properly configured and secured from unauthorized access. Furthermore, the configuration variables often have explicit or hidden interdependencies that must be understood in order to ensure proper end to end behavior. The new sophisticated cyber security threats demand new security techniques and approaches that offer proactive, intelligent and a holistic security analytics based on analyzing the system artifacts including system traces, configurations, logs, incident reports, alarms and network traffic. Scalable analytics techniques are essential to handle large volumes of data and to normalize, model, integrate, analyze and respond to threats in real time. As the current technology moves toward "smart" cyber infrastructure and open networking platforms (e.g. OpenFlow and virtual computing) and integration of large variety of sensors, the need for large-scale security analytics and automation becomes essential to enable intelligent response, automated defense, and network resilience and agility. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a unique forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems.

For more information, please see http://www.cyberdna.uncc.edu/safeconfig/2014/.

WISCS 2014 1st ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. [posted here 04/28/14]
Sharing of security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach the automated sharing of observed security indicators (such as IP addresses, domain names etc.) provide valuable, actionable information to others. Through analyzing shared data it seems possible to get much better insights into emerging attacks. Sharing higher level intelligence about campaigns, threat actors and mitigations is also of great interest. Both in the US and the EU there are major efforts underway to strengthen information sharing. Yet there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives? The first Workshop on Information Sharing and Collaborative Security (WISCS 2014) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to:
- Collaborative intrusion detection
- Case studies for information sharing
- Domain name and IP address blacklisting
- Collaborative approaches to spear-phishing and DDoS attacks
- Data deidentification
- Privacy and confidentiality
- Cryptographic protocols for collaborative security
- Scalability of security analysis on shared data
- Ontologies and standards for sharing security data
- Human factors in collaboration
- Policy and legal issues
- Surveillance issues
- Trust models
- Attacks on information sharing
- Economics of security collaboration

For more information, please see https://sites.google.com/site/wiscs2014/.

MTD 2014 1st ACM Workshop on Moving Target Defense, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. [posted here 04/21/14]
The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on the attacker by making systems dynamic and harder to predict. With a constantly changing system and its ever adapting attack surface, the attacker will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal is to level the cybersecurity playing field for defenders versus attackers. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since this is still a research area in a nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results. Topics include:
- System randomization
- Artificial diversity
- Cyber maneuver
- Bio-inspired defenses
- Dynamic network configuration
- Moving target in the cloud
- System diversification techniques
- Dynamic compilation techniques
- Adaptive defenses
- Analytical models for MTD
- Large-scale MTD (using multiple techniques)

For more information, please see http://csis.gmu.edu/MTD2014.

TrustED 2014 4th International Workshop on Trustworthy Embedded Devices, Co-located with the ACM Conference on Computer & Communications Security (CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. [posted here 05/12/14]
TrustED considers selected security and privacy aspects of cyber physical systems and their environments. We aim to bring together experts from academia, research institutions, industry, and government to discuss problems, challenges, and recent scientific and technological advances in this field. In particular, we strongly encourage industry participation and submissions. The workshop topics include, but are not limited to:
- Embedded system security
- Privacy aspects of embedded systems (e.g., medical devices, electronic IDs)
- Physical and logical convergence (e.g., secure and privacy-preserving facility management)
- Hardware entangled cryptography
- Foundation, development, and applications of physical security primitives (e.g., physical unclonable functions - PUFs)
- Remote attestation and integrity verification
- IP protection for embedded systems
- Reverse engineering
- Secure execution environments (e.g., TrustZone, TPMs) on mobile devices
- New protection paradigms for trustworthy embedded systems

For more information, please see http://www.trusted-workshop.de.

CNS 2014 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA, October 29-31, 2014. [posted here 01/13/14]
IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of last year's inaugural conference, IEEE CNS 2014 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated.

For more information, please see http://ieee-cns.org.

M2MSec 2014 International Workshop on Security and Privacy in Machine-to-Machine Communications, Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014), San Francisco, CA, USA, October 29, 2014. [posted here 04/21/14]
The First International Workshop on Security and Privacy in Machine-to-Machine Communications (M2MSec'14) aims to foster innovative research and discuss about security and privacy challenges, solutions, implementations, and standardization in emerging M2M communication systems. Papers from academic researchers, industry practitioners, and government institutions offering novel research contributions in all theoretical and practical aspects of security and privacy in M2M communications are solicited for submission to M2MSec'14. The scope of this workshop covers all aspects of security and privacy in M2M communications and particular topics of interest include, but are not limited to:
- Threat and vulnerability analysis in M2M communications
- Attacks and countermeasures in M2M communications
- System architecture for security and privacy in M2M communications
- Physical layer security in M2M communications
- Cross layer design for security and privacy in M2M communications
- Security and privacy in smart grid, RFID, near field communications (NFC), bluetooth, wireless sensor networks, body area networks, e-health, vehicular ad-hoc networks
- Lightweight cryptographic primitives and protocols
- Trust and assurance in M2M communications
- Hardware security module and platform for M2M communications
- Identity and credential management in M2M communications
- Standardization for M2M communications
- Cloud computing and M2M communications
- Device-to-Device (D2D) networks such as LTE-direct
- Pervasive sensing Networks, including mobile crowdsourcing, participatory sensing
- Novel attacks resulting in IoT environments
- Data mining, cleaning and analysis techniques for IoT
- Real world deployment and experiences
- Prototype IoT systems and applications

For more information, please see http://www.m2m-sec.org/.

BDSP 2014 1st IEEE International Workshop on Big Data Security and Privacy, Washington DC, USA, October 27-30, 2014. (Submission Due 30 August 2014) [posted here 05/12/14]
Big Data is characterized by the integration of a significant amount of data, of varying modalities or types, at a pace that cannot be handled by traditional data management systems. This has sparked innovation in the collection, processing and storage of this data. The analytic systems built to leverage Big Data have yielded (and hold even greater promise to uncover) remarkable insights that enable a host of new applications that were not thought possible prior to the era of Big Data. However, with this capacity to contribute to and benefit the greater good comes the responsibility to protect the subjects referenced in the data sets. In this context, the old adage is correct - "With great power, comes great responsibility". Ultimately, the data subjects own the data and they stand to suffer most significantly from the data's compromise. Thus, there needs to be advances in techniques for 1) ingesting Big Data in a secure and privacy-preserving, 2) performing Big Data analysis in a secure environment and in a privacy-preserving manner, and 3) storing and enforcing retention policy securely (and in private modes) for Big Data systems. If these solutions are not in place, then the willingness of people to contribute their data to be included in a Big Data system decreases. Additionally, Big Data professionals need to perform risk analyses, as they relate to security and privacy, to get a realistic view of the safety of the landscape. There is a lot of work to be done in this emerging field. This workshop is a venue for researchers and practitioners to come together and tackle them in a supportive and stimulating environment.

For more information, please see http://www.bigdatasecurityprivacyworkshop.com.

CANS 2014 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014. [posted here 02/03/14]
Papers offering novel research contributions are solicited for submission to the 13rd International Conference on Cryptology and Network Security (CANS-2014). The focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics include (but not limited to):
- Access Control for Networks Mobile Code Security
- Anonymity & Pseudonymity Multicast Security
- Attacks & Malicious Code Network Security
- Authentication, Identification Peer-to-Peer Security
- Block & Stream Ciphers Public Key Cryptography
- Cloud Security Security Modeling
- Cryptographic Algorithms Security Architectures
- Cryptographic Protocols Security in Location Services
- Denial of Service Protection Security in Social Networks
- Embedded Platform Security Sensor Network Security
- Hash Functions Spam & SPIT Protection
- Identity & Trust Management Spyware Analysis and Detection
- (Future) Internet Security Virtual Private Networks
- Key Management Wireless and Mobile Security

For more information, please see http://www.ics.forth.gr/cans2014.

TrustCol 2014 9th IEEE International Workshop on Trusted Collaboration, Held in conjunction with IEEE CollaborateCom 2014, Miami, Florida, USA, October 22, 2014. [posted here 07/21/14]
The key goal of this workshop is to foster active interactions among diverse researchers and practitioners, and generate added momentum towards research in finding viable solutions to the security and privacy challenges faced by the current and future collaborative systems and infrastructures. We solicit unpublished research papers, both regular (8 pages max) and short (4 pages max) papers, that address theoretical issues and practical implementations/experiences related to security and privacy solutions for collaborative systems. Topics of interest include, but are not limited to:
- Secure dynamic coalition environments
- Privacy control in collaborative environments
- Secure workflows for collaborative computing
- Policy-based management of collaborative workspace
- Secure middleware for large scale collaborative infrastructures
- Security and privacy issues in mobile collaborative applications
- Identity management for large scale collaborative infrastructures
- Semantic web technologies for secure collaborative infrastructure
- Trust models, trust negotiation/management for collaborative systems
- Access control models and mechanisms for collaboration environments
- Protection models and mechanisms for peer-to-peer collaborative environments
- Delegation, accountability, and information flow control in collaborative applications
- Intrusion detection, recovery and survivability of collaborative systems/infrastructures
- Security of web services and grid technologies for supporting multidomain collaborative applications
- Security and privacy challenges in cloud-based collaborative applications
- Insider threats in collaborative systems/applications

For more information, please see http://honeynet.asu.edu/trustcol2014.

