Commentary and Opinion
Robert Bruen's review of File System Forensic Analysis by Brian Carrier
Robert Bruen's review of Software Security. Building Security In by Gary McGraw
Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Conference and Workshop Announcements
International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 March 2006)
Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)
Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:
Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security,, 2006. (Submission due 15 March 2006)
Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)
As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."
Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.
It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.
ACNS 2006 4th International Conference on Applied Cryptography and Network Security , Singapore, June 6-9, 2006. (Submissions due 15 January 2006)
Original papers on all technical aspects of cryptology and network security are solicited for submission to ACNS'06, the 4th annual conference on Applied Cryptography and Network Security. There are two tracks for ACNS: an academic track and an industrial track. The latter has an emphasis on practical applications. The PC will consider moving submissions between tracks if the PC feels that a submission is more appropriate for that track (with author permission). Topics of relevance include but are not limited to:
IHW 2006 8th Information Hiding Workshop, Alexandria, VA, USA, July 10-12, 2006. (Submissions due 15 January 2006)
For many years Information Hiding has captured the imagination of researchers. Tools such as digital watermarking and steganography are used to protect information, conceal secrets, and protecting intellectual property. From an investigators perspective, information hiding provides an interesting challenge for digital forensic investigations and steganalysis techniques allows hidden information to be discovered. These are but a small number of related topics and issues. Current research themes include:
USENIX 2006 USENIX Annual Technical Conference, Boston, MA, USA, May 30-June 3, 2006. (Submissions due 17 January 2006)
The 2005 USENIX Annual Technical Conference General Session Program Committee seeks original and innovative papers that further the knowledge and understanding of modern computing systems, with an emphasis on practical implementations and experimental results. We encourage papers that break new ground or present insightful results based on experience with computer systems. The USENIX conference has a broad scope, and we encourage papers in a wide range of topics in systems, including:
TSPUC 2006 2nd International Workshop on Trust, Security and Privacy for Ubiquitous Computing , Buffalo, NY, USA, June 26, 2006. (Submissions due 17 January 2006)
This workshop aims at focussing the attention of the research community on the increasing complexity and relevance of trust, privacy and security issues in ubiquitous computing. Papers may present theory, applications or practical experiences on topics including, but not limited to:
DeSeGov 2006 Workshop on Dependability and Security in e-Government, Held in conjunction with the 1st International Conference on Availability, Reliability and Security (ARES 2006), Vienna, Austria, April 20-22, 2006. (Submissions due 20 January 2006)
The aim of this workshop is to foster a forum for discussing and presenting recent research results on dependability and security in e-Government applications. Scientific rigor and discussions of state of the art of dependability and security in e-Government are strongly encouraged. Besides, innovative research work in progress and studies of dependability aspects of practical e-Government projects and systems implementation are also welcome. Topics of interest include, although not limited to, the following:
CSFW 2006 19th IEEE Computer Security Foundations Workshop, Venice, Italy, July 5-7, 2006. (Submissions due 30 January 2006)
For nearly two decades, CSFW has brought together a small group of researchers to examine foundational issues in information security. Many seminal papers and techniques were first presented at CSFW. We are interested in new theoretical results in computer security, but also in more exploratory presentations. Exploratory work may examine open questions and raise fundamental concerns about existing theories. Panel proposals are welcome as well as papers. Possible topics include, but are not limited to:
CEC 2006 IEEE CEC 2006 Special Session on Evolutionary Computation in Cryptology and Computer Security, Vancouver, BC, Canada, July 16-21, 2006. (Submissions due 31 January 2006)
Techniques taken from the field of Evolutionary Computation (especially Genetic Algorithms, Genetic Programming, Artificial Immune Systems, but also others) are steadily gaining ground in the area of cryptology and computer security. The special session encourages the submission of novel research at all levels of abstraction (from the design of cryptographic primitives through to the analysis of security aspects of "systems of systems").
EUROPKI 2006 3rd European PKI workshop: theory and practice, Turin, Italy, June 19-20, 2006. (Submissions due 31 January 2006)
The 3rd European PKI workshop: theory and practice is focusing on research and applications on all aspects of public-key certificates and Public Key Infrastructures. Submitted papers may present theory, applications or practical experiences on topics including, but not limited to:
USENIX Security 2006 15th USENIX Security Symposium, Vancouver, B.C., Canada, July 31-August 4, 2006. (Submissions due 1 February 2006)
The USENIX Security Symposium brings together researchers, practitioners,
system administrators, system programmers, and others interested in the
latest advances in the security of computer systems and networks.
