_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/
_/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/
============================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 82 January 21, 2008
Hilarie Orman, Editor Sven Dietrich, Assoc. Editor
cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org
Yong Guan
Book Review Editor Calendar Editor
cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org
============================================================================
The newsletter is also at http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year
Contents:
* Letter from the Editor
* Commentary and Opinion
o Richard Austin's review of "Virtual Honeypots: From Botnet Tracking
to Intrusion Detection"
by Niels Provos and Thorsten Holz
o NIST announces publication of AES mode Galois Counter Mode (GCM)
o NIST seeks comments on RSA prime generation
o Obituary notice: Bob Baldwin
o Book reviews, Conference Reports and Commentary and News items
from past Cipher issues are available at the Cipher website
* List of Computer Security Academic Positions, by Cynthia Irvine
* Conference and Workshop Announcements
o Upcoming calls-for-papers and events
* Links for the IEEE Computer Society TC on Security and Privacy
o Becoming a member of the TC
o TC Officers
o TC publications for sale
====================================================================
Letter from the Editor
====================================================================
Dear Readers:
This month we have a book review about honeypots by Richard Austin,
announcements from NIST, and many workshop and conference
announcements.
The Security and Privacy Symposium in May of this year will feature
two workshops: the second year of Web 2.0 Security and Privacy, and a
newcomer to the symposium, Systematic Approaches to Digital Forensic
Engineering. Workshops are a popular approach to widening the scope
of the symposium, and more are possible if we have enough organizers
to help with planning.
I was reflecting on the subjective nature of reviews of submitted
papers to conferences, and I wonder if it is possible to evaluate
reviewers in some way that is useful across conferences. Authors
might be helped by knowing what confidence is placed in the reviewers.
Are they experienced and generally helpful, or are they inexperienced
and overly critical? My guess is that this knowledge would help
authors make sense of the reviewing process, and it should lead to
better reviews.
An innovation that the SP Symposium used for a couple of years has
turned out to have flaws. Authors were invited to submit short papers
to the conference, and this helped in getting interesting but not
fully developed research directions presented to the audience.
However, the process caused confusion and sometimes resentment with
authors because they were not sure how much prestige would go along
with a short paper, and they were further concerned about the ability
to publish follow-on work. Surely there is some logical way to deal
with the concerns and allow short papers into top-rate venues? Let
your technical committee members and program chairs know if you have
any ideas on this.
Remember firewalls may not be as high as they appear,
Hilarie Orman
cipher-editor @ ieee-security.org
====================================================================
Commentary and Opinion
====================================================================
Book reviews from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports
are archived at http://www.ieee-security.org/Cipher/ConfReports.html
____________________________________________________________________
Book Review By Richard Austin
January 11, 2008
Virtual Honeypots: From Botnet Tracking to Intrusion Detection
by Niels Provos and Thorsten Holz
Addison-Wesley 2008.
ISBN 978-0-321-33632-3. Amazon.com $31.49 Bookpool.com $31.50
____________________________________________________________________
Softly, softly, catchee monkey .. with a honeypot
While the exact origin of that phrase is a bit nebulous as a Google
search will show, the idea of quietly and patiently pursuing a goal is
no stranger to the security profession and one of the techniques that
has demonstrated great success in searching out security exploits in
the wild has been the Honeynet Project (www.honeynet.org).
There have been several previous books on the subject of honeypots
ranging from Lance Spitzer's "Honeypots: Tracking Hackers," to Roger
Grimes' "Honeypots for Windows" to the second edition of "Know your
Enemy", so one might question why we're in need of another one. A
honeypot is a stalking horse or sacrificial victim whose sole purpose
is to be compromised by an attacker to allow the honeypot owner to
study the methods, tools and techniques used in the compromise. This
book is about virtual honeypots and includes both the idea of
running a full-function (or high-interaction) honeypot on a virtual
server and also the idea of so called "low interaction" honeypots
which just implement the vulnerable portions of specific services.
While the advantages of using virtual servers to host a honeypot are
pretty obvious (we can host many honeypots on a single physical server
and can easily restore the state of a compromised honeypot by
replacing its virtual disks), the use of "virtual pieces" of systems
(low interaction honeypots) is shown to be a valuable technique for
increasing the possible scale of a honeypot deployment.
I would recommend reading the book's chapters out of order - begin
with the first chapter which introduces honeypot technology,
introduces the ideas of high and low interaction honeypots with some
review of required networking background and then skip to chapters 10
("Case Studies") and 11 (" Tracking Botnets") for some real world case
studies in how honeypots are actually used in practice. Chapter 10
provides a detailed walkthrough of how real honeypots were compromised
and how the compromise was captured and studied. Chapter 11 provides
a similar exercise for botnets. This grounding in how honeypots are
used will help prevent the reader from becoming lost in the details of
the other chapters.
The second chapter is devoted to high-interaction honeypots and
covers their use on several common virtualization platforms (VMware,
Microsoft Virtual Server and PC, User Mode Linux, etc. There's good
advice here on the thorny subject of safeguarding your honeypots from
becoming a danger after they achieve their intended purpose of being
compromised.
Chapter 3 introduces low interaction honeypots which do not provide a
full installation of an operating system or application but rather
only emulate vulnerable versions of specific services. It is noted
that they are most useful in detecting exploit attempts using known
vulnerabilities and serve as a sort of burglar alarm to let you know
how often particular types of attacks are occurring.
Chapters 4 and 5 continue the presentation of low-interaction
honeypots by discussing honeyd in detail. Honeyd is an Open Source
solution that allows emulation of huge numbers of vulnerable targets.
This scale allows an organization to efficiently instrument
significant portions of their network address space.
Chapter 6 ("Collecting Malware with Honeypots") covers the important
topic of capturing viruses and worms using "Nepenthes," "Honeytrap,"
etc. Nepenthes is a low-interaction honeypot that emulates a
vulnerable network service to provide an attractive target for
malware. Since it is not a full implementation of the service, it
can't really be exploited and thus provides a safe way to capture
malware. Nepenthes' vulnerability modules implement "just enough" of
the vulnerable service to "fool" the malware into thinking it has
found a target. Nepenthes "executes" the malware payload to carry out
the download of attacker tools, etc, and then halts the execution.
The other tools offer somewhat different capabilities but the
overriding advantage of all the tools is their immense scalability.
Since they are quite lightweight compared to say a full Windows or
Linux installation, a single physical server can host many hundreds of
apparently vulnerable targets.
Of course, one of the weaknesses of the low-interaction honeypots is
that they only emulate portions of vulnerable services and are really
most effective with known vulnerabilities. Chapter 7 introduces
"Hybrid Systems" that combine low and high interaction honeypots to
extend their capabilities. For example, when a low-interaction
honeypot detects an exploit attempt that it cannot emulate, it might
transparently hand that attempt off to a high-interaction honeypot
which could capture the full process. This would allow significant
coverage of the network address space with few resources while still
allowing capture of new exploits as they are found. Unfortunately,
these hybrid systems are not Open Source but do offer interesting
insights on the future of honeypot technology.
Chapter 8 addresses the "other" side of exploitation - client side
exploits - by examining client-side honeypots. While a server-side
honeypot can sit and patiently wait for an attacker to come "knocking
at its door," a client-side honeypot must go looking for malicious
content.
Chapter 9 covers the ways attackers can detect honeypots. Obviously,
an attacker is typically wasting their time when interacting with a
honeypot and, worse from their point of view, may reveal a new
exploitation technique. With an active underground economy in
selling/trading new exploits, this creates economic incentive for
attackers to be able to detect a honeypot. Detection can be
relatively simple such as noting that all the IP addresses for virtual
honeypots have the same MAC address or the fact that a given
low-interaction honeypot is hosting what looks like Linux and Windows
at the same network address to more complex techniques that detect the
virtualization layer itself.
At this point, a review of the case studies in chapters 10 and 11 will
reinforce the presentation and provide insights on how honeypots are
actually used in practice.
The final chapter covers malware analysis using an automated tool
called "CWSandbox." As we have come to know too well, malware authors
are making significant strides in improving their productivity in
producing malware which has challenged the ability of the "good guys
and gals" to reverse engineer it. CWSandbox is a tool that provides a
safe execution environment for malware (a sandbox) and provides
automated analysis of its activities. Once can even submit a malware
sample online at www.cwsandbox.org and receive the automated analysis.
In summary, this is an excellent overview of honeypots, how they are
used in practice, and most significantly, how virtualization can be
used to scale them to cover large portions of the network address
space with fewer physical resources. While honeypots are not a
technology every organization will employ, they are a valuable tool
for the security professional to keep in mind.
And as a bit of humor, a comic from xkcd pictures what may happen when
one spends far too much time looking at malware -- http://xkcd.com/350/
-----------
Before retiring, Richard Austin was the storage network security
architect at a Fortune 25 company and currently earns his bread and
cheese as an itinerant university instructor and security consultant.