WESS 2014 9th Workshop on Embedded Systems Security, New Delhi, India, October 17, 2014. [posted here 06/02/14]
Embedded computing systems are continuously adopted in a wide range of application areas and importantly, they are responsible for a large number of safety-critical systems as well as for the management of critical information. The advent of Internet-enabled embedded systems introduces a large number of security issues: the Internet can be used to attack embedded systems and embedded systems can be used to attack the Internet. Furthermore, embedded systems are vulnerable to many attacks not relevant to servers because they are physically accessible. Inadvertent threats due to bugs, improper system use, etc. can also have effects that are indistinguishable from malicious attacks. This workshop will address the range of problems related to embedded system security. Of particular interest are security topics that are unique to embedded systems. The workshop will provide proceedings to the participants and will encourage discussion and debate about embedded systems security. Topics of Interest (but not limited to):
- Trust models for secure embedded hardware and software
- Isolation techniques for secure embedded hardware, hyperware and software
- System architectures for secure embedded systems
- Metrics for secure design of embedded hardware and software
- Security concerns for medical and other applications of embedded systems
- Support for intellectual property protection and anti-counterfeiting
- Specialized components for authentication, key storage and key generation
- Support for secure debugging and troubleshooting
- Implementation attacks and countermeasures
- Design tools for secure embedded hardware and software
- Hardware/software co-design for secure embedded systems
- Specialized hardware support for security protocols
- Efficient and secure implementation of cryptographic primitives

For more information, please see http://www.wess-workshop.org/.

NordSec 2014 19th Nordic Conference on Secure IT Systems, Tromsø, Norway, October 15-17, 2014. [posted here 03/03/14]
NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers and encourage interaction between academia and industry. In 2014 the conference has special focus on Security and Privacy for Cloud Computing and Big Data. Contributions within, but not limited to, the following areas are welcome:
- Applied cryptography
- Communication and network security
- Internet and web-security
- Operating system security
- Software security
- Language-based techniques for security
- Security protocols
- Access control and security models
- Privacy and privacy-enhancing technologies
- Trust and reputation management
- Security evaluation and measurements
- Commercial security policies and enforcement
- Computer crime and information warfare
- Social engineering and phishing
- Intrusion detection
- Security management and audit
- New ideas and paradigms in security
- Usable security and privacy

For more information, please see http://site.uit.no/nordsec2014/.

LASER 2014 2014 Workshop on Learning from Authoritative Security Experiment Results, Arlington, Virginia, USA, October 15-16, 2014. [posted here 05/05/14]
The LASER workshop invites papers that strive to exemplify the practice of science in cyber security. The goal of this series of workshops, now in its third year, is to address the practice of good science. We encourage participants who want to help others improve their practice and participants who want to improve their own practice. LASER seeks to foster a dramatic change in the paradigm of cyber security research and experimentation. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. LASER welcomes papers that are:
- Exemplars of the practice of science in cyber security
- Promising works-in-progress that would benefit from expert feedback

For more information, please see http://www.laser-workshop.org.

ISC 2014 17th Information Security Conference, Hong Kong, October 12-14, 2014. [posted here 05/12/14]
The Information Security Conference (ISC), which started as a workshop (ISW) in 1997, is one of the first conferences bringing together computer security and cryptographers. It has been held in 5 different continents. Its proceedings are published by Springer. Potential topics to be addressed by submissions include, but are not limited to:
- applied information security in the context of: eBusiness, eCommerce, eGovernment
- computer security, e.g.: access control, database security, e-voting, formal methods, intrusion detection, trust models, watermarking
- cryptography, e.g.: anonymity, authentication, e-voting, fingerprinting, key management, privacy
- general topics: anonymity, authentication, biometrics, insider threats, location services, network security, privacy
- hardware aspects and embedded systems,
- management aspects of security: economic aspects, digital right management, dissemination control, identity management, incident response, trust management
- security (aspects) of: cloud computing, outsourcing IT, pervasive computing, social networks, user-friendliness
- software issues: malware, mobile code aspects, operating system security, predicting malware, software security, web security

For more information, please see http://isc14.ie.cuhk.edu.hk.

ProvSec 2014 8th International Conference on Provable Security, Hong Kong, October 9-10, 2014. [posted here 05/12/14]
Provable security is an important research area in modern cryptography. Cryptographic primitives or protocols without a rigorous proof cannot be regarded as secure in practice. In fact, there are many schemes that were originally thought as secure but eventually broken, which clearly indicates the need of formal security assurance. With provable security, we are confident in using cryptographic schemes and protocols in various real-world applications. Meanwhile, schemes with provable security sometimes give only theoretical feasibility rather than a practical construction, and correctness of the proofs may be difficult to verify. ProvSec conference thus provides a platform for researchers, scholars and practitioners to exchange new ideas for solving these problems in the provable security area. All aspects of provable security for cryptographic primitives or protocols, include but are not limited to the following areas:
- Asymmetric provably secure cryptography
- Cryptographic primitives
- Lattice-based security reductions
- Leakage-resilient cryptography
- Pairing-based provably secure cryptography
- Privacy and anonymity technologies
- Provable secure block ciphers and hash functions
- Secure cryptographic protocols and applications
- Security notions, approaches, and paradigms
- Steganography and steganalysis

For more information, please see http://home.ie.cuhk.edu.hk/~provsec14.

OSDI 2014 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA, October 6–8, 2014. [posted here 03/03/14]
The 11th USENIX Symposium on Operating Systems Design and Implementation seeks to present innovative, exciting research in computer systems. OSDI brings together professionals from academic and industrial backgrounds in what has become a premier forum for discussing the design, implementation, and implications of systems software. The OSDI Symposium emphasizes innovative research as well as quantified or insightful experiences in systems design and implementation. OSDI takes a broad view of the systems area and solicits contributions from many fields of systems practice, including, but not limited to, operating systems, file and storage systems, distributed systems, cloud computing, mobile systems, secure and reliable systems, embedded systems, virtualization, networking as it relates to operating systems, management and troubleshooting of complex systems. We also welcome work that explores the interface to related areas such as computer architecture, networking, programming languages, and databases. We particularly encourage contributions containing highly original ideas, new approaches, and/or groundbreaking results.

For more information, please see https://www.usenix.org/conference/osdi14/call-for-papers.

eCrime 2014 9th Symposium on Electronic Crime Research, Held in conjunction with the 2014 APWG General Meeting, Birmingham, Alabama, USA, September 23-25, 2014. [posted here 03/31/14]
The eCrime Symposium consists of two full days which bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it. Topics of interest include (but are not limited to):
- Emerging attack methods
- Online advertising fraud
- Large-scale take-downs
- Economics of online crime
- Technical, legal, political aspects of online fraud
- Assessing the risks and yields of modern attacks
- Defending critical internet infrastructure

For more information, please see http://ecrimeresearch.org/events/ecrime2014.

SLSS 2014 International Workshop on System Level Security of Smartphones, Held in conjunction with SecureComm 2014, Beijing, China, September 23, 2014. [posted here 05/26/14]
This workshop will discuss various aspects of system level security of smartphones, and stitch together the aspects into holistic and deep understandings. Some specific aspects include system metadata abuse, .so level rootkits in Android, finer-grained protection domains, cross-layer vulnerability analysis, and context-aware access control. Through the workshop, some new vulnerabilities and attack on Android/IOS systems could be revealed, and some security design principles of next generation smartphone Operating Systems could be identified. The workshop will be more discussion oriented than regular workshops, it will include a few selected presentations, each with a 15 minutes speech and 45 minutes discussion. Research contributions are solicited in all aspects related to system level security of smartphones, including but not limited to:
- System level vulnerabilities of Android/ IOS system, for example cross-layer vulnerability analysis, service vulnerabilities, etc.
- New attacks on Android/IOS systems, for example metadata-based attack, .so level rootkits, etc.
- Design of next generation secure smartphone systems, for example finer-grained protection domains, context-aware access control, etc.

For more information, please see http://www.dacas.cn/slss2014.

RAID 2014 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden, September 17-19, 2014. [posted here 03/03/14]
The 17th International Symposium on Research in Attacks, Intrusions and Defenses aims at bringing together leading researchers and practitioners from academia, government, and industry to discuss novel research contributions related to any area of computer and information security. As in previous years, all topics related to intrusion detection and prevention are within scope. In addition, topics of interest also include but are not limited to:
- Intrusion detection and prevention
- Malware and botnet analysis, detection, and mitigation
- Smartphone and other embedded systems security
- Network & active defenses
- Web application security
- New attacks against computers and networks
- Insider attack detection
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis
- Secure software development
- Machine learning for security
- Computer security visualization techniques
- Network exfiltration
- Online money laundering and underground economy
- Hardware vulnerabilities
- Binary analysis and reverse engineering
- Digital forensics
- Security and privacy

For more information, please see http://www.raid2014.eu/cfp.html.

NSPW 2014 New Security Paradigms Workshop, Victoria, British Columbia, Canada, September 15-18, 2014. [posted here 03/03/14]
The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security. By encouraging participants to think “outside the box” and giving them an opportunity to interact with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security. NSPW is a highly interactive venue, with informal paper presentations, lively, extended discussions, shared activities, and group meals, all in the spectacular setting of Victoria, British Columbia, Canada. Most of the papers accepted to NSPW push the boundaries of science and engineering beyond what would be considered mainstream in more traditional security conferences. We are particularly interested in perspectives that augment traditional computer security, both from other areas of computer science and other sciences that study adversarial relationships such as biology, economics, and the social sciences.

For more information, please see http://www.nspw.org/2014/cfp.