All researchers are encouraged to submit papers covering novel and scientifically significant practical works in security or applied cryptography. The Symposium will span five days: a training program will be followed by a two and one-half day technical program, which will include refereed papers, invited talks, Work-in-Progress reports, panel discussions, and Birds-of-a-Feather sessions. New in 2006, a workshop, titled Hot Topics in Security (HotSec '06), will be held in conjunction with the main conference. More details will be announced soon on the USENIX Web site.
ACISP 2006 11th Australasian Conference on Information Security and Privacy, Melbourne, Australia, July 3 - 5, 2006. (Submissions due 13 February 2006)
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 11th Australasian Conference on Information Security and Privacy (ACISP 2006). Papers may present theory, techniques, applications and practical experiences on a variety of topics. Topics of interest include, but are not limited to:
TrustBus 2006 3rd International Conference on Trust, Privacy and Security of Digital Business, Held in conjunction with the 17th International Conference on Database and Expert Systems Applications (DEXA 2006), Krakow, Poland, September 4-8, 2006. (Submissions due 22 February 2006)
TrustBus06 will bring together researchers from different disciplines, developers, and users all interested in the critical success factors of digital business systems. We are interested in papers, work-in-progress reports, and industrial experiences describing advances in all areas of digital business applications related to trust and privacy, including, but not limited to:
SecUbiq 2006 2nd International Workshop on Security in Ubiquitous Computing Systems, Seoul, Korea, August 1-4, 2006. (Submissions due 22 February 2006)
Ubiquitous computing technology provides an environment where users expect to access resources and services anytime and anywhere. The serious security risks and problems arise because resources can now be accessed by almost anyone with a mobile device in such an open model. The security threats exploited the weakness of protocols as well as operating systems, and also extended to attack ubiquitous applications. The security issues, such as authentication, access control, trust management, privacy and anonymity, etc., should be fully addressed. This workshop provides a forum for academic and industry professionals to discuss recent progress in the area of ubiquitous computing system security, and includes studies on analyses, models and systems, new directions, and novel applications of established mechanisms approaching the risks and concerns associated with the utilization and acceptance of ubiquitous computing devices and systems. Topics: Topics of interest include, but are not limited to:
ISC 2006 9th Information Security Conference, Pythagoras, Greece, August 30 - September 2, 2006. (Submissions due 1 March 2006)
ISC is an annual international conference covering research in and applications of Information Security. ISC aims to attract high quality papers in all technical aspects of information security. Topics of interest include, but are not limited to, the following:
DBSEC 2006 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sophia Antipolis, France, July 31-August 2, 2006. (Submissions due 1 March 2006)
The conference provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are solicited. The conference is limited to about forty participants so that ample time for discussion and interaction may occur. Proceedings will be published by Springer as the next volume in the Research Advances in Database and Information Systems Security series. Papers may present theory, techniques, applications, or practical experience on topics of interest of IFIP WG11.3:
PET 2006 6th Workshop on Privacy Enhancing Technologies, Robinson College, Cambridge, United Kingdom, June 28 - June 30, 2006. (Submissions due 3 March 2006)
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure. This 6th workshop addresses the design and realization of such privacy services for the Internet and other communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives. Suggested topics include but are not restricted to:
PLAS 2006 ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Ottawa, Canada, June 10, 2006. (Submissions due 3 March 2006)
The goal of PLAS 2006 is to provide a forum for researchers and practitioners to exchange and understand ideas and to seed new collaboration on the use of programming language and program analysis techniques that improve the security of software systems. The scope of PLAS includes, but is not limited to:
WEIS 2006 5th Workshop on the Economics of Information Security, University of Cambridge, England, June 26-28, 2006. (Submissions due 20 March 2006)
One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users. Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.
CEAS 2006 3rd Conference on Email and Anti-Spam, Mountain View, CA, USA, July 27-28, 2006. (Submissions due 23 March 2006)
The Conference on Email and Anti-Spam (CEAS) invites short and long paper submissions on research results pertaining to a broad range of issues in email and Internet communication. Submissions may address issues relating to any form of electronic messaging, including traditional email, instant messaging, mobile telephone text messaging, and voice over IP. Issues of interest include the analysis and abatement of abuses (such as spam, phishing, identity theft, and privacy invasion) as well as enhancements to and novel applications of electronic messaging.
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TC||TC publications available online|
|TC Publications for sale||Cipher past issues archive|