News, Commentary and Opinion
Robert Bruen's review of Hands-On Ethical Hacking and Network Defense by Simpson, Michael
Robert Bruen's review of Penetration Tester's Open Source Toolkit by Long, Johnny et al.
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Staying in touch....
Conference and Workshop Calendar and Calls for Papers
Journal of Machine Learning Research, Special Issue on Machine Learning for Computer Security,, 2006. (Submission due 15 March 2006)
Guest editors: Philip Chan (Florida Tech) and Richard Lippmann (MIT Lincoln Lab)
As computers have become more ubiquitous and connected, their security has become a major concern. Of interest to this special issue is research that demonstrates how machine learning (or data mining) techniques can be used to improve computer security. This includes efforts directed at improving security of networks, hosts, and individual applications or computer programs. Research can have many goals including, but not limited to, authenticating users, characterizing the system being protected, detecting known or unknown vulnerabilities that could be exploited, using software repositories as training data to find software bugs, preventing attacks, detecting known and novel attacks when they occur, analyzing recently detected attacks, responding to attacks, predicting attacker actions and goals, performing forensic analysis of compromised systems, and analyzing activities seen in honey pots and network "telescopes" or "black holes."
Of special interest are studies that use machine learning techniques, carefully describe their approach, evaluate performance in a realistic environment, and compare performance to existing accepted approaches. Studies that use machine learning techniques or extend current techniques to address difficult security-related problems are of most interest.
It is expected that studies will have to address many classic machine learning issues including feature selection, feature construction, incremental/online learning, noise in the data, skewed data distributions, distributed learning, correlating multiple models, and efficient processing of large amounts of data.
Journal of Computer Security (JCS), Special Issue on Security of Ad Hoc and Sensor Networks, 2006. (Submission due 1 April 2006)
Guest editors: Peng Ning (NC State University) and Wenliang Du (Syracuse University)
Ad hoc and sensor networks are expected to become an integral part of the future computing landscape. However, these networks introduce new security challenges due to their dynamic topology, severe resource constraints, and absence of a trusted infrastructure. This Journal of Computer Security (JCS) special issue seeks submissions from academia and industry presenting novel research on all aspects of security for ad hoc and sensor networks, as well as experimental studies of fielded systems. Topics of interest include, but are not limited to, the following as they relate to mobile ad hoc networks or sensor networks:
International Journal of Networks and Security (IJSN), Special Issue on Cryptography in Networks, December 2006. (Submission due 1 April 2006)
Guest editors: Liqun Chen (Hewlett-Packard Labs, UK), Guang Gong (University of Waterloo, Canada), Atsuko Miyaji (JAIST, Japan), Phi Joong Lee (Pohang Univ. of Science & Technology, Korea), Yi Mu (Univ. of Wollongong, Australia), David Pointcheval (Ecole Normale Sup?ieure, France), Josef Pieprzyk (Macquarie Univ., Australia), Tsuyoshi Takagi (Future Univ. - Hakodate, Japan), Jennifer Seberry (Univ. of Wollongong, Australia), Willy Susilo (Univ. of Wollongong, Australia), and Huaxiong Wang (Macquarie Uni., Australia)
Cryptography plays a key role in network security. Advances of cryptography can make computer networks more secure. Computer technologies have been pushing forward computer networks for high speed and broad bandwidth. Therefore, new cryptographic methods and tools must follow up in order to adapt to these new technologies. Recent attacks on computer networks, especially on IEEE 802.11 and IEEE 802.15, are increasing, since underlying radio communication medium for wireless network provides serious exposure to attacks against wireless networks. Security must be enforced to suit the emerging technologies. This Special Issue aims to provide a platform for security researchers to present their newly developed cryptographic technologies in network security. Areas of interest for this special journal issue include, but are not limited to, the following topics:
International Journal of Information and Computer Security, Special Issue on Security and Privacy Aspects of Data Mining, 2006. (Submission due 5 April 2006)
Guest editors: Stan Matwin (University of Ottawa, Canada), LiWu Chang (Naval Research Laboratory, USA), Rebecca N. Wright (Stevens Institute of Technology, USA), and Justin Zhan (University of Ottawa, Canada)
Rapid growth of information technologies nowadays has brought tremendous opportunities for data sharing and integration, and also demands for privacy protection. Privacy-preserving data mining, a new multi-disciplinary field in information security, broadly refers to the study of how to assure data privacy without compromising the confidentiality and quality of data. Although techniques, such as random perturbation techniques, secure multi-party computation based approaches, cryptographic-based methods, and database inference control have been developed, many of the key problems still remain open in this area. Especially, new privacy and security issues have been identified, and the scope of this problem has been expanded. How does the privacy and security issue affect the design of information mining algorithm? What are the metrics for measuring privacy? What impacts will this research impose on diverse areas of counter-terrorism, distributed computation, and privacy law legislation? This special issue aims to provide an opportunity for presenting recent advances as well as new research directions in all issues related to privacy-preserving data mining. This special issue is inviting original contributions that are not previously published or currently under review by other journals. We welcome both theoretical and empirical research using quantitative or qualitative methods. Areas of interest include but not limited to:
WEIS 2006 5th Workshop on the Economics of Information Security, University of Cambridge, England, June 26-28, 2006. (Submissions due 20 March 2006)
One of the most exciting and rapidly-growing fields at the boundary between technology and the social sciences is the economics of information security. Many security and privacy failures are not purely technical: for example, the person best placed to protect a system may be poorly motivated if the costs of system failure fall on others. Many pressing problems, such as spam, are unlikely to be solved by purely technical means, as they have economic and policy aspects too. Building dependable systems also raises questions such as open versus closed systems, the pricing of vulnerabilities and the frequency of patching. The `economics of bugs' are of growing importance to both vendors and users. Original research papers are sought for the Fifth Workshop on the Economics of Information Security. Topics of interest include the dependability of open source and free software, the interaction of networks with crime and conflict, the economics of digital rights management and trusted computing, liability and insurance, reputation, privacy, risk perception, the economics of trust, the return on security investment, and economic perspectives on spam.
CEAS 2006 3rd Conference on Email and Anti-Spam, Mountain View, CA, USA, July 27-28, 2006. (Submissions due 23 March 2006)
The Conference on Email and Anti-Spam (CEAS) invites short and long paper submissions on research results pertaining to a broad range of issues in email and Internet communication. Submissions may address issues relating to any form of electronic messaging, including traditional email, instant messaging, mobile telephone text messaging, and voice over IP. Issues of interest include the analysis and abatement of abuses (such as spam, phishing, identity theft, and privacy invasion) as well as enhancements to and novel applications of electronic messaging.
SecureComm 2006 2nd IEEE Communications Society/CreateNet International Conference on Security and Privacy for Emerging Areas in Communication Networks, Baltimore/Washington area, USA, Sept 11-15, 2006. (Submissions due 24 March 2006)
The scope of Securecomm 2006 has been broadened since the inaugural 2005 event. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure OS/software, theoretical cryptography, e-commerce) will be considered only if a clear connection to privacy and/or security in communication/networking is demonstrated. Presentations reporting on cutting-edge research results are supplemented by panels on controversial issues and invited talks on timely and important topics. Areas of interest include, but ARE NOT limited to, the following:
WSSS 2006 IEEE Workshop on Web Services Security, Held in conjunction with the 2006 IEEE Symposium on Security and Privacy, Berkeley, California, USA, May 21, 2006. (Submissions due 30 March 2006)
The advance of Web Services technologies promises to have far reaching effects on the Internet and enterprise networks. Web services based on eXtensible Markup Language (XML), Simple Object Access Protocol (SOAP) and related open standards in the area of Service Oriented Architectures (SOA) allow data and applications to interact without human intervention through dynamic and adhoc connections. However, the security challenges presented by the Web Services approach are formidable. Many of the features that make Web Services attractive are at odds with traditional security models and controls. This workshop will explore the challenges in the area of Web Services Security ranging from security issues in XML, SOAP and UDDI to higher level issues such as advanced metadata, general security policies and service assurance. Topics of interest include, but are not limited to the following:
ESORICS 2006 11th European Symposium On Research In Computer Security, Hamburg, Germany, September 18-20, 2006. (Submissions due 31 march 2006)
Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Eleventh European Symposium on Research in Computer Security (ESORICS 2006). Topics include, but are not limited to:
IWSEC 2006 1st International Workshop on Security, Kyoto, Japan, October 23-24, 2006. (Submissions due 14 April 2006)
Information society based on a cyber space is facing now to the diverse threats due to the complexity of its structure in terms of networking, middleware, agents, P2P applications and ubiquitous computing with such diverse as commercial, personal, communal and public usage. What is needed with security research is to look at the issues from the interdisciplinary viewpoints. Papers may present theory, applications or practical experiences on topics including, but not limited to:
MOSIDS 2006 Workshop on Management of Security in Dynamic Systems, Held in conjunction with the International Conference on Emerging Trends in Information and Communication Security (ETRICS06), Freiburg, Germany, June 6-9, 2006. (Submissions due 15 April 2006)
This workshop focuses primarily on modern, outstanding approaches to provide security guarantees in dynamic systems, as well as practical experiences on deploying secure ubiquitous computing applications. Thematically, this workshop focuses on, but is not restricted to:
FCC 2006 Workshop on Formal and Computational Cryptography, Venice, Italy, July 9, 2006. (Submissions due 16 April 2006)
Cryptographic protocols are small distributed programs that add security services, like confidentiality or authentication, to network communication. Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are black boxes.