SMPE 2014 1st Workshop on Security and Privacy Aspects of Mobile Environments, Co-located with ACM MobiCom 2014, Maui, Hawaii, USA, September 11, 2014. [posted here 05/12/14]
Increased adoption of mobile communications technologies (e.g., smartphones and Internet tablets), along with the growing popularity of mobile applications and online social network services (e.g., mobile Facebook, Foursquare, mobile YouTube), dramatically changed the computing and networking landscapes. Such mobile environments, while creating and promoting several new opportunities for users, businesses and enterprises by complementing and often supplanting traditional Internet communication, opened up new challenges with new forms of security risks and privacy threats. Mobile devices security and privacy research has been very active and productive since the inception of smartphones and app markets. Both regulatory and technology efforts are also underway to address some of the privacy and security requirements of mobile systems and services. The workshop will discuss issues in mobile devices and applications, mobile location-based services, ad-hoc and infrastructure-based mobile networks, with particular focus on theoretical and practical aspects of design, usability and performance evaluation of security and privacy. This workshop will solicit research papers, work-in-progress papers, industry and regulatory position reports from academia, industry, and government agencies. The proposed workshop seeks to promote dynamic interdisciplinary discussions and collaboration on the various aspects of security and privacy of mobile devices, applications and mobile networking operations. Topics of interest include but are not limited to:
- Mobile networks security
- Mobile handsets devices security
- Security and privacy of mobile applications
- Hardware enabled security
- Usability of security and privacy
- New economic models of privacy-preserving mobile systems/applications
- Mobile identity management systems
- Mobile payment systems
- Privacy and security threats identification
- Censorship resistance in mobile environments
- Privacy preserving analytics in mobile environments
- Contextual (context-based) security and privacy
- Security and privacy in next generation mobile networks
- Security and privacy in wearable technologies

For more information, please see http://www.smpe2014.org/.

BADGERS 2014 3rd International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Held in conjunction with ESORICS 2014, Wroclaw, Poland, September 11, 2014. [posted here 06/23/14]
The BADGERS workshop is the venue for research on Big Data for security. In contrast to the systems community, security researchers have only recently started collecting and looking at Internet-scale, real-world data (e.g., the EU WOMBAT and the US PREDICT initiatives). Experimental security analysis performed on such data is often hampered by concerns such as confidentiality, privacy, and liability. However attackers have become experts in leveraging the whole Internet to achieve their goals. To understand the modus operandi and the motivations of attackers, both the access to Internet-scale, real-world data and the techniques to mine it for relevant security knowledge are necessary. Hence there is a growing need to widen the scope of data-driven security analysis. The BADGERS workshop is positioned at the confluence of computer security and general purpose large-scale data processing and aims at bringing together people (e.g., researchers, practitioners, system administrators, security analysts) active in the emerging domain of security-related data collection and analysis for Internet-scale computer systems and networks. By giving visibility to existing solutions, the workshop promotes and encourages the better sharing of data and knowledge. The increasing availability of tools and techniques to process large-scale data (aka Big Data) will benefit computer security.

For more information, please see http://necoma-project.eu/badgers14/.

SETOP 2014 7th SETOP International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2014, Wroclaw, Poland, September 11, 2014. [posted here 03/31/14]
Autonomous and Spontaneous security focuses on the dynamics of system behaviour in response to threats, their detection, characterisation, diagnosis and mitigation in particular through architectural and behavioural reconfiguration. Such approaches are needed in Embedded Systems, Pervasive Computing, and Cloud environments, which bridge the physical, social, and computing worlds and challenge traditional security provisions from different perspectives. Systems must be agile and continue to operate in the presence of compromise, introspective and self-protecting rather than just hardened, resilient to more complex threats yet more vulnerable as they are physically accessible, widely heterogeneous and need to integrate long-term legacy components. Ensuring their resilience and protecting such systems at scale requires novel solutions across a broad spectrum of computational and resource environments, that integrate techniques from different areas including security, network management, machine learning, knowledge representation, control theory, stochastic analysis and software engineering amongst others. SETOP invites submissions of novel research results and practical experiences relevant to autonomous and spontaneous security approaches.

For more information, please see http://www.setop.info.

STM 2014 10th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2014, Wroclaw, Poland, September 10-11, 2014. [posted here 04/28/14]
The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICTs. Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Applied cryptography
- Authentication
- Complex systems security
- Data and application security
- Data protection
- Data/system integrity
- Digital right management
- Economics of security and privacy
- E-services
- Formal methods for security and trust
- Identity management
- Legal and ethical issues
- Networked systems security
- Operating systems security
- Privacy
- Security and trust metrics
- Security and trust policies
- Security and trust management architectures
- Security and trust in cloud environments
- Security and trust in grid computing
- Security and trust in pervasive computing
- Security and trust in social networks
- Social implications of security and trust
- Trust assessment and negotiation
- Trust in mobile code
- Trust models
- Trust management policies
- Trust and reputation systems
- Trusted platforms
- Trustworthy systems and user devices
- Web services security

For more information, please see http://stm14.uni.lu/.

SecATM 2014 International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland, September 9-12, 2014. [posted here 03/03/14]
Global air traffic management (ATM) is evolving from siloed, local, proprietary systems to interconnected wide-area information systems. There is rapid development, as demonstrated by the US NextGen and the European Single European Sky ATM Research programme. Increased automation and interconnection also translates into increased security risks, and this workshop will focus on security of next-generation air traffic management systems and similar critical information infrastructures. Throughout the recent years the understanding was developed that the security. Suggested topics include, but are not limited to the following in ATM and related critical infrastructures:
- Security Policy
- Risk assessment
- Security management
- Security validation
- Best practices
- Secure middleware solutions
- Experience reports
- Challenges of security assessment in a safety-oriented environment

For more information, please see http://www.secatm.org.

SIN 2014 7th International Conference on the Security of Information and Networks, Glasgow, UK, September 9-11, 2014. [posted here 05/26/14]
The 7th International Conference on Security of Information and Networks (SIN 2014) provides an international forum for presentation of research and applications of security in information and networks. SIN 2014 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. Its drive is to convene a high quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems. Topics of interest include (but are not limited to):
- Access control and intrusion detection
- Cyber Physical Systems
- Autonomous and adaptive security
- Security tools and development platforms
- Computational intelligence techniques in security
- Security ontology, models, protocols & policies
- Computer network defense
- Standards, guidelines and certification
- Cryptographic techniques and key management
- Security-aware software engineering
- Industrial applications of security
- Trust and privacy
- Information assurance
- Cyber Warfare (attacks and defenses)
- Next generation network architectures
- Malware analysis
- Network security and protocols
- Security challenges in Mobile/Embedded Systems

For more information, please see http://www.sinconf.org/sin2014/.

ECTCM 2014 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, September 8-12, 2014. [posted here 03/03/14]
ECTCM aims at bringing together researchers and practitioners working in different areas related to cybersecurity. All unveilings regarding massive worldwide online surveillance in the past year led to a somewhat changed cyber world. We want to contribute to the current discussions about all technical aspects of this problem. Therefore this years' workshop focuses on new Targeted Attacks, Malware and all aspects of Privacy. Contributions demonstrating current weaknesses and threats as well as new countermeasures are warmly welcome.

For more information, please see http://www.ectcm.net/.

ACC 2014 IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK, September 8, 2014. [posted here 03/03/14]
Cloud computing services offer cost effective, scalable, and reliable outsourced platforms. Cloud adoption is becoming rapidly ubiquitous; therefore, private and sensitive data is being moved into the cloud. This move is introducing new security and privacy challenges, which should be diligently addressed in order to avoid severe security repercussions. The focus of this workshop is to offer a discussion forum about autonomous cybersecurity systems, which offer viable and well-suited solutions for cloud threat prediction, detection, mitigation, and prevention. The workshop is part of the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), and is collocated with The 8th IEEE Self-Adaptive and Self-Organizing System Conference and The 14th IEEE Peer-to-Peer Computing Conference. We are soliciting original and unpublished results of ongoing research projects, emerging trends, uses cases, and implementation experiences in autonomous cloud cybersecurity systems and solutions. The topics covered include, but are not limited to:
- Self-protection techniques of computing systems, networks and applications
- Performance evaluation and metrics of self-protection algorithms
- Metrics to characterize and quantify the cybersecurity algorithms (confidentiality, integrity, and availability of autonomic systems)
- Anomaly behavior analysis and discovery of autonomic systems and services
- Data mining, stochastic analysis and prediction of autonomic systems and applications
- Datasets and benchmarks to compare and evaluate different self-protection techniques
- Autonomic prediction of cyber crime
- Cloud cryptographic systems
- Autonomous cyber threat mitigation methods
- Cloud security protocols
- Automated cloud security analysis
- Cloud cybersecurity tools

For more information, please see http://sesar.dti.unimi.it/ACC2014.

ESORICS 2014 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. [posted here 03/17/14]
ESORICS (European Symposium on Research in Computer Security) is the premier European research conference in computer security. ESORICS started in 1990 and has been held in several European countries, attracting an international audience from both the academic and industrial communities. ESORICS 2014, the 19th symposium in the series, will be held in Poland at the Institute of Mathematics and Computer Science, Wroclaw University of Technology. Papers offering novel research contributions in all aspects of computer security are solicited for submission to ESORICS 2014. The primary focus is on original, high quality, unpublished research, but submissions describing implementation experiences and industrial research and development are also encouraged. All topics related to security, privacy and trust in computer systems and networks are of interest and in scope. Purely theoretical papers, e.g. in cryptography, must be explicit about the relevance of the theory to the security of IT systems.

For more information, please see http://esorics2014.pwr.wroc.pl/index.html.

TGC 2014 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy, September 5-6, 2014. [posted here 01/13/14]
The Symposium on Trustworthy Global Computing is an international annual venue dedicated to secure and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems, and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms, and protocols for rigorously designing, verifying, and implementing open-ended, large-scaled applications. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to):
- languages, semantic models, and abstractions
- security, trust, and reliability
- privacy and information flow policies
- algorithms and protocols
- resource management
- model checking, theorem proving, and static analysis
- tool support

For more information, please see http://www.cs.le.ac.uk/events/tgc2014/.