He welcomes your thoughts and comments at rda7838 at Kennesaw dot edu
____________________________________________________________________
Announcements
____________________________________________________________________
Date: Tue, 27 Nov 2007 16:22:51 -0500
From: Morris Dworkin, NIST
FYI, yesterday NIST announced the approval of Special Publication
800-38D, which specifies Galois/Counter Mode (GCM), an AES mode of
operation for authenticated encryption with associated data. GCM was
submitted to NIST by David McGrew and John Viega. The announcement
appears on the NIST website, at http://csrc.nist.gov/ , and the URL for
the document is http://csrc.nist.gov/publications/PubsSPs.html#800-38D .
-------------------------------------------------------------------
Date: Wed, 02 Jan 2008 09:55:01 -0500
From: Elaine Barker, NIST
NIST requests comments on revised text for FIPS 186-3 related to the
generation of RSA key pairs. The text is available at
"http://csrc.nist.gov/publications/drafts/fips_186-3/fips186-3_Strong-Prime-Sections_Dec2007.pdf"
Please provide comments by February 1, 2008 to ebarker@nist.gov.
Elaine Barker
National Institute of Standards and Technology
100 Bureau Drive, Stop 8930
Gaithersburg, MD 20899-8930
301-975-2911
-------------------------
January 12, 2008
From Gene Spafford
I learned this week that the information security world lostanother of
our lights in 2007: Bob Baldwin. This may have been more generally
known, but a few people I contacted were also surprised and saddened
by the news.
His contributions to the field were wide-ranging. In addition to his
published research results he also built tools that a generation of
students and researchers found to be of great value. These included
the Kuang tool for vulnerability analysis, which we included in the
first edition of COPS, and the Crypt-Breaker's Workbench (CBW), which
is still in use.
See http://snipurl.com/rwbaldwin for a photo and more information.
====================================================================
Listing of academic positions available
by Cynthia Irvine
====================================================================
(Posted January 2008)
Stevens Institute of Technology
Hoboken, New Jersey
Faculty Positions Available
Open until position is filled
http://www.cs.stevens.edu/Search/hiring.shtml
(Posted January 2008)
DePaul University
School of Computer Science, Telecommunications and Information Systems
Chicago, IL
Assistant or Associate Professor in Information Assurance
Application review will begin in January 2008 and will continue until
the position is filled.
http://www.cti.depaul.edu/news/jobs.asp
----------------------
New postings are copied from http://cisr.nps.edu/jobscipher.html
--------------
This job listing is maintained as a service to the academic
community. If you have an academic position in computer security and
would like to have in it included on this page, send the following
information:
Institution,
City, State,
Position title,
date position announcement closes, and
URL of position description
to: irvine@cs.nps.navy.mil
====================================================================
Conference and Workshop Announcements
====================================================================
====================================================================
Upcoming Calls-For-Papers and Events
====================================================================
The complete Cipher Calls-for-Papers is located at
http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html
The Cipher event Calendar is at
http://www.ieee-security.org/Calendar/cipher-hypercalendar.html
____________________________________________________________________
Cipher Event Calendar
____________________________________________________________________
Calendar of Security and Privacy Related Events
maintained by Hilarie Orman
Date (Month/Day/Year), Event, Locations, web page for more info.
1/20/08: Workshop in Information Security Theory and Practices (WIST)
Sevilla, Spain; http://wistp2008.xlim.fr/; Submissions are due;
info: damien.sauveron@xlim.fr
1/24/08: Service, Security and its Data management technologies in
Ubi-comp (SSDU) Kunming, China; http://grid.hust.edu.cn/gpc2008/
Submissions are due;
1/28/08- 1/31/08: Financial Cryptography and Data Security (FC),
Cozumel, Mexico; http://fc08.ifca.ai
1/30/08: USENIX Security Symposium (USENIXSec) San Jose, CA;
http://www.usenix.org/sec08/cfpa/; Submissions are due;
info: sec08chair@usenix.org
2/ 1/08: Applications of Pairing-Based Cryptography: IBE and Beyond
(NIST-IBE) Gaithersburg, MD;
http://csrc.nist.gov/groups/ST/IBE/index.html
Submissions are due; info: ibe@nist.gov
2/ 1/08: SADFE, Oakland, CA; info: yasinac@cs.fsu.edu; Submissions are due;
http://conf.ncku.edu.tw/sadfe/sadfe08/
2/ 4/08: Detection of Intrusions and Malware and Vulnerability
Assessment (DIMVA) Paris, France;
http://www.dimva.org/dimva2008/; Submissions are due;
2/10/08- 2/13/08: Network and Distributed System Security Symposium
(NDSS), San Diego, California; http://www.isoc.org/tools/conferences/NDSS08
2/11/08: Australasian Conference on Information Security and Privacy
(ACISP) Wollongong, Australia; http://www.uow.edu.au/conferences
Submissions are due;
2/15/08: Symposium on Information Assurance (IASymp) Albany, NY;
http://www.albany.edu/iasymposium; Submissions are due;
2/21/08: Workshop on Security and High Performance Computing Systems
(SHPCS) Nicosia, Cyprus; http://www.diiga.univpm.it/~spalazzi/nicosia/
proceedings to attendees only (AO); Submissions are due;
info: guha@eecs.ucf.edu
2/29/08: Symposium On Usable Privacy and Security (SOUPS) Carnegie
Mellon University, Pittsburgh, PA; http://cups.cs.cmu.edu/SOUPS/
Submissions are due;
3/ 1/08: Workshop on the Economics of Information Security (WEIS)
Hanover, New Hampshire; http://weis2008.econinfosec.org
proceedings to attendees only (AO); Submissions are due;
3/ 1/08: Workshop on Web 2.0 Security and Privacy (W2SP), Oakland, CA;
Submissions are due;
http://www.ieee-security.org/TC/SP2008/oakland08.html
3/ 4/08- 3/ 6/08: Symposium on Identity and Trust on the Internet (IDtrust),
Gaithersburg, MD; http://middleware.internet2.edu/idtrust/2008/
3/ 4/08- 3/ 7/08: Advances in Policy Enforcement (APE), Barcelona, Catalonia;
info: anjomshoaa@ifs.tuwien.ac.at; http://www.telematik.uni-freiburg.de/ape
3/ 4/08- 3/ 7/08: Privacy and Security by means of Artificial
Intelligence (PSAI), Barcelona, Catalonia, Spain;
http://crises-deim.urv.cat/psai/
3/ 4/08- 3/ 7/08: Secure Software Engineering (SecSE), Barcelona,
Catalonia; http://www.ares-conference.eu/conf/
info: SecSE08 "replace with at-character" gmail.comhttp://www.ares-conference.eu/conf/
3/16/08- 3/20/08: Symposium on Applied Computing, Track on Trust,
Recommendations, Evidence and other Collaboration Know-how
(SAC-TRECK), Ceara, Brazil; http://www.acm.org/conferences/sac/sac2008/
info: Jean-Marc.Seigneur@trustcomp.org
3/17/08: Digital Forensic Research Workshop (DFRWS) Baltimore, MD;
http://www.dfrws.org/2008/ Submissions are due;
3/18/08- 3/20/08: Symposium on Information, Computer and
Communications Security (ASIACCS), Tokyo, Japan;
http://www.rcis.aist.go.jp/asiaccs08/
3/31/08- 4/ 2/08: Wireless Network Security (WiSec), Alexandria, VA;
http://discovery.csc.ncsu.edu/WiSec08/
3/31/08: European Symposium on Research in Computer Security
(ESORICS) Malaga, Spain; http://www.isac.uma.es/esorics08
Submissions are due
4/ 4/08: Recent Advances in Intrusion Detection (RAID) Cambridge, MA;
http://www.ll.mit.edu/IST/RAID2008/ Submissions are due;
info: rkc@ll.mit.edu;
4/ 7/08- 4/11/08: Asynchronous Circuits and Systems (ASYNC),
Newcastle upon Tyne, UK; http://async.org.uk/async2008/
4/11/08: New Security Paradigms Workshop (NSPW), Squaw Valley, CA;
http://www.nspw.org; Submissions are due;
4/14/08: Usability, Psychology, and Security (UPSEC), San Francisco, CA;
info: upsec08chairs@usenix.org; http://www.usenix.org/upsec08/cfp
4/14/08: Conference on Embedded Networked Sensor Systems (SenSys)
Raleigh, NC; http://sensys.acm.org/2008/
Submissions are due
4/18/08: Workshop on Security (IWSEC) Kagawa, Japan;
http://www.iwsec.org Submissions are due;
4/25/08: International Conference on Network Protocols (ICNP)
Orlando, Florida; http://www.cs.purdue.edu/homes/fahmy/icnp2008/
Submissions are due; proceedings to attendees only (A);
info: icnp2008@cs.purdue.edu;
5/13/08- 5/16/08: Workshop in Information Security Theory and
Practices (WIST), Sevilla, Spain; info: damien.sauveron@xlim.fr;
http://wistp2008.xlim.fr/
5/18/08- 5/21/08: Symposium on Security and Privacy (IEEE S&P),
Berkeley/Oakland, CA;
http://www.ieee-security.org/TC/SP2008/oakland08-cfp.html
info: oakland08-generalchair @ ieee-security.org
5/22/08: Systematic Approaches to Digital Forensic Engineering (SADFE),
Oakland, CA; info: yasinac@cs.fsu.edu
http://conf.ncku.edu.tw/sadfe/sadfe08/
5/22/08: Workshop on Web 2.0 Security and Privacy (W2SP) (W2SP), Oakland, CA;
http://www.ieee-security.org/TC/SP2008/oakland08.html
5/25/08- 5/28/08: Service, Security and its Data management