The workshop focuses on the relation between the symbolic (Dolev-Yao) model and the computational (complexity-theoretic) model. Recent results have shown that in some cases the symbolic analysis is sound with respect to the computational model. A more direct approach which is also investigated considers symbolic proofs in the computational model. Research that proposes formal models sound for quantum security protocols are also relevant. The workshop seeks results in any of these areas.
NSPW 2006 New Security Paradigms Workshop, Schloss Dagstuhl, Germany, Sept 18-21, 2006. (Submissions due 20 April 2006)
NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security. Each year, since 1995, we examine proposals for new principles upon which information security can be rebuilt from the ground up. We conduct extensive, highly interactive discussions of these proposals, from which we hope both the audience and the authors emerge with a better understanding of the strengths and weaknesses of what has been discussed. NSPW aspires to be the philosophical and intellectual breeding ground from which a revolution in the science of information security will emerge. We solicit and accept papers on any topic in information security subject to the following caveats:
DFRWS 2006 6th Annual Digital Forensic Research Workshop, Lafayette, Indiana, USA, August 14-16, 2006. (Submissions due 21 April 2006)
The purpose of this workshop is to bring together researchers, practitioners, and educators interested in digital forensics. We welcome the participation of people in industry, government, law enforcement, and academia who are interested in advancing the state of the art in digital forensics by sharing their results, knowledge, and experiences. The accepted papers will be published in printed proceedings. We are looking for research papers, demo proposals, and panel proposals. Major areas of interest include, but are not limited to, the following topics:
SBSEG 2006 6th Brazilian Symposium on Information and Computer Systems Security, Santos, Brazil, August 28 - September 01, 2006. (Submissions due 24 April 2006)
The 6th Brazilian Symposium on Information and Computer System Security is an annual event promoted by the Brazilian Computer Society (SBC). Its main goal is to provide a forum for presenting new research ideas and other relevant activities in the area of information systems security. Topics of interest for SBSeg 2006 include but are not limited to the following:
LSAD 2006 ACM SIGCOMM workshop on Large Scale Attack Defense, Held in conjunction with ACM SIGCOMM 2006, Pisa, Italy, September 11, 2006. (Submissions due 30 April 2006)
In recent years, we have seen an increasing number of large-scale attacks, such as severe worms and DDoS attacks, threatening our systems and networks. Especially, fast spreading attacks present a serious challenge to today's attack defense systems. Speed, frequency, and damage potential of these attacks call for automated response systems. Research in automated defense systems for Internet-wide attacks is focused on large-scale monitoring infrastructures, such as network telescopes and honeynets; intrusion detection approaches, such as memory tainting, network anomaly detection, automated defense strategies, such as signature generation distribution; and identification and analysis of future threats, such as obfuscation methods and novel spreading techniques. The goal of this one day workshop is to explore new directions in monitoring, analysis, and automated defense systems for existing and future large-scale attacks. We invite experts from academia and industry, to discuss and exchange ideas in a broad range of topics. We are soliciting original papers on topics (including, but not limited to) listed below.