LightSEC 2014 3rd International Workshop on Lightweight Cryptography for Security & Privacy, Istanbul, Turkey, September 1-2, 2014. [posted here 04/28/14]
LightSEC 2014 promotes and initiates novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. As such applications are becoming ubiquitous, providing an immense value to society, they are also affecting a greater portion of the public & leading to a plethora of economical & security and privacy related concerns. Topics of interest include:
- Design, analysis and implementation of lightweight cryptographic protocols
- Cryptographic hardware development for constrained domains
- Security & privacy solutions for wireless embedded systems
- Lightweight privacy-preserving protocols & systems
- Design and analysis of fast and compact cryptographic algorithms
- Wireless network security for low-resource devices
- Low-power crypto architectures
- Scalable protocols and architectures for security and privacy
- Formal methods for analysis of lightweight cryptographic protocols
- Security and privacy issues in RFID and NFC
- Embedded systems security
- PUF based crypto protocols
- Security of ubiquitous and pervasive computing
- Side channel analysis and countermeasures on lightweight devices
- Efficient and scalable cryptographic protocols for the Next Generation Secure Cloud

For more information, please see http://www.light-sec.org.

USENIX-Security 2014 23rd USENIX Security Symposium. USENIX Security, San Diego, CA, USA, August 20-22, 2014. [posted here 04/28/14]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- Cloud computing security
- Cryptographic implementation analysis and construction, applied cryptography
- Distributed systems security
- Forensics and diagnostics for security
- Hardware security (Embedded systems security, Methods for detection of malicious or counterfeit hardware, Randomness, Secure computer architectures, Side channels)
- Human-computer interaction, security, and privacy
- Intrusion and anomaly detection and prevention
- Malware (Detection, mitigation, Malicious code analysis, anti-virus, anti-spyware)
- Mobile system security
- Network security (Botnets, Denial-of-service attacks and countermeasures, Network infrastructure security)
- Operating system security
- Privacy-enhancing technologies, anonymity
- Programming language security
- Public good (Research on computer security law and policy, Research on security education and training, Research on social values, surveillance, and censorship)
- Security analysis (Analysis of network and security protocols, Attacks with novel insights, techniques, or results)
- Security applications (Security in critical infrastructures, Security in electronic voting, Security in health care and medicine, Security in ubiquitous computing, sensors, actuators)
- Security economics, electronic commerce
- Security measurement studies (Large-scale measurement of fraud, malware, spam, Large-scale measurement of human behavior and security)
- Security tools (Automated security analysis of hardware designs and implementation, Automated security analysis of source code and binaries, program analysis, Novel tools to improve the trustworthiness of computer systems)
- Storage security (Database security and privacy, File systems)
- Web security
- Wireless security

For more information, please see https://www.usenix.org/conference/usenixsecurity14.

SAC 2014 Conference on Selected Areas in Cryptography, Concordia University, Montreal, Quebec, Canada, August 14-15, 2014. [posted here 04/28/14]
Authors are encouraged to submit original papers related to the following themes for the SAC 2014 conference. Note that the first three are traditional SAC areas and the fourth topic is intended to be the special focus for this year's conference:
- Design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash function, MAC algorithms, cryptographic permutations, and Authenticated Encryption Schemes
- Efficient implementations of symmetric and public key algorithms
- Mathematical and algorithmic aspects of applied cryptology
- Algorithms for cryptography, cryptanalysis and their complexity analysis

For more information, please see http://users.encs.concordia.ca/~youssef/SAC2014-WebSite/.

PLAS 2014 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden, July 29, 2014. [posted here 03/03/14]
PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. The scope of PLAS includes, but is not limited to:
- Compiler-based security mechanisms or runtime-based security mechanisms such as inline reference monitors
- Program analysis techniques for discovering security vulnerabilities
- Automated introduction and/or verification of security enforcement mechanisms
- Language-based verification of security properties in software, including verification of cryptographic protocols
- Specifying and enforcing security policies for information flow and access control
- Model-driven approaches to security
- Security concerns for web programming languages
- Language design for security in new domains such as cloud computing and embedded platforms
- Applications, case studies, and implementations of these techniques

For more information, please see http://researcher.ibm.com/researcher/view_project.php?id=5237.

PST 2014 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada, July 23-24, 2014. [posted here 02/03/14]
PST2014 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2014 topics include, but are NOT limited to, the following:
- Privacy Preserving / Enhancing Technologies
- Critical Infrastructure Protection
- Network and Wireless Security
- Operating Systems Security
- Intrusion Detection Technologies
- Secure Software Development and Architecture
- PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
- Network Enabled Operations
- Digital forensics
- Information Filtering, Data Mining and Knowledge from Data
- National Security and Public Safety
- Cryptographic techniques for privacy preservation
- Security Metrics
- Recommendation, Reputation and Delivery Technologies
- Continuous Authentication
- Trust Technologies, Technologies for Building Trust in e-Business Strategy
- Observations of PST in Practice, Society, Policy and Legislation
- Digital Rights Management
- Identity and Trust management
- PST and Cloud Computing
- Human Computer Interaction and PST
- Implications of, and Technologies for, Lawful Surveillance
- Biometrics, National ID Cards, Identity Theft
- PST and Web Services / SOA
- Privacy, Traceability, and Anonymity
- Trust and Reputation in Self-Organizing Environments
- Anonymity and Privacy vs. Accountability
- Access Control and Capability Delegation
- Representations and Formalizations of Trust in Electronic and Physical Social Systems

For more information, please see http://pst2014.ryerson.ca.

SHPCS 2014 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy, July 21 - July 25, 2014. [posted here 02/03/14]
Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems and how they can be formally verified both at design-time (formal verification) and at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems.

For more information, please see http://hpcs2014.cisedu.info/.

WiSec 2014 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom, July 21-25, 2014. [posted here 10/4/13]
ACM WiSec has been broadening its scope and seeks to present high quality research papers exploring security and privacy aspects of wireless communications, mobile networks, and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics and the increasingly diverse range of mobile or wireless applications. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Mobile malware and platform security
- Security & Privacy for Smart Devices (e.g., Smartphones)
- Wireless and mobile privacy and anonymity
- Secure localization and location privacy
- Cellular network fraud and security
- Jamming attacks and defenses
- Key extraction, agreement, or distribution
- Theoretical foundations, cryptographic primitives, and formal methods
- NFC and smart payment applications
- Security and privacy for mobile sensing systems
- Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications
- Self-tracking/Quantified Self Security and Privacy
- Physical Tracking Security and Privacy
- Usable Mobile Security and Privacy
- Economics of Mobile Security and Privacy
- Bring Your Own Device (BYOD) Security

For more information, please see http://www.sigsac.org/wisec/WiSec2014/.

RFIDSec 2014 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom, July 21-23, 2014. [posted here 10/24/13]
RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency Identification (RFID) with participants throughout the world. RFIDsec brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks and contributed presentations. Topics of interest include:
- New applications for secure RFID, NFC and other constrained systems
- Resource-efficient implementations of cryptography
- Attacks on RFID systems (e.g. side-channel attacks, fault attacks, hardware tampering)
- Data protection and privacy-enhancing techniques
- Cryptographic protocols (e.g. authentication, key distribution, scalability issues)
- Integration of secure RFID systems (e.g. infrastructures, middleware and security)
- Data mining and other systemic approaches to RFID security
- RFID hardware security (e.g. Physical Unclonable Functions (PUFs), RFID Trojans)
- Case studies

For more information, please see http://rfidsec2014.cis.uab.edu/.

CSF 2014 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria, July 19 - 22, 2014. [posted here 11/25/13]
The Computer Security Foundations Symposium is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, e.g., formal security models, relationships between security properties and defenses, principled techniques and tools for design and analysis of security mechanisms, as well as their application to practice. While CSF welcomes submissions beyond the topics listed below, the main focus of CSF is foundational security: submissions that lack foundational aspects risk rejection. New results in computer security are welcome. Possible topics include, but are not limited to: access control, accountability, anonymity, authentication, critical infrastructure security, cryptography, data and system integrity, database security, decidability and complexity, distributed systems, electronic voting, executable content, formal methods and verification, game theory and decision theory, hardware-based security, humans and computer security, information flow, intrusion detection, language-based security, network security, novel insights on attacks, privacy, provenance, resource usage control, security for mobile computing, security models, security protocols, software security, socio-technical security, trust management, usable security, web security.

For more information, please see http://csf2014.di.univr.it/.

PETS 2014 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands, July 16-18, 2014. [posted here 12/2/13]
The Privacy Enhancing Technologies Symposium (PETS) aims to advance the state of the art and foster a world-wide community of researchers and practitioners to discuss innovation and new perspectives. Suggested topics include but are not restricted to:
- Behavioral targeting
- Building and deploying privacy-enhancing systems
- Crowdsourcing for privacy
- Cryptographic tools for privacy
- Data protection technologies
- Differential privacy
- Economics of privacy and game-theoretical approaches to privacy
- Forensics and privacy
- Information leakage, data correlation and generic attacks to privacy
- Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology
- Location and mobility privacy
- Measuring and quantifying privacy
- Obfuscation-based privacy
- Policy languages and tools for privacy
- Privacy and human rights
- Privacy in ubiquitous computing and mobile devices
- Privacy in cloud and big-data applications
- Privacy in social networks and micro-blogging systems
- Privacy-enhanced access control, authentication, and identity management
- Profiling and data mining
- Reliability, robustness, and abuse prevention in privacy systems
- Surveillance
- Systems for anonymous communications and censorship resistance
- Traffic analysis
- Transparency enhancing tools
- Usability and user-centered design for PETs

For more information, please see http://petsymposium.org/.

DBSec 2014 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Vienna Technical University, Vienna, Austria, July 14-16, 2014. [posted here 02/03/14]
The 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security and privacy. Papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:
- access control
- anonymity
- applied cryptography in data security
- authentication
- crowdsourcing for privacy and security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- knowledge discovery and privacy
- methodologies for data and application security and privacy
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in IT outsourcing
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security

For more information, please see http://dbsec2014.sba-research.org.