technologies in Ubi-comp (SSDU), Kunming, China;
http://grid.hust.edu.cn/gpc2008/
6/ 3/08- 6/ 6/08: Applied Cryptography and Network Security (ACNS),
Columbia University, New York City, NY;
http://acns2008.cs.columbia.edu/
6/ 3/08- 6/ 6/08: Workshop on Security and High Performance Computing
Systems (SHPCS), Nicosia, Cyprus; proceedings to attendees only (AO);
info: guha@eecs.ucf.edu; http://www.diiga.univpm.it/~spalazzi/nicosia/
6/ 3/08- 6/ 4/08: Applications of Pairing-Based Cryptography: IBE and
Beyond (NIST-IBE), Gaithersburg, MD; info:ibe@nist.gov;
http://csrc.nist.gov/groups/ST/IBE/index.html
6/ 4/08- 6/ 5/08: Symposium on Information Assurance (IASymp),
Albany, NY; http://www.albany.edu/iasymposium
proceeding to attendees only; http://www.albany.edu/iasymposium
6/20/08: Workshop on Wireless Security and Privacy (WISP), Beijing, China;
info: zjiang@wcupa.edu;
http://www.ieee.org/portal/pages/pubs/transactions/stylesheets.html
6/22/08- 6/27/08: USENIX Annual Technical Conference (USENIX), Boston MA;
info: conference@usenix.org; http://www.usenix.org/events/usenix08/
6/23/08- 6/25/08: Computer Security Foundations Symposium (CSF),
Pittsburgh, PA; http://www.cylab.cmu.edu/CSF2008/
6/25/08- 6/27/08: Workshop on the Economics of Information Security
(WEIS), Hanover, New Hampshire; http://weis2008.econinfosec.org;
proceedings to attendees only; http://weis2008.econinfosec.org
7/ 8/08- 7/18/08: Human Aspects of Information Security & Assurance
(HAISA), Plymouth, UK; info: info@haisa.org;
http://www.haisa.org
7/10/08- 7/11/08: Detection of Intrusions and Malware and
Vulnerability Assessment (DIMVA), Paris, France;
http://www.dimva.org/dimva2008/
7/14/08- 7/16/08: Australasian Conference on Information Security and
Privacy (ACISP), Wollongong, Australia; http://www.uow.edu.au/conferences
7/23/08- 7/25/08: Symposium On Usable Privacy and Security (SOUPS),
Carnegie Mellon University, Pittsburgh, PA; http://cups.cs.cmu.edu/SOUPS/
7/28/08- 8/ 1/08: USENIX Security Symposium (USENIXSec), San Jose, CA;
info: sec08chair@usenix.org; http://www.usenix.org/sec08/cfpa/
8/11/08- 8/13/08: Digital Forensic Research Workshop (DFRWS),
Baltimore, MD; http://www.dfrws.org/2008/
9/ 8/08- 9/10/08: Information Security Conference (SEC), Milan, Italy;
http://sec2008.dti.unimi.it
9/15/08- 9/17/08: Recent Advances in Intrusion Detection (RAID),
Cambridge, MA; info: rkc@ll.mit.edu;
http://www.ll.mit.edu/IST/RAID2008/
9/22/08- 9/25/08: New Security Paradigms Workshop (NSPW), Squaw
Valley, CA; http://www.nspw.org
10/ 6/08-10/ 8/08: European Symposium on Research in Computer Security
(ESORICS), Malaga, Spain; http://www.isac.uma.es/esorics08
10/19/08-10/22/08: International Conference on Network Protocols (ICNP),
Orlando, Florida; proceedings to attendees only (AO);
info: icnp2008@cs.purdue.edu; http://www.cs.purdue.edu/homes/fahmy/icnp2008/
10/31/08: NIST SHA3 Hash Functio Competition (NIST-SHA3);
info: bstein@nist.gov; Submissions are due;
http://www.nist.gov/hash-competition
11/ 5/08-11/ 7/08: Conference on Embedded Networked Sensor Systems
(SenSys), Raleigh, NC; http://sensys.acm.org/2008/
11/25/08-11/27/08: Workshop on Security (IWSEC), Kagawa, Japan;
http://www.iwsec.org
____________________________________________________________________
Journal, Conference and Workshop Calls-for-Papers
(new since 81)
____________________________________________________________________
-------------------------------------------------------------------------
ACNS 2008 6th International Conference on Applied Cryptography and
Network Security, New York, New York, USA, June 3-6, 2008.
http://acns2008.cs.columbia.edu/
(Submissions due 14 January 2008)
ACNS is an annual conference concentrating on current developments that
advance the areas of applied cryptography and its application to systems
and network security. Original papers on all aspects of applied cryptography
and network security are solicited for submission to ACNS'08. Topics of
relevance include but are not limited to:
- Applied cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key
and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security,
routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile
(ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital
rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
-------------------------------------------------------------------------
SEC 2008 23rd International Information Security Conference,
Co-located with IFIP World Computer Congress 2008,
Milan, Italy, September 8-10, 2008. http://sec2008.dti.unimi.it
(Submissions due 17 January 2008)
The conference seeks submissions from academia and industry presenting
novel research on all theoretical and practical aspects of computer security,
as well as case studies and implementation experiences. Papers should have
practical relevance to the construction, evaluation, application, or
operation of secure systems. Theoretical papers must make convincing
argument for the practical significance of the results.
Topics of interest include, but are not limited to:
- access control
- accounting and audit
- anonymity
- applied cryptography
- authentication
- computer forensics
- cryptographic protocols
- database security
- data protection
- data/system integrity
- digital rights management
- electronic frauds
- identity management
- information warfare
- intrusion detection
- key management
- law and ethics
- peer-to-peer security
- privacy-enhancing technology
- secure location services
- secure networking
- security education
- security management
- smartcards
- commercial and industry security
- data and application security
- inference/controlled disclosure
- risk analysis and risk management
- intellectual property protection
- security in IT outsourcing
- security for mobile code
- trust management
- trust models
-------------------------------------------------------------------------
UPSEC 2008 Workshop on Usability, Psychology, and Security,
Co-located with the 5th USENIX Symposium on Networked Systems
Design & Implementation (NSDI 2008),
San Francisco, California, USA, April 14, 2008.
http://www.usenix.org/upsec08/cfp
(Submissions due 18 January 2008)
Information security involves both technology and people. To design and
deploy secure systems, we require an understanding of how users of
those systems perceive, understand, and act on security risks and
threats. This one-day workshop will bring together an interdisciplinary
group of researchers, systems designers, and developers to discuss how the
fields of human computer interaction, applied psychology, and computer
security can be brought together to inform innovations in secure systems
design. We seek to deepen the conversation about usable security to go
beyond the user interface, toward developing useful and usable systems of
humans and technology. Topics include but are not limited to:
- Error detection and recovery
- Human perception and cognitive information processing
- Identity and impression management
- Individual and cultural differences
- Information seeking and evaluation
- Judgment and decision-making
- Learning, training, and experience
- Mental models
- Models of privacy, sharing, and trust
- Organizational, group, and individual behavior
- Risk perception, risk analysis, and risk communication
- Security behavior study methodology
- Social engineering
- Social influence and persuasion
- System proposals and design approaches
- Threat evaluation
- Usability
- User motivation and incentives for secure behavior
-------------------------------------------------------------------------
ATC 2008 5th International Conference on Autonomic and Trusted Computing,
Oslo, Norway, June 23-25, 2008. http://www.ux.uis.no/atc08/
(Submissions due 19 January 2008)
Computing systems including hardware, software, communication and
networks are growing dramatically in both scale and heterogeneity,
becoming overly complex. Such complexity is getting even more critical
with the ubiquitous permeation of embedded devices and other pervasive
systems. To cope with the growing and ubiquitous complexity, Autonomic
Computing (AC) focuses on self-manageable computing and communication
systems that exhibit self-awareness, self-configuration,
self-optimization, self-healing, self-protection and other self-x
operations to the maximum extent possible without human intervention
or guidance. Organic Computing (OC) additionally emphasizes
natural-analogue concepts like self-organization and controlled
emergence. Trusted/Trustworthy Computing (TC) aims at making
computing and communication systems as well as services available,
predictable, traceable, controllable, assessable, sustainable,
dependable, persist-able, security/privacy protect-able, etc. ATC-08
addresses the most innovative research and development in these
challenging areas and includes all technical aspects related to
autonomic/organic computing (AC/OC) and trusted computing (TC). Topics
of interest include, but are not limited to:
- AC/OC Theory and Models ( Nervous/organic models, negotiation, cooperation,
competition, self-organization, emergence, etc.)