CCS 2006 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, October 30 November 3, 2006. (Submissions due 3 May 2006)
The conference seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make convincing argument for the practical significance of the results. Theory must be justified by compelling examples illustrating its application. The primary criterion for appropriateness for CCS is demonstrated practical relevance. CCS may therefore reject perfectly good papers that are appropriate for theory-oriented conferences. Topics of interest include:
ICISS 2006 2nd International Conference on Information Systems Security, Kolkata, India, December 17-21, 2006. (Submissions due 8 May 2006)
ICISS conference presents a forum for disseminating the latest research results in Information Systems Security and related areas. Topics of interest include but are not limited to:
NIST-CHW 2006 2nd Cryptographic Hash Workshop, Santa Barbara, California, USA, August 24-25, 2006. (Submissions due 12 May 2006)
In response to the SHA-1 vulnerability that was announced in Feb. 2005, NIST held a Cryptographic Hash Workshop on Oct. 31-Nov. 1, 2005 to solicit public input on its cryptographic hash function policy and standards. NIST continues to recommend a transition from SHA-1 to the larger approved hash functions (SHA-224, SHA-256, SHA-384, and SHA-512). In response to the workshop, NIST has also decided that it would be prudent in the long-term to develop an additional hash function through a public competition, similar to the development process for the block cipher in the Advanced Encryption Standard (AES). Before initiating the competition, NIST plans to host several more public workshops that will focus on hash function research. The next workshop will be held on August 24-25, 2006, in conjunction with Crypto 2006, with the following goals:
Topics for submissions should include, but are not limited to, the following:
Analysis and Design
Practical Uses and Pitfalls
RFIDSec 2006 Workshop on RFID Security, Graz, Austria, July 12-14, 2006. (Submissions due 22 May 2006)
The Workshop on RFID Security 2006 focuses on approaches to solve security issues in advanced contactless technologies like RFID systems. It stresses implementation aspects imposed by resource constraints. Topics of the workshop include but are not limited to:
ESAS 2006 3rd European Workshop on Security and Privacy in Ad hoc and Sensor Networks, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2006), Hamburg, Germany, September 20-21, 2006. (Submissions due 29 May 2006)
The vision of ubiquitous computing has generated a lot of interest in wireless ad hoc and sensor networks. However, besides their potential advantages, these new generations of networks also raise some challenging problems with respect to security and privacy. The aim of this workshop is to bring together the network security, cryptography, and wireless networking communities in order to discuss these problems and to propose new solutions. The third ESAS workshop seeks submissions that present original research on all aspects of security and privacy in wireless ad hoc and sensor networks. Submission of papers based on work-in-progress is encouraged. Topics of interest include, but are not limited to the following:
NordSec 2006 11th Nordic Workshop on Secure IT-systems, Linköping, Sweden, October 19-20, 2006. (Submissions due 10 June 2006)
The NordSec workshops started in 1996 with the aim of bringing together researchers and practitioners within computer security in the Nordic countries. The theme of the workshop has been applied security, i.e. all kinds of security issues that could encourage interchange and cooperation between the research community and the industrial/consumer community. Possible topics include, but are not limited to the following:
CANS 2006 5th International Conference on Cryptology and Network Security, Suzhou, China, December 8-10, 2006. (Submissions due 20 June 2006)
The main goal of this conference is to promote research on all aspects of network security and cryptology. It is also the goal to build a bridge between research on cryptography and network security. So, we welcome scientific and academic papers that focus on this multidisciplinary area. Areas of interest for CANS '06 include, but are not limited to, the following topics:
WESII 2006 The Workshop on the Economics of Securing the Information Infrastructure, Arlington, VA, USA, October 23-24, 2006. (Submissions due 6 August 2006)
Our information infrastructure suffers from decades-old vulnerabilities, from the low-level algorithms that select communications routes to the application-level services on which we are becoming increasingly dependent. Are we investing enough to protect our infrastructure? How can we best overcome the inevitable bootstrapping problems that impede efforts to add security to this infrastructure? Who stands to benefit and who stands to lose as security features are integrated into these basic services? How can technology investment decisions best be presented to policymakers? We invite infrastructure providers, developers, social scientists, computer scientists, legal scholars, security engineers, and especially policymakers to help address these and other related questions. Suggested topics (not intended to be comprehensive):
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TC||TC publications available online|
|TC Publications for sale||Cipher past issues archive|