PIR 2014 Privacy-Preserving IR Workshop: When Information Retrieval Meets Privacy and Security, Held in conjunction with ACM SIGIR 2014, Gold Coast, Australia, July 11 2014. [posted here 04/07/14]
With the emergence of online social networks and the growing popularity of digital communication, more and more information about individuals is becoming available on the Internet. While much of this information is not sensitive, it is not uncommon for users to publish sensitive information online, especially on social networking sites. The availability of this publicly accessible and potentially sensitive data can lead to abuse and expose users to stalking and identity theft. An adversary can digitally "stalk" a victim (a Web user) and discover as much information as possible about the victim, either through direct observation of posted information or by inferring knowledge using simple inference logic. Information retrieval and information privacy/security are two fast-growing computer science disciplines. Information retrieval provides a set of information seeking, organization, analysis, and decision-making techniques. Information privacy/security defends information from unauthorized or malicious use, disclosure, modification, attack, and destruction. The two disciplines often appear as two areas with opposite goals: one is to seek information from large amounts of materials, the other is to protect (sensitive) information from being found out. On the other hand, there are many synergies and connections between these two disciplines. For example, information retrieval researchers or practitioners often need to consider privacy or security issues in designing solutions of information processing and management, while researchers in information privacy and security often utilize information retrieval techniques when they build the adversary models to simulate how the adversary can actively seek sensitive information. However, there have been very limited efforts to connect the two important disciplines. In addition, due to lack of mature techniques in privacy-preserving information retrieval, concerns about information privacy and security have become serious obstacles that prevent valuable user data to be used in IR research such as studies about query logs, social media, tweets, session analysis, and medical record retrieval. For instance, the recent TREC Medical Record Retrieval Tracks are halted because of the privacy issue and the TREC Microblog Tracks could not provide participants with a standard testbed of tweets for system development. The situation needs to be improved in a timely manner. All these motive this "privacy-preserving IR" workshop in SIGIR.

For more information, please see http://cs-sys-1.uis.georgetown.edu/~sz303/sigir2014-pir-workshop/.

DIMVA 2014 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK, July 10-11, 2014. [posted here 11/6/13]
The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. Each year, DIMVA brings together international experts from academia, industry, and government to present and discuss novel research in these areas. DIMVA is organized by the special interest group "Security - Intrusion Detection and Response" (SIDAR) of the German Informatics Society (GI). The conference proceedings will appear as a volume in the Springer Lecture Notes in Computer Science (LNCS) series (approval pending). DIMVA encourages submissions from the following broad areas:
Intrusion Detection
- Novel approaches and domains
- Insider detection
- Prevention and response
- Data leakage and exfiltration
- Result correlation and cooperation
- Evasion and other attacks
- Potentials and limitations
- Operational experiences

Malware Detection
- Automated analyses
- Behavioral models
- Prevention and containment
- Infiltration
- Acquisition and monitoring
- Forensics and recovery
- Underground economy

Vulnerability Assessment
- Vulnerability detection
- Vulnerability prevention
- Fuzzing techniques
- Classification and evaluation
- Situational awareness

For more information, please see http://www.dimva.org/dimva2014.

SOUPS 2014 Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA, July 9-11, 2014. [posted here 12/2/13]
The 2014 Symposium on Usable Privacy and Security (SOUPS) will bring together an interdisciplinary group of researchers and practitioners in human computer interaction, security, and privacy. The program will feature technical papers, a poster session, panels and invited talks, lightning talks and demos, and workshops and tutorials. This year SOUPS will be held at Facebook in Menlo Park, CA. We invite authors to submit original papers describing research or experience in all areas of usable privacy and security. Topics include, but are not limited to:
- innovative security or privacy functionality and design,
- new applications of existing models or technology,
- field studies of security or privacy technology,
- usability evaluations of new or existing security or privacy features,
- security testing of new or existing usability features,
- longitudinal studies of deployed security or privacy features,
- the impact of organizational policy or procurement decisions, and
- lessons learned from the deployment and use of usable privacy and security features,
- reports of replicating previously published studies and experiments,
- reports of failed usable security studies or experiments, with the focus on the lessons learned from such experience.

For more information, please see http://cups.cs.cmu.edu/soups/.

WAY 2014 Workshop: Who are you?! Adventures in Authentication, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2014), Menlo Park, CA, USA, July 9, 2014. [posted here 05/05/14]
Our most common method of authentication continues to be based on the assumption of a person using a desktop computer and keyboard, or a person authenticating to their mobile phone. There has been an implicit assumption that the effort of authenticating, both in terms of elapsed time, user actions, cognitive load and impact on a user's primary task, will be amortized over a relatively long lifetime of the authenticated session with the system, application or service. As computing moves into new environments, including mobile and embedded systems, these assumptions may no longer be valid. The user's primary task may be tending to a patient, driving a car, operating heavy machinery, or interacting with friends and colleagues via mobile apps. Due to the nature of user interaction in these new computing environments, and new threat models, methods of authenticating are needed that are both robust, easy to use, and minimize impact on the user's primary task. The time / cost of authentication needs to be commensurate with the level of engagement with these kinds of systems and applications. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns, and ideas about known and new authentication techniques. We are interested in discussing methods of evaluating the impact and usability of various authentication techniques, and ideas about novel authentication techniques that are secure, robust and usable.

For more information, please see https://cups.cs.cmu.edu/soups/2014/workshops/authentication.html .

ACISP 2014 19 Australasian Conference on Information Security and Privacy, Wollongong, NSW, Australia, July 7-9, 2014. [posted here 02/03/14]
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 19th Australasian Conference on Information Security and Privacy (ACISP 2014). Papers may present theory, techniques, applications and practical experiences on a variety of topics. The proceedings will be published by Springer-Verlag as a volume of the Lecture Notes in Computer Science series. The extended version of the selected papers from ACISP 2014 will be invited to the special issue of International Journal of Information Security (IJIS) International Journal of Applied Cryptography. We seek submissions from academic and industrial researchers on all theoretical and practical aspects of information security. Suggested topics include, but are not restricted to, the following:
- Cryptography
- Network Security
- Copyright Protection
- Mobile Communications Security
- Secure Commercial Applications
- Security Architectures and Models
- Database Security
- Privacy Technologies
- Authentication and Authorization
- Smartcards
- Software Protection and Malware
- Distributed System Security
- Computer Forensic
- Key Management and Auditing
- Secure Operating System
- Secure Electronic Commerce
- Biometrics
- Secure Cloud Computing

For more information, please see https://ssl.informatics.uow.edu.au/acisp2014/.

TRUST 2014 7th International Conference on Trust & Trustworthy Computing, Hersonissos, Crete, Greece, June 30 - July 2, 2014. [posted here 03/03/14]
TRUST 2014 is an international conference on the technical and socio-economic aspects of trustworthy infrastructures. It provides an excellent interdisciplinary forum for researchers, practitioners, and decision makers to explore new ideas and discuss experiences in building, designing, using and understanding trustworthy computing systems. Topics of interest include, but are not limited to:
- Architecture and implementation technologies for trusted platforms and trustworthy infrastructures
- Trust, Security and Privacy in embedded systems
- Trust, Security and Privacy in social networks
- Trusted mobile platforms and mobile phone security
- Implementations of trusted computing (hardware and software)
- Applications of trusted computing
- Trustworthy infrastructures and services for cloud computing (including resilience)
- Attestation and integrity verification
- Cryptographic aspects of trusted and trustworthy computing
- Design, implementation and analysis of security hardware
- Security hardware with cryptographic and security functions, physically unclonable functions (PUFs)
- Intrusion resilience in trusted computing
- Virtualization for trusted platforms
- Secure storage
- Security policy and management of trusted computing
- Access control for trusted platforms
- Privacy aspects of trusted computing
- Verification of trusted computing architectures
- Usability and end-user interactions with trusted platforms
- Limitations of trusted computing
- The role of trust in human-computer interactions
- Usability and user perceptions of trustworthy systems and risks
- Patterns of trust practices in human-computer interactions
- Effects of trustworthy systems upon user, corporate, and governmental behavior
- The impact of trustworthy systems in enhancing trust in cloud-like infrastructures
- The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight
- The impact of trustworthy systems upon digital forensics, police investigations and court proceedings
- Game theoretical approaches to modeling or designing trustworthy systems
- Approaches to model and simulate scenarios of how trustworthy systems would be used in corporate environments and in personal space
- Economic drivers for trustworthy systems in corporate environment
- Experimental economics studies of trustworthiness
- The interplay between privacy, privacy enhancing technologies and trustworthy systems
- Evaluation of research methods used in the research of trustworthy and trusted computing
- Critiques of trustworthy systems
- Metrics of trust
- Privacy Aspects of Trust Computing
- Engineering Processes for Trustworthy Computing

For more information, please see http://www.ics.forth.gr/trust2014/.