- AC/OC Architectures and Systems (Autonomic elements & their relationship,
frameworks, middleware, observer/controller architectures, etc.)
- AC/OC Components and Modules (Memory, storage, database, device,
server, proxy, software, OS, I/O, etc.)
- AC/OC Communication and Services (Networks, self-organized net, web
service, grid, P2P, semantics, agent, transaction, etc.)
- AC/OC Tools and Interfaces (Tools/interfaces for AC/OC system development,
test, monitoring, assessment, supervision, etc.)
- Trust Models and Specifications (Models and semantics of trust, distrust,
mistrust, over-trust, cheat, risk, reputation, reliability, etc.)
- Trust-related Security and Privacy (Trust-related secure architecture,
framework, policy, intrusion detection/awareness, protocols, etc.)
- Trusted Reliable and Dependable Systems (Fault-tolerant systems, hardware
redundancy, robustness, survivable systems, failure recovery, etc.)
- Trustworthy Services and Applications (Trustworthy Internet/web/grid/P2P
e-services, secured mobile services, novel applications, etc.)
- Trust Standards and Non-Technical Issues (Trust standards and issues
related to personality, ethics, sociology, culture, psychology, economy,
etc.)
-------------------------------------------------------------------------
WISTP 2008 Workshop in Information Security Theory and Practices 2008:
Smart Devices, Convergence and Next Generation Networks, Sevilla, Spain,
May 13-16, 2008. http://wistp2008.xlim.fr/
(Submissions due 20 January 2008)
With the rapid technological development of information technologies
and with the transition from the common to the next generation
networks, computer systems and especially embedded systems are
becoming more mobile and ubiquitous, increasingly interfacing with the
physical world. Ensuring the security of these complex and yet,
resource constraint systems has emerged as one of the most pressing
challenges. Another important challenge is related to the convergence
of these new technologies. The aim of this second workshop is to bring
together researchers and practitioners in related areas and to
encourage interchange and cooperation between the research community
and the industrial/consumer community. Topics of interest include, but
are not limited to:
Smart Devices
- Biometrics, National ID cards
- Embedded Systems Security and TPMs
- Interplay of TPMs and Smart Cards
- Mobile Codes Security
- Mobile Devices Security
- New Applications for Secure RFID Systems
- RFID Systems Security
- Smart Card Security
- Smart Devices Applications
- Wireless Sensor Node Security
Convergence: Security Architectures, Protocols, Policies and Management
for Mobility
- Critical Infrastructure (e.g. for Medical or Military Applications) Security
- Digital Rights Management (DRM)
- Distributed Systems and Grid Computing Security
- Industrial and Multimedia Applications
- Information Assurance and Trust Management
- Intrusion Detection and Information Filtering
- Localization Systems Security (Tracking of People and Goods)
- M2M (Machine to Machine), H2M (Human to Machine) and M2H (Machine to Human)
Security
- Mobile Commerce Security
- Public Administration and Governmental Services
- Privacy Enhancing Technologies
- Security Models and Architecture
- Security Policies (Human-Computer Interaction and Human Behavior Impact)
- Security Protocols (for Identification and Authentication,
Confidentiality and Privacy, and Integrity)
- Security Measurements
Next Generation Networks
- Ad Hoc Networks Security
- Delay-Tolerant Network Security
- Domestic Network Security
- Peer-to-Peer Networks Security
- Security Issues in Mobile and Ubiquitous Networks
- Security of GSM/GPRS/UMTS Systems
- Sensor Networks Security
- Vehicular Network Security
- Wireless Communication Security: Bluetooth, NFC, WiFi, WiMAX, WiMedia, others
-------------------------------------------------------------------------
SSDU 2008 2nd International Symposium on Service, Security and its Data
management technologies in Ubi-comp,
Held in conjunction with the 3rd International Conference on Grid and
Pervasive Computing (GPC 2008), Kunming, China, May 25-28, 2008.
http://grid.hust.edu.cn/gpc2008/
(Submissions due 24 January 2008)
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new
paradigm with user-centric environment to provide computing and communication
services at any time and anywhere. In order to realize their advantages,
it requires integrating security, services and data management to be suitable
for Ubi-com. However, there are still many problems and major
challenges awaiting for us to solve such as the security risks in
ubiquitous resource sharing, which could be occurred when data resources
are connected and accessed by anyone in Ubi-com. Therefore, it will be
needed to explore more secure and intelligent mechanism in Ubi-com.
Topics include:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RF-ID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com
-------------------------------------------------------------------------
CSF 2008 21st IEEE Computer Security Foundations Symposium,
Pittsburgh, PA, USA, June 23-25, 2008. http://www.cylab.cmu.edu/CSF2008/
(Submissions due 29 January 2008)
The IEEE Computer Security Foundations (CSF) series brings together
researchers in computer science to examine foundational issues in computer
security. Over the past two decades, many seminal papers and techniques
have been presented first at CSF. The CiteSeer Impact page
(http://citeseer.ist.psu.edu/impact.html ) lists CSF as 38th out of
more than 1200 computer science venues, top 3.11% in impact based on
citation frequency. New theoretical results in computer security are welcome.
Also welcome are more exploratory presentations, which may examine open
questions and raise fundamental concerns about existing theories. Panel
proposals are sought as well as papers. Possible topics include,
but are not limited to:
- Access control
- Anonymity and Privacy
- Authentication
- Data and system integrity
- Database security
- Decidability and complexity
- Distributed systems security
- Electronic voting
- Executable content
- Formal methods for security
- Information flow
- Intrusion detection
- Language-based security
- Network security
- Resource usage control
- Security for mobile computing
- Security models
- Security protocols
- Trust and trust management
-------------------------------------------------------------------------
USENIX-Security 2008 17th USENIX Security Symposium,
San Jose, California, USA, July 28-August 1, 2008.
http://www.usenix.org/sec08/cfpa/
(Submissions due 30 January 2008)
On behalf of the 17th USENIX Security Symposium (USENIX Security '08)
program committee, we are inviting you to submit high-quality papers
in all areas relating to systems and network security. Please note that
the USENIX Security Symposium is primarily a systems security conference.
Papers whose contributions are primarily new cryptographic algorithms or
protocols, cryptanalysis, electronic commerce primitives, etc., may not
be appropriate for this conference. Refereed paper submissions are
solicited in all areas relating to systems and network security,
including:
- Adaptive security and system management
- Analysis of network and security protocols
- Applications of cryptographic techniques
- Attacks against networks and machines
- Authentication and authorization of users, systems, and applications
- Automated tools for source code analysis
- Botnets
- Cryptographic implementation analysis and construction
- Denial-of-service attacks and countermeasures
- File and filesystem security
- Firewall technologies
- Forensics and diagnostics for security
- Intrusion and anomaly detection and prevention
- Malicious code analysis, anti-virus, anti-spyware
- Network infrastructure security
- Operating system security
- Privacy-preserving (and -compromising) systems
- Public key infrastructure
- Rights management and copyright protection
- Security architectures
- Security in heterogeneous and large-scale environments
- Security policy
- Self-protecting and healing systems
- Techniques for developing secure systems
- Technologies for trustworthy computing
- Usability and security
- Voting systems analysis and security
- Wireless and pervasive/ubiquitous computing security
- Web security
-------------------------------------------------------------------------
Elsevier Computer Standards and Interfaces, Special issue on Information
and Communications Security, Privacy and Trust: Standards and Regulations,
Summer 2008.
http://www.elsevier.com/wps/find/journaldescription.cws_home/505607/description#description
(Submission Due 30 January 2008)
Guest editors: Bhavani Thuraisingham (University of Texas at Dallas, USA)
and Stefanos Gritzalis (niversity of the Aegean, Greece)
Most of the research and development work carried out by universities, research
centers and private companies today, is based, in some way or another, on
international standards or pre-standards that have been produced under the
auspices of recognized standardization bodies. On top of that, many market
sectors have recognized standardization as a prerequisite for the provision
of high quality services and products, thus triggering a large number of
multi-sectoral voluntary standards. For many years the Security field was
somehow isolated in the Information and Communications Technology arena.
Inevitably this isolation has been inherited to the standards governing the
security, privacy, and trust techniques and mechanisms that are currently
employed. It is therefore important to inform the scientific community
about these problems and facilitate better collaboration on the security,
privacy, and trust aspects of international standards and regulations.
We welcome the submission of papers that: provide information about
activities and progress of security, privacy, and trust standardization
work; focus on critical comments on standards and standardization activities;
discuss actual projects results; disseminate experiences and case studies
in the application and exploitation of established and emerging standards,
methods and interfaces. The areas of interest may include,
but not limited, to:
- Access Control and Authorization
- Assurance Services
- Auditing and Forensic Information Management
- Authentication, Authorization, and Accounting
- Business Services
- Confidentiality and Privacy Services
- Digital Rights Management
- eBusiness, eCommerce, eGovernment Security: Establishing Trust and Confidence
of Citizens in eTransactions and eServices
- eHealth Security
- Lawful Interception Architectures and Functions
- Legal and Regulation Issues
- Network Defense Services
- Privacy and Identity Management
- Securing Critical Information and Communication Infrastructures
- Security Challenges to the use and deployment of Disruptive Technologies
(Trusted Computing, VoIP, WiMAX, RFID, IPv6)
- Security issues in Network Event Logging
- Standardization Aspects of Electronic Signatures
- Trust Services
- Wireless, Mobile, Ad hoc and Sensors Networks Security, Privacy, and Trust
-------------------------------------------------------------------------
NYS-IA 2008 3rd Annual Symposium on Information Assurance,
Albany, NY, USA, June 4-5, 2008. http://www.albany.edu/iasymposium
(Submissions due 31 January 2008)
Authors are invited to submit original and unpublished papers to the
3rd Annual Symposium on Information Assurance, which will be jointly
held with the 11th Annual NYS Cyber Security Conference. This two day
event attracts practitioners, researchers, and vendors providing opportunities
for business and intellectual engagement among attendees. The conference
program will be organized into topics not limited to:
- Security Policy Implementation & Compliance
- Computer & Network Forensics
- Information Security Risk Management
- Network Security and Intrusion Detection
- Economics of Information Security
- Reverse Engineering of Viruses and Worms
- Security Metrics for Evaluating Security
- Botnet Detection and Prevention
- Computer Crime Data Analytics
- Security in Wireless and Ad hoc Networks
- Internet-based Terrorism and Espionage
- Adaptive & Resilient Security Models
- Digital Rights Management
- Biological Models of Security
- Privacy & Security
- Distributed Systems Security
- Security Glossaries and Ontologies
- Database Security and Data Integrity
- Trust Modeling and Management
- Curriculum Development in Information Security
-------------------------------------------------------------------------
SADFE 2008 3rd International Workshop on Systematic Approaches to
Digital Forensic Engineering,
Held in conjunction with the 2008 IEEE Symposium on Security
and Privacy (SP 2008), The Claremont Resort, Oakland, CA, USA, May 22, 2008.
http://conf.ncku.edu.tw/sadfe/sadfe08/
(Submissions due 1 February 2008)
The SADFE (Systematic Approaches to Digital Forensic Engineering)
International Workshop promotes systematic approaches to cyber crime
investigation, by furthering the advancement of digital forensic
engineering as a disciplined practice. Digital forensic engineering is
characterized by the application of scientific and mathematical
principles to the investigation and establishment of facts or evidence,
either for use within a court of law or to aid understanding of cyber crimes
or cyber-enabled crimes. To advance the state of the art, SADFE 2008
solicits broad-based, innovative digital forensic engineering technology,
techno-legal and practice-related submissions in the following four areas:
- Digital Data and Evidence Management: advanced digital evidence
discovery, collection, and storage.
- Principle-based Digital Forensic Processes: systematic engineering
processes supporting digital evidence management which are sound on
scientific, technical and legal grounds.
- Digital Evidence Analytics: advanced digital evidence analysis,
correlation, and presentation.
- Forensic-support technologies: forensic-enabled and proactive
monitoring/response.
-------------------------------------------------------------------------
DIMVA 2008 5th Conference on Detection of Intrusions and Malware &
Vulnerability Assessment, Paris, France, July 10-11, 2008.
http://www.dimva.org/dimva2008/
(Submissions due 4 February 2008)
The annual DIMVA conference serves as a premier forum for advancing the
state of the art in intrusion detection, malware detection, and vulnerability
assessment. Each year DIMVA brings together international experts from
academia, industry and government to present and discuss novel research
in these areas. DIMVA is organized by the special interest group
Security - Intrusion Detection and Response of the German Informatics Society
(GI). DIMVA's scope includes, but is not restricted to the following areas:
Intrusion Detection
- Approaches
- Implementations
- Prevention and response
- Result correlation
- Evaluation
- Potentials and limitations
- Operational experiences
- Evasion and other attacks
- Legal and social aspects
Malware
- Techniques
- Detection
- Prevention and containment
- Evaluation
- Trends and upcoming risks
- Forensics and recovery
Vulnerability Assessment
- Vulnerabilities
- Vulnerability detection
- Vulnerability prevention
- Classification and evaluation
-------------------------------------------------------------------------
PODC 2008 27th Annual ACM SIGACT-SIGOPS Symposium on the Principles of
Distributed Computing, Toronto, Canada, August 18-21, 2008.
http://www.podc.org/podc2008
(Submissions due 4 February 2008)
PODC solicits papers on all areas of distributed systems. We encourage
submissions dealing with any aspect of distributed computing from the
theoretical or experimental viewpoints. The common goal is to improve
understanding of principles underlying distributed computing.
Topics of interest include the following subjects in distributed systems:
- distributed algorithms: design and analysis
- communication networks: architectures, services, protocols,
applications
- multiprocessor and multi-core architectures and algorithms
- shared and transactional memory, synchronization protocols,
concurrent programming
- fault-tolerance, reliability, availability, self organization
- Internet applications, social networks, recommender systems
- distributed operating systems, middleware platforms, databases
- distributed computing with selfish agents
- peer-to-peer systems, overlay networks, distributed data management
- high-performance, cluster, and grid computing
- mobile computing, autonomous agents, location- and context-aware
distributed systems
- security in distributed computing, cryptographic protocols
- sensor, mesh, and ad hoc networks
- specification, semantics, verification, and testing of
distributed systems
-------------------------------------------------------------------------
ICIMP 2008 3rd International Conference on Internet Monitoring and Protection,
Bucharest, Romania, June 29 - July 5, 2008.
http://www.iaria.org/conferences2008/ICIMP08.html
(Submissions due 5 February 2008)
The International Conference on Internet Monitoring and Protection
(ICIMP 2008) initiates a series of special events targeting security,
performance, vulnerabilities in Internet, as well as disaster
prevention and recovery. Dedicated events focus on measurement,
monitoring and lessons learnt in protecting the user.
ICIMP 2008 Tracks include:
- TRASI: Internet traffic surveillance and interception
- IPERF: Internet performance
- RTSEC: Security for Internet-based real-time systems
- DISAS: Disaster prevention and recovery
- EMERG: Networks and applications emergency services
- MONIT: End-to-end sampling, measurement, and monitoring
- REPORT: Experiences & lessons learnt in securing networks and applications
- USSAF: User safety, privacy, and protection over Internet
- SYVUL: Systems vulnerabilities
- SYDIA: Systems diagnosis
- CYBER-FRAUD: Cyber fraud
- BUSINESS: Business continuity
- RISK: Risk assessment
- TRUST: Privacy and trust in pervasive communications
- RIGHT: Digital rights management
- BIOTEC: Biometric techniques
-------------------------------------------------------------------------
Wiley InterScience Security and Communication Networks Journal,
Special Issue on Clinical Information Systems (CIS) Security,
July/August 2008. http://www3.interscience.wiley.com/cgi-bin/jtoc/114299116/
(Submission Due 10 February 2008)
Guest editors: Theodore Stergiou (KPMG Kyriacou Advisors AE, Greece),
Dimitrios Delivasilis (Incrypto Ltd., Greece),
Mark S Leeson (University of Warwick, UK),
and Ray Yueh-Min Huang (National Cheng-Kung University, Taiwan, R.O.C.)
Managing records of patient care has become an increasingly complex issue
with the widespread use of advanced technologies. The vast amount of
information for every routine care must be securely processed over
different data bases. Clinical Information Systems (CIS)
address the need for a computerized approach in
managing personal health information. Hospitals and public or
private health insurance organizations are continuously upgrading their
database and data management systems to more sophisticated architectures.