WISTP 2014 8th Workshop in Information Security Theory and Practice, Heraklion, Greece, June 30 - July 2, 2014. [posted here 11/18/13]
Future ICT technologies, such as the concepts of Ambient Intelligence, Cyber-physical Systems and Internet of Things provide a vision of the Information Society in which: a) people and physical systems are surrounded with intelligent interactive interfaces and objects, and b) environments are capable of recognising and reacting to the presence of different individuals or events in a seamless, unobtrusive and invisible manner. The success of future ICT technologies will depend on how secure these systems may be, to what extent they will protect the privacy of individuals and how individuals will come to trust them. WISTP 2014 aims to address security and privacy issues of smart devices, networks, architectures, protocols, policies, systems, and applications related to Internet of Things, along with evaluating their impact on business, individuals, and the society. The workshop seeks original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of Internet of Things, as well as experimental studies of fielded systems, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to:
Security and Privacy in Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- Mobile Malware
- Mobile OSes Security Analysis
- New Applications for Secure RFID Systems
- RFID Systems
- Smart Card
- Smart Devices Applications
- Wireless Sensor Node

Security and Privacy in Networks
- Ad Hoc Networks
- Delay-Tolerant Network
- Domestic Network
- GSM/GPRS/UMTS Systems
- Peer-to-Peer Networks
- Security Issues in Mobile and Ubiquitous Networks
- Sensor Networks: Campus Area, Body Area, Sensor and Metropolitan Area Networks
- Vehicular Network
- Wireless Communication: Bluetooth, NFC, WiFi, WiMAX, others

Security and Privacy in Architectures, Protocols, Policies, Systems and Applications
- BYOD Contexts
- Cloud-enhanced Mobile Security
- Critical Infrastructure (e.g. for Medical or Military Applications)
- Cyber-Physical Systems
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Lightweight cryptography
- Localization Systems (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human)
- Mobile Commerce
- Multimedia Applications
- Public Administration and Governmental Services
- Pervasive Systems
- Privacy Enhancing Technologies
- Secure self-organization and self-configuration
- Security Models, Architecture and Protocol: for Identification and Authentication, Access Control, Data Protection
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Measurements
- Smart Cities
- Systems Controlling Industrial Processes

For more information, please see http://www.wistp.org/.

DASec 2014 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain, June 30 - July 3, 2014. [posted here 01/13/14]
In the last 10 years we have witnessed a strong integration of several human activities with computers and digital networks. This has led to an interconnected economy, where interactions occur through the mediation of networked devices. The openness of this scenario was instrumental in creating new business opportunities. However, it has also paved the way to new forms of criminal activities that, while happening in the cyber domain, have strong implications in the real world. The current trend towards an Internet of Things will possibly worsen this scenario. In this context, private companies and public bodies struggle to defend their businesses against a deluge of attacks spanning from complex online frauds to malicious scanning activities of their IT infrastructures. As attacks continue to grow in complexity, classic "border-control" approaches to system security quickly prove to be ineffective, calling for an investigation into new methodologies and solutions. At the same time, ongoing research efforts on "Big Data" systems are devising new and innovative methodologies to manage and analyze large amounts of data with the aim of recognizing specific patterns and behaviors. The First International Workshop on Big Data Analytics for Security aims to bring together people from both academia and industry to present their most recent work related to trust, security and privacy issues in big data analytics, together with application of big data technologies in the field of security. The purpose is to establish if and how large-scale data analytics technologies can help in creating new security solutions for today's complex IT infrastructures.

For more information, please see http://www.dis.uniroma1.it/~dasec/.

SPE 2014 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA, June 27 - July 2, 2014. [posted here 02/03/14]
Built upon the success of spectrum of conferences within the IEEE World Congress on Services, the Security and Privacy Engineering (SPE 2014) workshop is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the workshop from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome.

For more information, please see http://sesar.dti.unimi.it/SPE2014/.

SACMAT 2014 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada, June 25-27, 2014. [posted here 12/2/13]
Papers offering novel research contributions in all aspects of access control are solicited for submission to the 19th ACM Symposium on Access Control Models and Technologies (SACMAT 2014). We have expanded the scope to include several new topics that have relevance to access control. These include cyber-physical systems, applications, systems, hardware, cloud computing, and usability. The Program Committee for this year reflects this expanded scope.
- Administration
- Applications
- Attribute-based systems
- Authentication
- Biometrics
- Cryptographic approaches
- Cyber-physical systems
- Design methodology
- Distributed, cloud, and mobile systems
- Economic models and game theory
- Enforcement
- Hardware enhanced
- Identity management
- Mechanisms, systems, and tools
- Models and extensions
- Obligations
- Policy engineering and analysis
- Requirements
- Risk
- Safety analysis
- Standards
- Theoretical foundations
- Trust management
- Usability

For more information, please see http://www.sacmat.org.

WEIS 2014 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA, June 23-24, 2014. [posted here 11/25/13]
The Workshop on the Economics of Information Security (WEIS) is the leading forum for interdisciplinary scholarship on information security and privacy, combining expertise from the fields of economics, social science, business, law, policy, and computer science. Prior workshops have explored the role of incentives between attackers and defenders of information systems, identified market failures surrounding Internet security, quantified risks of personal data disclosure, and assessed investments in cyber-defense. The 2014 workshop will build on past efforts using empirical and analytic tools not only to understand threats, but also to strengthen security and privacy through novel evaluations of available solutions. We encourage economists, computer scientists, legal scholars, business school researchers, security and privacy specialists, as well as industry experts to submit their research and participate by attending the workshop. Suggested topics include (but are not limited to) empirical and theoretical studies of:
- Optimal investment in information security
- Models and analysis of online crime (including botnets, phishing, and spam)
- Risk management and cyber-insurance
- Security standards and regulation
- Cyber-security and privacy policy
- Security and privacy models and metrics
- Economics of privacy and anonymity
- Behavioral security and privacy
- Vulnerability discovery, disclosure, and patching
- Cyber-defense strategy and game theory
- Incentives for information sharing and cooperation

For more information, please see http://weis2014.econinfosec.org/.

ICC-CISS 2014 IEEE International Conference on Communications, Communications and Information Systems Security Symposium, Sydney, Australia, June 16-20, 2014. [posted here 09/02/13]
The Communications and Information Systems Security Symposium (CISS) will focus on all aspects of security, privacy, trust, and risk management, which pose a serious challenge to today's globally connected society. The symposium welcomes novel contributions on evaluation, modeling, analysis, and design of communication and information systems security solutions, from the physical layer to the application layer. In addition, this year's CISS puts a stronger emphasis on network oriented security and privacy, such as security related topics of cloud computing, networking related security in Big Data, IoT, and so on. To ensure complete coverage of the advances in communication and information systems security, the topics of interest of the CISS include, but are not limited to, the following areas:
- Anonymity, anonymous communication, metrics and their performance analysis
- Authentication protocols and message authentication
- Authorization and access control
- Availability and survivability of secure services and systems
- Big Data security and privacy
- Biometric security
- Botnet detection, prevention, and defense
- Cloud and distributed application security
- Computer and network forensics
- Cryptography and evaluation
- Data center security
- Firewall technologies; intrusion detection, localization, and avoidance
- Formal trust models, security modeling and protocol design
- Key distribution and management
- Lightweight security
- Location-based services and their security and privacy aspects
- Mobile and Wireless network security
- Mobile App security and privacy
- Multi-mode surveillance and homeland security
- Network public opinion analysis and monitoring
- Network security metrics and their performance evaluation
- Operating systems and application security and analysis tools
- Online Social Networks and their security aspects
- Physical security and hardware/software security
- Privacy and privacy enhancing technologies
- Quantum cryptography and communication applications
- Resource allocation, incentives, and game-theoretic approaches
- Security in virtual machine environments
- Security in wired systems and optical networks
- Security of Cyber-physical systems
- Security risk management
- Trust models, management and certificate handling
- Virtual private networks and group security
- Vulnerability, exploitation tools and virus analysis
- Web, e-commerce, and m-commerce security

For more information, please see http://www.ieee-icc.org/2014.

IFIP-SEC 2014 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco, June 2-4, 2014. [posted here 11/18/13]
This conference is the flagship event of the International Federation for Information Processing (IFIP) Technical Committee 11 on Security and Privacy Protection in Information Processing Systems (TC-11, www.ifiptc11.org). We seek submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and privacy protection in ICT Systems. Topics of interest include, but are not limited to:
- Access control and authentication
- Applied cryptography
- Cloud and big data security
- Critical Infrastructure Protection
- Data and Applications Security
- Digital Forensics
- Human Aspects of Information Security and Assurance
- Identity Management
- Information Security Education
- Information Security Management
- Information Technology Mis-Use and the Law
- Managing information security functions
- Mobile security
- Multilateral Security
- Network & Distributed Systems Security
- Pervasive Systems Security
- Privacy protection
- Trust Management
- Audit and risk analysis

For more information, please see http://www.ensa.ac.ma/sec2014/.

SP 2014 35th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 18-21, 2014. [posted here 09/02/13]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship and censorship-resistance
- Distributed systems security
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection
- Malware
- Metrics
- Mobile security and privacy
- Language-based security
- Network security
- Privacy-preserving systems
- Protocol security
- Secure information flow
- Security and privacy policies
- Security architectures
- System security
- Usable security and privacy
- Web security and privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Given the rapidly expanding and maturing security and privacy community, we hope to increase the acceptance rate of papers that are more "far-reaching" and "risky," as long as those papers also show sufficient promise for creating interesting discussions and questioning widely-held beliefs.

Systematization of Knowledge Papers: Following the success of the previous year’s conferences, we are also soliciting papers focused on systematization of knowledge (SoK). The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers can provide a high value to our community but may not be accepted because of a lack of novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions are encouraged to analyze the current research landscape: identify areas that have enjoyed much research attention, point out open areas with unsolved challenges, and present a prioritization that can guide researchers to make progress on solving important challenges. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings.

For more information, please see http://www.ieee-security.org/TC/SP2014/cfp.html.

LangSec 2014 A Workshop on Language Theoretic Security, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), San Jose, CA, USA, May 18, 2014. [posted here 02/03/14]
The LangSec workshop solicits contributions of research papers and panel proposals related to the growing area of language-theoretic security. Language-theoretic security (LangSec) is a design and programming philosophy that focuses on formally correct and verifiable input handling throughout all phases of the software development lifecycle. In doing so, it offers a practical method of assurance of software free from broad and currently dominant classes of bugs and vulnerabilities related to incorrect parsing and interpretation of messages between software components (packets, protocol messages, file formats, function parameters, etc.). LangSec aims to (1) produce verifiable recognizers, free of typical classes of ad-hoc parsing bugs, (2) produce verifiable, composable implementations of distributed systems that ensure equivalent parsing of messages by all components and eliminate exploitable differences in message interpretation by the elements of a distributed system, and (3) mitigate the common risks of ungoverned development by explicitly exposing the processing dependencies on the parsed input.