The possible support of the large patient archives and the flexibility of a
CIS in providing up-to-date patient information and worldwide doctors
collaboration, have leveraged the research on CIS both in academic and
government domains. At the same time, it has become apparent that patients
require more control over their clinical data, either being results of
clinical examinations or medical history. Due to the large amount of
information that can be found on the Internet and the free access to
medical practitioners and hospitals worldwide, patients may choose to
communicate their information so as to obtain several expert opinions
regarding their conditions. Given the sensitive nature of the information
stored and inevitably in transit, security has become an issue of outmost
necessity. Numerous EU and US research projects have been launched to
address security in CIS (e.g. EUROMED, ISHTAR, RESHEN), whereas regulatory
compliance to acts such as the HIPAA has become an obligation for centers
moving to CIS. This Special Issue will serve as a venue for both academia
and industry individuals and groups working in this fast-growing research
area to share their experiences and state-of-the-art work with the readers.
The topics of interest in this Special Issue include, but are not limited to:
- Authentication techniques for CIS
- Authorization mechanisms and approaches for patient-centric data
- Public Key Infrastructures to support diverse clinical information
environments and networks
- Cryptographic protocols for use to secure patient-centric data
- Secure communication protocols for the communication of clinical data
- Wireless sensor networks security
- Body sensor networks security
- CIS Database security
- Interoperability across diverse CIS environments (national and multilateral)
- Government and international regulatory and compliance requirements
-------------------------------------------------------------------------
ACISP 2008 13th Australasian Conference on Information Security and Privacy,
Wollongong, Australia, July 14-16, 2008.
http://www.uow.edu.au/conferences/acisp%202008/index.html
(Submissions due 11 February 2008)
ACISP 2008 is the main computer security and cryptography conference
organized in Australia that provides an avenue for discussion and
exchange of ideas for researchers from academia and industry.
Original papers pertaining to all aspects of information security and
privacy are solicited for submission to the ACISP 2008. Papers may
present theory, techniques, applications and practical experiences
on a variety of topics. Topics of interest include, but are not
limited to:
- access control
- authentication and identi?cation
- authorization
- biometrics
- computer forensics
- copyright protection
- cryptography
- database security
- electronic surveillance
- evaluation and certification
- intrusion detection
- key management
- key establishment protocols
- legal and privacy issues
- mobile system security
- network and communication security
- secure electronic commerce
- secure operating systems
- secure protocols
- smart cards
- malware and viruses
-------------------------------------------------------------------------
CARDIS 2008 8th Smart Card Research and Advanced Application Conference,
Royal Holloway, University of London, Egham, Surrey, UK,
September 8-11, 2008. http://www.scc.rhul.ac.uk/CARDIS/
(Submissions due 15 February 2008)
Since 1994, CARDIS has been the foremost international conference
dedicated to smart card research and applications. Submissions across
a broad range of smart card development phases are encouraged, from
exploratory research and proof-of-concept studies to practical
applications and deployment of smart card technology. As a response
to the growing development of contactless applications and RFID
systems, a special interest is also devoted to low cost cryptographic
mechanisms and physical security of constrained devices. Topics of
interest include, but are not limited to:
- From smart cards to smart devices (hardware, form factor, display)
- Software environments for smart cards and devices (OS, VM, API)
- Smart cards and devices networking and high-level data models
- Smart cards and devices applications, development and deployment
- Person representation and biometrics using smart technologies
- Identity, privacy and trust issues for smart technologies
- High-speed, small-footprint implementations of cryptographic algorithms
- Attacks and countermeasures in hardware and software
- Cryptographic protocols for smart cards and devices
- Biometrics and smart cards
- Formal modeling of environments and applications
- Interplay of TPMs and smart cards
- Security of RFID systems
-------------------------------------------------------------------------
EUROSEC 2008 European Workshop on System Security,
Held in conjunction with the Annual ACM SIGOPS EuroSys conference
(EUROSYS 2008), Glasgow, Scotland, March 31, 2008.
http://www.cs.vu.nl/eurosec08/
(Submissions due 15 February 2008)
The workshop aims to bring together researchers, practitioners,
system administrators, system programmers, and others interested in
the latest advances in the security of computer systems and networks.
The focus of the workshop is on novel, practical, systems-oriented work.
EuroSec seeks contributions on all aspects of systems security.
Topics of interest include (but are not limited to):
- new attacks, evasion techniques, and defenses
- operating system security
- hardware architectures
- "trusted computing" and its applications
- identity management, anonymity
- small trusted computing bases
- mobile systems security
- measuring security
- malicious code analysis and detection
- web security
- systems-based forensics
- systems work on fighting spam/phishing
-------------------------------------------------------------------------
IFIP-DAS 2008 22nd Annual IFIP WG 11.3 Working Conference on Data and
Applications Security, London, UK, July 13-16, 2008.
http://seclab.dti.unimi.it/~ifip113/2008/
(Submissions due 20 February 2008)
The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications
Security provides a forum for presenting original unpublished research
results, practical experiences, and innovative ideas in data and
applications security. Papers and panel proposals are also solicited.
Proceedings will be published by Springer as the next volume in the
Research Advances in Database and Information Systems Security series.
Papers may present theory, techniques, applications, or practical
experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
-------------------------------------------------------------------------
SHPCS 2008 Workshop on Security and High Performance Computing Systems,
Held in conjunction with the 2008 International Conference on High
Performance Computing & Simulation (HPCS 2008) and the 22nd European
Conference on Modelling and Simulation (ECMS 2008),
Nicosia, Cyprus, June 3-6, 2008. http://www.diiga.univpm.it/~spalazzi/nicosia/
(Submissions due 21 February 2008)
This workshop addresses relationships between security and high performance
systems in three directions. First, it considers how to add security
properties (authentication, confidentiality, integrity, non-repudiation,
access control) to high performance computing systems. Second, it covers
how to use high performance computing systems to solve security problems.
Third, it investigates the tradeoffs between maintaining high performance
and achieving security in computing systems and solutions to balance the
two objectives. In all these directions, various performance analyses or
monitoring techniques can be conducted to show the efficiency of a
security infrastructure. This workshop covers (but is not limited to)
the following topics:
- Access Control
- Accounting and Audit
- Anonymity
- Applied Cryptography
- Authentication
- Commercial and Industry Security
- Cryptographic Protocols
- Data and Application Security
- Data/System Integrity
- Database Security
- Digital Rights Management
- Formal Verification of Secure Systems
- Identity Management
- Inference/Controlled Disclosure
- Information Warfare
- Intellectual Property Protection
- Intrusion and Attack Detection
- Intrusion and Attack Response
- Key Management
- Privacy-Enhancing Technology
- Secure Networking
- Secure System Design
- Security Management
- Security for Mobile Code
- Security for Specific Domains (e.g., E-Government, E-Business, P2P)
- Security in IT Outsourcing
- Security in Mobile and Wireless Networks
- Security in Operating Systems
- Security Location Services
- Security of Grid and Cluster Architectures
- Smartcards
- Trust Management Policies
- Trust Models
-------------------------------------------------------------------------
SOUPS 2008 Symposium On Usable Privacy and Security,
Carnegie Mellon University, Pittsburgh, PA, USA, July 23-25, 2008.
http://cups.cs.cmu.edu/SOUPS/
(Submissions due 29 February 2008)
The 2008 Symposium on Usable Privacy and Security (SOUPS) will bring
together an interdisciplinary group of researchers and practitioners in
human computer interaction, security, and privacy. The program will
feature technical papers, a poster session, panels and invited talks,
discussion sessions, and in-depth sessions (workshops and tutorials).
We invite authors to submit original papers describing research or
experience in all areas of usable privacy and security. Topics include,
but are not limited to:
- innovative security or privacy functionality and design
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of security or privacy features or
security testing of usability features
- lessons learned from deploying and using usable privacy and
security features
-------------------------------------------------------------------------
W2SP 2008, 2nd Workshop on Web 2.0 Security and Privacy,
Held in conjunction with the 2008 IEEE Symposium on Security and
Privacy (SP 2008), The Claremont Resort, Oakland, CA, USA, May 22, 2008.
http://www.ieee-security.org/TC/SP2008/oakland08.html
(Submissions due 1 March 2008)
The goal of this one day workshop is to bring together researchers
and practitioners from academia and industry to focus on understanding
Web 2.0 security and privacy issues, and establishing new collaborations
in these areas. Web 2.0 is about connecting people and amplifying the
power of working together. The mixing of technology and social
interaction is occurring in the context of a wave of technologies
supporting rapid development of these interpersonal and business
interactions. Many of the new web technologies rely on the composition
of content and services from multiple sources, resulting in complex
technology compositions (mash-ups). The content composition trend is
likely to continue. The lure of these technologies is the promise of
simpler ways to compose software service and content, at lower cost.
However, there are issues with respect to management of identities,
reputation, privacy, anonymity, transient and long term relationships,
and composition of function and content, both on the server side and
at the client (web browser). While the security and privacy issues
are not new, these issues are increasingly becoming acute as the
technologies are adopted and adapted to appeal to wider audiences.
Some of these technologies deliberately bypass existing security
mechanisms. This workshop is intended to discuss the limitations of
the current technologies and explore alternatives.
The scope of W2SP 2008 includes, but is not limited to:
- Identity, privacy, reputation and anonymity
- End-to-end security architectures
- Security of content composition
- Security and privacy policy definition and modeling of content
composition
- Provenance and governance
- Usable security and privacy models
- Static and dynamic analysis for security
- Security as a service
- Click fraud
- Software as a service
- Web services/feeds/mashups
- Next generation browser technology
-------------------------------------------------------------------------
ISC 2008 Information Security Conference, Taipei, Taiwan,
September 15-18, 2008. http://isc08.twisc.org/
(Submissions due 1 March 2008)
ISC aims to attract high quality papers in all technical aspects of
information security. The topics of interest of ISC include, but are not
limited to, the following:
- Access Control
- Accounting and Audit
- Anonymity and Pseudonymity
- Applied Cryptography
- Attacks and Prevention of Online Fraud
- Authentication and Non-repudiation
- Biometrics
- Cryptographic Protocols and Functions
- Database and System Security
- Design and Analysis of Cryptographic Algorithms
- Digital Rights Management
- Economics of Security and Privacy
- Formal Methods in Security
- Foundations of Computer Security
- Identity and Trust Management
- Information Hiding and Watermarking
- Infrastructure Security
- Intrusion Detection, Tolerance and Prevention
- Mobile, Ad Hoc and Sensor Network Security
- Network and Wireless Network Security
- Peer-to-Peer Network Security
- PKI and PMI
- Private Searches
- Security and Privacy in Pervasive/Ubiquitous Computing
- Security in Information Flow
- Security for Mobile Code
- Security of Grid Computing
- Security of eCommerce, eBusiness and eGovernment
- Security Modeling and Architectures
- Security Models for Ambient Intelligence environments
- Trusted Computing
- Usable Security
- Special Session on AES
-------------------------------------------------------------------------
IWSSE 2008 2nd International Workshop on Security in Software Engineering,
Held in conjunction with the IEEE COMPSAC 2008, Turku,
July 28 - August 1, 2008.
http://www.sis.pitt.edu/%7Elersais/IWSSE/IWSSE08.html
(Submissions due 1 March 2008)
Secure software engineering has become an emerging interdisciplinary area
across software engineering, programming languages, and security
engineering. Secure software engineering focuses on developing secure
software and understanding the security risks and managing these risks
throughout the life-cycle of software. The purpose of the workshop is
to bring together researchers and practitioners who work closely in
this area to create a forum for reporting and discussing recent
advances in improving security in software engineering and inspiring
collaborations and innovations on new methods and techniques to
advance software security in our practices. Researchers and
practitioners worldwide are invited to present their research
expertise and experience, and discuss the issues and challenges in
security from software engineering perspective. Submissions of
quality papers in the following non-exhaustive list of topics are invited:
- Management of software security in industrial practice
- Security requirements and policies
- Abuse cases and threat modeling
- Architecture and design for security
- Model-based security
- Language-based security
- Malicious code prevention and code safety
- Security risk analysis
- Security taxonomy and metrics
- Testing for security
- Application security: detection and protection
- Software piracy and protection
-------------------------------------------------------------------------
Globecom-CCNS 2008 Computer and Communications Network Security Symposium,
Held in conjunction with the IEEE Global Communications Conference
(GLOBECOM 2008), New Orleans, LA, USA, November 30 - December 4, 2008.
http://www.comsoc.org/confs/globecom/2008/symposium/compcom.html
(Submissions due 15 March 2008)
The Computer and Communications Network Security Symposium will address
all aspects of the modelling, design, implementation,deployment, and management
of computer/network security algorithms, protocols,architectures, and systems.
Furthermore, contributions devoted to the evaluation, optimization, or
enhancement of security mechanisms for current technologies as well as
devising efficient security and privacy solutions for emerging technologies
are solicited. Topics of interest include:
- Secure PHY, MAC, Routing and Upper Layer Protocols
- Secure Cross Layer Design
- Authentication Protocols and Services Authorization
- Confidentiality
- Data and System Integrity
- Availability of Secure Services
- Key Distribution and Management
- PKI and Security Management
- Trust Models and Trust Establishment
- Identity Management and Access Control
- Deployment and Management of Computer/Network Security Policies
- Monitoring Design for Security
- Distributed Intrusion Detection Systems and Countermeasures
- Traffic Filtering and Firewalling
- IPv6 security, IPSec
- Virtual Private Networks (VPNs)
- Prevention, Detection and Reaction Design
- Revocation of Malicious Parties
- Light-Weight Cryptography
- Quantum Cryptography and QKD
- Applications of Cryptography and Cryptanalysis in communications security
- Security and Mobility
- Mobile Code Security
- Network traffic Analysis Techniques
- Secure Naming and Addressing (Privacy and Anonymity)
- Application/Network Penetration Testing
- Advanced Cryptographic Testbeds
- Network Security Metrics and Performance Evaluation
- Operating System(OS) Security and Log Analysis Tools
- Security Modelling and Protocol Design
- Security Specification Techniques
- Self-Healing Networks
- Smart Cards and Secure Hardware
- Biometric Security: Technologies, Risks and Vulnerabilities
- Information Hiding and Watermarking
- Vulnerability, Exploitation Tools, and Virus/Worm Analysis
- Distributed Denial-Of-Service (DDOS) Attacks and Countermeasures
- DNS Spoofing and Security
- Critical infrastructure Security
- Single- and Multi-Source Intrusion Detection and Response (Automation)
- Web, E-commerce, M-commerce, and E-mail Security
- New Design for Unknown Attacks Detection
-------------------------------------------------------------------------
Pairing 2008 2nd International Conference on Pairing-based Cryptography,
Egham, UK, September 1-3, 2008. http://www.pairing-conference.org/
(Submissions due 16 March 2008)
Pairing-based cryptography is an extremely active area of research which
has allowed elegant solutions to a number of long-standing open problems
in cryptography (such as efficient identity-based encryption).
New developments continue to be made at a rapid pace. The aim of "Pairing"
conference is thus to bring together leading researchers and practitioners
from academia and industry, all concerned with problems related to
pairing-based cryptography. Authors are invited to submit papers describing
their original research on all aspects of pairing-based cryptography,
including, but not limited to the following topics:
Area I: Novel cryptographic protocols
- ID-based and certificateless cryptosystems
- Broadcast encryption, signcryption etc
- Short/multi/aggregate/group/ring/threshold/blind signatures
- Designed confirmer or undeniable signatures
- Identification/authentication schemes
- Key agreement
Area II: Mathematical foundations
- Weil, Tate, Eta, and Ate pairings
- Security consideration of pairings
- Other pairings and applications of pairings in mathematics
- Generation of pairing friendly curves
- (Hyper-) Elliptic curve cryptosystems
- Number theoretic algorithms
- Addition algorithms in divisor groups
Area III: SW/HW implementation
- Secure operating systems
- Efficient software implementation
- FPGA or ASIC implementation
- Smart card implementation
- RFID security
- Middleware security
- Side channel and fault attacks
Area IV: Applied security
- Novel security applications
- Secure ubiquitous computing
- Security management
- PKI models
- Application to network security
- Grid computing
- Internet and web security
- E-business or E-commerce security
-------------------------------------------------------------------------
DFRWS 2008 8th Annual Digital Forensic Research Workshop,
Baltimore, MD, USA, August 11-13, 2008. http://www.dfrws.org/2008/
(Submissions due 17 March 2008)
DFRWS brings together leading researchers, developers, practitioners,
and educators interested in advancing the state of the art in digital
forensics from around the world. As the most established venue in the
field, DFRWS is the preferred place to present both cutting-edge research
and perspectives on best practices for all aspects of digital forensics.