For more information, please see http://spw14.langsec.org/.

W2SP 2014 WEB 2.0 Security and Privacy Workshop, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), San Jose, CA, USA, May 18, 2014. [posted here 02/03/14]
W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had seven years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. W2SP is held in conjunction with the IEEE Symposium on Security and privacy, which will take place from May 18-21, 2014, at the Fairmont Hotel in San Jose, California. W2SP will continue to be open-access: all papers will be made available on the workshop website, and authors will not need to forfeit their copyright. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). Papers must be formatted for US letter (not A4) size paper with margins of at least 3/4 inch on all sides. The text must be formatted in a two-column layout, with columns no more than 9 in. high and 3.375 in. wide. The text must be in Times font, 10-point or larger, with 12-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. The scope of W2SP 2014 includes, but is not limited to:
- Analysis of Web, Cloud and Mobile Vulnerabilities
- Forensic Analysis of Web, Cloud and Mobile Systems
- Security Analysis of Web, Cloud and Mobile Systems
- Advances in Penetration Testing
- Advances in (SQL/code) Injection Attacks
- Trustworthy Cloud-based, Web and Mobile services
- Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems
- Security and Privacy as a Service
- Usable Security and Privacy
- Security and Privacy Solutions for the Web, Cloud and Mobile
- Identity Management, Psuedonymity and ANonymity
- Security/Privacy Web Services/Feeds/Mashups
- Provenance and Governance
- Security and Privacy Policy Management for the Web, Cloud and Mobile
- Next-Generation Web/Mobile Browser Technology
- Security/Privacy Extensions and Plug-ins
- Online Privacy and Security frameworks
- Advertisement and Affiliate fraud
- Studies on Understanding Web/Cloud/Mobile Security and Privacy
- Technical Solutions for Security and Privacy legislation
- Solutions for connecting the Business, Legal, Technical and Social aspects on Web/Cloud/Mobile Security and Privacy.
- Technologies merging Economics with Security/Privacy
- Innovative Security/Privacy Solutions for Industry Verticals

For more information, please see https://www.easychair.org/conferences/?conf=w2sp2014 .

CREDS 2014 2nd Cyber-security Research Ethics Dialog & Strategy, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), San Jose, CA, USA, May 18, 2014. [posted here 02/03/14]
The future of online trust, innovation & self-regulation is threatened by a widening gap between users' expectations, formed by laws and norms, and the capacity for great benefits and harms generated by technological advances. As this gap widens, so too does ambiguity between asserted rights and threats. How do we close this gap and thereby lower risks, while also instilling trust in online activities? The solution embraces fundamental principles of ethics to guide our decisions in the midst of information uncertainty. One context where this solution is germinating is cybersecurity research. Commercial and public researchers and policymakers are tackling novel ethical challenges that exert a strong influence for online trust dynamics. These challenges are not exceptional, but increasingly the norm: (i) to understand and develop effective defenses to significant Internet threats, researchers infiltrate malicious botnets; (ii) to understand Internet fraud (phishing) studies require that users are unaware they are being observed in order to ascertain typical behaviors; and (iii) to perform experiments measuring Internet usage and network characteristics that require access to sensitive network traffic. This workshop anchors off of discussions, themes, and momentum generated from the inaugural CREDS 2013 workshop. Specifically, it targets the shifting roles, responsibilities, and relationships between Researchers, Ethical Review Boards, Government Agencies, Professional Societies, and Program Committees in incentivizing and overseeing ethical research. Its objective is to spawn dialogue and practicable solutions around the following proposition: Building a more effective research ethics culture is a prerequisite for balancing research innovation (i.e., academic freedom, reduced burdens and ambiguities) with public trust (i.e., respect for privacy and confidentiality, accountability, data quality), so we explore the pillars of such a culture as well as the strategies that might be adopted to incorporate them into research operations. CREDS II invites case studies, research experience and position papers that explore the following questions:
- What can we learn from other domains that struggle with ethical issues?
- What leadership should be engaged (i.e., institutional, government, peer groups), and what should their respective roles and responsibilities be?
- What education and awareness is needed?
- What information sharing/coordination needs to be improved: among researchers, among oversight entities, and between researchers and oversight entities?
- What knowledge and technology-transfer mechanisms can meet stated needs?

For more information, please see http://www.caida.org/workshops/creds/1405/.

IWCC 2014 International Workshop on Cyber Crime, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), Fairmont Hotel, San Jose, CA, USA, May 17-18, 2014. [posted here 12/2/13]
Today's world's societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple international borders. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are often buried in large volumes of data, which are hard to inspect with the aim of detecting offences and collecting evidence. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches. Topics of interest include, but are not limited to:
- Cyber crimes: evolution, new trends and detection
- Cyber crime related investigations
- Computer and network forensics
- Digital forensics tools and applications
- Digital forensics case studies and best practices
- Privacy issues in digital forensics
- Network traffic analysis, traceback and attribution
- Incident response, investigation and evidence handling
- Integrity of digital evidence and live investigations
- Identification, authentication and collection of digital evidence
- Anti-forensic techniques and methods
- Watermarking and intellectual property theft
- Social networking forensics
- Steganography/steganalysis and covert/subliminal channels
- Network anomalies detection
- Novel applications of information hiding in networks
- Political and business issues related to digital forensics and anti-forensic techniques

For more information, please see http://stegano.net/IWCC2014/.

MOST 2014 Mobile Security Technologies Workshop, An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014), Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014), San Jose, CA, USA, May 17, 2014. [posted here 01/13/14]
Mobile Security Technologies (MoST) brings together researchers, practitioners, policy makers, and hardware and software developers of mobile systems to explore the latest understanding and advances in the security and privacy for mobile devices, applications, and systems. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of MoST 2014 includes, but is not limited to, security and privacy specifically for mobile devices and services related to:
- Device hardware
- Operating systems
- Middleware
- Mobile web
- Secure and efficient communication
- Secure application development tools and practices
- Privacy
- Vulnerabilities and remediation techniques
- Usable security
- Identity and access control
- Risks in putting trust in the device vs. in the network/cloud
- Special applications, such as medical monitoring and records
- Mobile advertisement
- Secure applications and application markets
- Economic impact of security and privacy technologies

For more information, please see http://mostconf.org/2014/cfp.html.

SPW 2014 IEEE TCSP - Workshops of Security and Privacy (SPW), Co-located with IEEE Symposium on Security and Privacy (SP 2014), San Jose, California, USA, May 17-18, 2014. [posted here 09/02/13]
Since 1980, the IEEE Symposium on Security and Privacy (SP) has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

In order to further expand the opportunities for scientific exchanges, we created a new venue within the IEEE CS Technical Committee on Security and Privacy called Security and Privacy Workshops (SPW). The typical purpose of such a workshop is to cover a specific aspect of security and privacy in more detail, making it easy for the participants to attend IEEE SP and a specialized workshop at IEEE SPW with just one trip. Furthermore, the co-location offers synergies for the organizers. The workshops are co-located with the IEEE Security and Privacy Symposium. We have had some workshops steadily co-located with IEEE SP the last few years; the success and popularity of these workshops has led to us formalizing the process and expanding our scope. Workshops can be annual events (e.g. W2SP), one time events, or aperiodic.

For more information, please see http://www.ieee-security.org/TC/SPW2014.

COSADE 2014 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, Paris, France, April 14-15, 2014. [posted here 10/27/13]
Side-channel analysis (SCA) and implementation attacks have become an important field of research at universities and in the industry. In order to enhance the resistance of cryptographic and security critical implementations within the design phase, constructive attacks and analyzing techniques may serve as a quality metric to optimize the design and development process. Since 2010, COSADE provides an international platform for researchers, academics, and industry participants to present their work and their current research topics. It is an excellent opportunity to exchange on new results with international experts and to initiate new collaborations and information exchange at a professional level. The workshop will feature both invited presentations and contributed talks. The topics of COSADE 2014 include, but are not limited to:
- Constructive side-channel analysis and implementation attacks
- Semi-invasive, invasive and fault attacks
- Leakage models and security models for side-channel analysis
- Cache-attacks and micro-architectural analysis
- Decapsulation and preparation techniques
- Side-channel based reverse engineering
- Leakage Resilient Implementations
- Evaluation methodologies for side-channel resistant designs
- Secure designs and countermeasures
- Evaluation platforms and tools for testing side-channel characteristics

For more information, please see http://www.cosade.org.

HotSoS 2014 Symposium and Bootcamp on the Science of Security, Raleigh, North Carolina, USA, April 8-9, 2014. [posted here 09/23/13]
Security has been intensively studied, however, previous research has often emphasized the engineering of specific solutions and attacks without developing the scientific understanding of the problem domain. All too often, security research focuses on responding to specific threats in an apparently ad hoc manner. The motivation behind the nascent Science of Security is to understand how computing systems are architected, built, used, and maintained with a view to understanding and addressing security challenges systematically across their life cycle. In particular, two features distinguish the Science of Security from other research programs on security: scope and approach:
- Scope: The Science of Security considers not just computational artifacts, but incorporates the human, social, and organizational aspects of computing within its purview.
- Approach: The Science of Security takes a decidedly scientific approach, based on the understanding of empirical evaluation and theoretical foundations as developed in the natural and social sciences, but adapted as appropriate for the artificial science (in Herb Simon's term) that is computing.

For more information, please see http://www.csc2.ncsu.edu/conferences/hotsos.

POST 2014 3rd Conference on Principles of Security and Trust, Grenoble, France, April 7–11, 2014. [posted here 05/13/13]
Principles of Security and Trust is a broad forum related to the theoretical and foundational aspects of security and trust. Papers of many kinds are welcome: new theoretical results, practical applications of existing foundational ideas, and innovative theoretical approaches stimulated by pressing practical problems. We seek submissions proposing theories to clarify security and trust within computer science; submissions establishing new results in existing theories; and also submissions raising fundamental concerns about existing theories. We welcome new techniques and tools to automate reasoning within such theories, or to solve security and trust problems. Case studies that reflect the strengths and limitations of foundational approaches are also welcome, as are more exploratory presentations on open questions. Areas of interest include:
- Access control
- Anonymity
- Authentication
- Availability
- Cloud security
- Confidentiality
- Covert channels
- Crypto foundations
- Economic issues
- Information flow
- Integrity
- Languages for security
- Malicious code
- Mobile code
- Models and policies
- Privacy
- Provenance
- Reputation and trust
- Resource usage
- Risk assessment
- Security architectures
- Security protocols
- Trust management
- Web service security

For more information, please see http://www.etaps.org/2014/post-2014.

SAC-SEC 2014 29th ACM Symposium on Applied Computing, Computer Security track, Gyeongju, Korea, March 24-28, 2014. [posted here 07/15/13]
For the past twenty-eight years, the ACM Symposium on Applied Computing has been a primary gathering forum for applied computer scientists, computer engineers, software engineers, and application developers from around the world. The Security Track reaches its thirteenth edition this year, thus appearing among the most established tracks in the Symposium. The list of issues remains vast, ranging from protocols to work-flows. Topics of interest include but are not limited to:
- software security (protocols, operating systems, etc.)
- hardware security (smartcards, biometric technologies, etc.)
- mobile security (properties for/from mobile agents, etc.)
- network security (anti-DoS tools, firewalls, real-time monitoring, mobile networks, sensor networks, etc.)
- alternatives to cryptography (steganography, etc.)
- security-specific software development practices (vulnerability testing, fault-injection resilience, etc.)
- privacy and anonymity (trust management, pseudonymity, identity management, electronic voting, etc.)
- safety and dependability issues (reliability, survivability, etc.)
- cyberlaw and cybercrime (copyrights, trademarks, defamation, intellectual property, etc.)
- security management and usability issues (security configuration, policy management, usability trials etc.)
- workflow and service security (business processes, web services, etc.)
- security in cloud computing and virtualised environments

For more information, please see http://www.dmi.unict.it/~giamp/sac/cfp2014.php.

SESOC 2014 6th International Workshop on Security and Social Networking, Held in conjunction with PerCom 2014, Budapest, Hungary, March 24, 2014. [posted here 09/02/13]
The number of profiles on Social Networking Services, like Facebook, Google-Plus, Snapchat, or Twitter have grown to account for a third of the world's population. Acting as convenient link collections and (group) communication media, they have evolved to central hubs for Web browsing and Internet use. Encouraging their subscribers to publish self-descriptive and user-generated content, usually covering topics, events, and opinions corresponding to their personal environment, these services have become collections of highly detailed profiles of them. A paramount paradigm change is a near to perfect identifiability of their subscribers, who are forced to register using their clear names, instead of pseudonyms or throwaway accounts in previous forums. The extent of information gathered about their subscribers additionally allows the providers to check the credibility of the chosen handles and even re-identify users who have chosen pseudonyms. While SNS previously have largely been walled-gardens, the current development sees an extending integration with the conventional Web. This both opens their content and interaction functions to become a social layer, and allows the providers to even better track their users behavior and activities on the Web. The subscribers additionally increasingly use their mobile applications, thus exposing even their whereabouts and communication patterns beyond their activities on the Web. These services, while offering extensive chances for enhanced communication between their subscribers raise entirely new privacy concerns. They hence require new reflections on security goals and services, and to revisit previously seemingly well understood solutions for confidentiality, trust establishment, key management, or cooperation enforcement. The aim of SESOC 2014 hence is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems with a special focus on the social aspects of the services.

For more information, please see http://www.sesoc.org.

FC 2014 18th Financial Cryptography and Data Security Conference, Accra Beach Hotel & Spa, Barbados, March 3-7, 2014. [posted here 09/25/13]
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on financial, economic and commercial transaction security. Original works focusing on securing commercial transactions and systems are solicited; fundamental as well as applied real-world deployments on all aspects surrounding commerce security are of interest. Submissions need not be exclusively concerned with cryptography. Systems security, economic or financial modeling, and, more generally, inter-disciplinary efforts are particularly encouraged. Topics of interests include, but are not limited to:
- Anonymity and Privacy
- Applications of Game Theory to Security
- Auctions and Audits
- Authentication and Identification
- Behavioral Aspects of Security and Privacy
- Biometrics
- Certification and Authorization
- Cloud Computing Security
- Commercial Cryptographic Applications
- Contactless Payment and Ticketing Systems
- Data Outsourcing Security
- Digital Rights Management
- Digital Cash and Payment Systems
- Economics of Security and Privacy
- Electronic Crime and Underground-Market Economics
- Electronic Commerce Security
- Fraud Detection
- Identity Theft
- Legal and Regulatory Issues
- Microfinance and Micropayments
- Mobile Devices and Applications Security and Privacy
- Phishing and Social Engineering
- Reputation Systems
- Risk Assessment and Management
- Secure Banking and Financial Web Services
- Smartcards, Secure Tokens and Secure Hardware
- Smart Grid Security and Privacy
- Social Networks Security and Privacy
- Trust Management
- Usability and Security
- Virtual Goods and Virtual Economies
- Voting Systems
- Web Security

For more information, please see http://fc14.ifca.ai/.

ESSOS 2014 6th International Symposium on Engineering Secure Software and Systems, Munich, Germany, February 26-28, 2014. [posted here 06/10/13]
Trustworthy, secure software is a core ingredient of the modern world. So is the Internet. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
- scalable techniques for threat modeling and analysis of vulnerabilities
- specification and management of security requirements and policies
- security architecture and design for software and systems
- model checking for security
- specification formalisms for security artifacts
- verification techniques for security properties
- systematic support for security best practices
- security testing
- security assurance cases
- programming paradigms, models and DSL's for security
- program rewriting techniques
- processes for the development of secure software and systems
- security-oriented software reconfiguration and evolution
- security measurement
- automated development
- trade-off between security and other non-functional requirements (in particular economic considerations)
- support for assurance, certification and accreditation
- empirical secure software engineering
- security by design

For more information, please see http://distrinet.cs.kuleuven.be/events/essos/2014/.

CT-RSA 2014 RSA Conference Cryptographers' Track, San Francisco, CA, USA, February 24-28, 2014. [posted here 08/26/13]
Original research papers pertaining to all aspects cryptography are solicited. Topics include but are not limited to:
- Public-key encryption
- Symmetric-key encryption
- Digital signatures
- Hash functions
- Cryptographic protocols
- Efficient implementations
- Elliptic-curve cryptography
- Lattice-based cryptography
- Quantum cryptography
- Network security
- E-commerce
- Cryptanalysis
- Hardware security
- Tamper-resistance
- Side-channel attacks and defenses
- Malware detection and prevention
- Spam and fraud deterrence

For more information, please see http://research.microsoft.com/en-us/um/redmond/events/CT-RSA-2014/cfp.htm.

USEC 2014 Workshop on Usable Security, Co-located with NDSS 2014, San Diego, California, USA, February 23, 2014. [posted here 10/17/13]
Many aspects of information security combine technical and human factors. If a highly secure system is unusable, users will try to circumvent the system or move entirely to less secure but more usable systems. Problems with usability are a major contributor to many high-profile security failures today. However, usable security is not well-aligned with traditional usability for three reasons. First, security is rarely the desired goal of the individual. In fact, security is usually orthogonal and often in opposition to the actual goal. Second, security information is about risk and threats. Such communication is often unwelcome. Increasing unwelcome interaction is not a goal of usable design. Third, since individuals must trust their machines to implement their desired tasks, risk communication itself may undermine the value of the networked interaction. For the individual, discrete technical problems are all understood under the rubric of online security (e.g., privacy from third parties use of personally identifiable information, malware). A broader conception of both security and usability is therefore needed for usable security. The workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security. USEC'14 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology.

For more information, please see http://www.usecap.org/usec14.html.

NDSS 2014 21st Annual Network and Distributed System Security Symposium, San Diego, California, USA, February 23-26, 2014. [posted here 06/10/13]
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. Submissions are solicited in, but not limited to, the following areas:
- Anti-malware techniques: detection, analysis, and prevention
- Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques
- Future Internet architecture and design
- High-availability wired and wireless networks
- Implementation, deployment and management of network security policies
- Integrating security in Internet protocols: routing, naming, network management
- Intellectual property protection: protocols, implementations, metering, watermarking, digital rights management
- Intrusion prevention, detection, and response
- Privacy and anonymity technologies
- Public key infrastructures, key management, certification, and revocation
- Special problems and case studies: e.g., tradeoffs between security and efficiency, usability, reliability and cost
- Security for collaborative applications: teleconferencing and video-conferencing
- Security for cloud computing
- Security for emerging technologies: sensor/wireless/mobile/personal networks and systems
- Security for future home networks, Internet of Things, body-area networks
- Security for large-scale systems and critical infrastructures (e.g., electronic voting, smart grid)
- Security for peer-to-peer and overlay network systems
- Security for Vehicular Ad-hoc Networks (VANETs)
- Security of Web-based applications and services
- Trustworthy Computing mechanisms to secure network protocols and distributed systems
- Usable security and privacy

For more information, please see http://www.internetsociety.org/events/ndss-symposium-2014.

IFIP119-DF 2014 10th Annual IFIP WG 11.9 International Conference on Digital Forensics, Vienna University of Technology, Vienna, Austria, January 8-10, 2014. [posted here 05/27/13]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Tenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Network and cloud forensics
- Embedded device forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org.