As an independent organization, we promote open community discussions
and disseminate the results of our work to the widest audience. We invite
original contributions as research papers, panel proposals, Work-in-Progress
talks, and demo proposals. All papers are evaluated through a
double-blind peer-review process, and those accepted will be published
in printed proceedings by Elsevier. Topics of Interest include:
- Incident response and live analysis
- Network-based forensics, including network traffic analysis,
traceback and attribution
- Event reconstruction methods and tools
- File system and memory analysis
- Application analysis
- Embedded systems
- Small scale and mobile devices
- Large-scale investigations
- Digital evidence storage and preservation
- Data mining and information discovery
- Data hiding and recovery
- File extraction from data blocks (file carving)
- Multimedia analysis
- Tool testing and development
- Digital evidence and the law
- Anti-forensics and anti-anti-forensics
- Case studies and trend reports
- Non-traditional approaches to forensic analysis
-------------------------------------------------------------------------
ICITS 2008 International Conference on Information Theoretic Security,
Calgary, Canada, August 10-13, 2008. http://iqis.org/events/icits2008
(Submissions due 23 March 2008)
This is the second conference in a series of conferences that is aimed
to bring together the leading researchers in the area of information
and quantum theoretic security. This series of conferences is a
successor to the 2005 IEEE Information Theory Workshop on Theory and
Practice in Information-Theoretic Security (ITW 2005). The first ICITS
conference was held in Madrid, after Eurocrypt 2007. Conference
proceedings will be published by Springer Verlag in the Lecture Notes
in Computer Science. The topics of interest are on work on any aspect
of information theoretical security, this means security based on
information theory. This includes, but is not limited to the
following topics:
- Information theoretic analysis of security
- Private and Reliable Networks
- Anonymity
- Public Key Cryptosystems using Codes
- Authentication Codes
- Quantum Cryptography
- Conventional Cryptography using Codes
- Quantum Information Theory
- Fingerprinting
- Randomness extraction
- Ideal Ciphers
- Secret Sharing
- Information Hiding
- Secure Multiparty Computation
- Key Distribution
- Traitor Tracing
- Oblivious Transfer
- Data hiding and Watermarking
-------------------------------------------------------------------------
ESORICS 2008 13th European Symposium on Research in Computer Security,
Malaga, Spain, October 6-8, 2008. http://www.isac.uma.es/esorics08
(Submissions due 31 March 2008)
Papers offering novel research contributions in any aspect of computer
security are solicited for submission to the Thirteenth European
Symposium on Research in Computer Security (ESORICS 2008). Organized
in a series of European countries, ESORICS is confirmed as the European
research event in computer security. The symposium started in 1990
and has been held on alternate years in different European countries and
attracts an international audience from both the academic and industrial
communities. From 2002 it has been held yearly. The Symposium has established
itself as one of the premiere, international gatherings on Information
Assurance. Papers may present theory, technique, applications, or
practical experience on topics including:
- Access control
- Anonymity
- Authentication
- Authorization and delegation
- Cryptographic protocols
- Data integrity
- Dependability
- Information flow control
- Smartcards
- System security
- Digital right management
- Accountability
- Applied cryptography
- Covert channels
- Cybercrime
- Denial of service attacks
- Formal methods in security
- Inference control
- Information warfare
- Steganography
- Transaction management
- Data and application security
- Intellectual property protection
- Intrusion tolerance
- Peer-to-peer security
- Language-based security
- Network security
- Non-interference
- Privacy-enhancing technology
- Pseudonymity
- Subliminal channels
- Trustworthy user devices
- Identity management
- Security as quality of service
- Secure electronic commerce
- Security administration
- Security evaluation
- Security management
- Security models
- Security requirements engineering
- Security verification
- Survivability
- Information dissemination control
- Trust models and trust management policies
-------------------------------------------------------------------------
RAID 2008 11th International Symposium on Recent Advances in
Intrusion Detection, Cambridge, Massachusetts, USA, September 15-17, 2008.
http://www.ll.mit.edu/IST/RAID2008/
(Submissions due 4 April 2008)
This symposium, the 11th in an annual series, brings together leading
researchers and practitioners from academia, government, and industry to
discuss issues and technologies related to intrusion detection and defense.
The Recent Advances in Intrusion Detection (RAID) International Symposium
series furthers advances in intrusion defense by promoting the exchange
of ideas in a broad range of topics. As in previous years, all topics
related to intrusion detection, prevention and defense systems and
technologies are within scope, including but not limited to the following:
- Network and host intrusion detection and prevention
- Anomaly and specification-based approaches
- IDS cooperation and event correlation
- Malware prevention, detection, analysis and containment
- Web application security
- Insider attack detection
- Intrusion response, tolerance, and self protection
- Operational experience and limitations of current approaches
- Intrusion detection assessment and benchmarking
- Attacks against IDS including DoS, evasion, and IDS discovery
- Formal models, analysis, and standards
- Deception systems and honeypots
- Vulnerability analysis, risk assessment, and forensics
- Adversarial machine learning for security
- Visualization techniques
- Special environments, including mobile and sensor networks
- High-performance intrusion detection
- Legal, social, and privacy issues
- Network exfiltration detection
- Botnet analysis, detection, and mitigation
-------------------------------------------------------------------------
NSPW 2008 New Security Paradigm Workshop, Olympic Valley, CA, USA,
September 22-25, 2008. http://www.nspw.org
(Submissions due 11 April 2008)
The computers of the world are under siege. Denial of service attacks
plague commercial sites, large and small. Major companies are hacked for
consumer credit card numbers. Phishing attacks for personal information are
commonplace, and million-machine botnets are a reality. Our tools for
combating these threats--cryptography, firewalls, access controls,
vulnerability scanners, malware and intrusion detectors--are insufficient.
We need radical new solutions, but most security researchers propose
only incremental improvements. Since 1992, the New Security Paradigm
Workshop (NSPW) has been a home for research that addresses the fundamental
limitations of current work in information security. NSPW welcomes papers
that present a significant shift in thinking about difficult security
issues, build on such a recent shift, offer a contrarian view of accepted
practice or policy, or address non-technological aspects of security.
Our program committee particularly looks for new approaches to information
security, early thinking on new topics, innovative solutions to long-time
problems, and controversial issues which might not be accepted at other
conferences but merit a hearing. We discourage papers that represent
completed or established works, or offer incremental improvements to
well-established models. NSPW expects a high level of scholarship from
contributors, including awareness of prior work produced before the
World Wide Web.
-------------------------------------------------------------------------
IWSEC 2008 3rd International Workshop on Security,
Kagawa, Japan, November 25-27, 2008. http://www.iwsec.org
(Submissions due 18 April 2008)
The aim of IWSEC2008 is to contribute to security research and development
addressing the topics from traditional theory and tools on security
to other up-to-date issues. Topics include but are not limited to:
- Cryptography
- Authorization and Access Control
- Biometrics
- Information Hiding
- Quantum Security
- Network and Distributed Systems Security
- Privacy Enhancing Technology
- Security Issues in Ubiquitous/Pervasive Computing
- Security Management
- Software and System Security
- Protection of Critical Infrastructure
- Digital Forensics
- Economics and Other Scientific Approaches for Security
-------------------------------------------------------------------------
====================================================================
Information on the Technical Committee on Security and Privacy
====================================================================
____________________________________________________________________
Information for Subscribers and Contributors
____________________________________________________________________
SUBSCRIPTIONS:
Two options, each with two options:
1. To receive the full ascii CIPHER issues as e-mail, send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe".
OR
send a note to cipher-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
2. To receive a short e-mail note announcing when a new issue of
CIPHER is available for Web browsing send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe postcard".
OR
send a note to cipher-postcard-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
To remove yourself from the subscription list, send e-mail to
cipher-admin@ieee-security.org with subject line "unsubscribe" or
"unsubscribe postcard" or, if you have subscribed directly to the
xmission.com mailing list, use your password (sent monthly) to
unsubscribe per the instructions at
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard
Those with access to hypertext browsers may prefer to read Cipher
that way. It can be found at URL http://www.ieee-security.org/cipher.html
CONTRIBUTIONS:
to cipher @ ieee-security.org are invited. Cipher is a NEWSletter,
not a bulletin board or forum. It has a fixed set of departments,
defined by the Table of Contents. Please indicate in the
subject line for which department your contribution is intended.
Calendar and Calls-for-Papers entries should be sent to
cipher-cfp @ ieee-security.org
and they will be automatically included in both departments. To
facilitate the semi-automated handling, please send either a text
version of the CFP or a URL from which a text version can be easily
obtained. For Calendar entries, please include a URL and/or e-mail
address for the point-of-contact. For Calls for Papers, please submit
a one paragraph summary. See this and past issues for examples. ALL
CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS
APPLY. All reuses of Cipher material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy,
publications using Cipher material should obtain permission from the
contributors.
____________________________________________________________________
Recent Address Changes
____________________________________________________________________
Address changes from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/AddressChanges.html
_____________________________________________________________________
How to become <> a member of the
IEEE Computer Society's TC on Security and Privacy
_____________________________________________________________________
You may easily join the TC on Security & Privacy by completing
the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm
______________________________________________________________________
TC Publications for Sale
______________________________________________________________________
IEEE Security and Privacy Symposium
The 2007 proceedings are available in hardcopy for $30.00, the
28 year CD is $20.00, plus shipping and handling.
The 2006 Symposium proceedings and 11-year CD are sold out.
The 2005, 2004, and 2003 Symposium proceedings are available for $10
plus shipping and handling.
Shipping is $4.00/volume within the US, overseas surface mail is
$7/volume, and overseas airmail is $11/volume, based on an order of 3
volumes or less. The shipping charge for a CD is $1 per CD (no charge
if included with a hard copy order). Send a check made out to the
IEEE Symposium on Security and Privacy to the 2007 treasurer (below)
with the order description, including shipping method, and send email
to the 2007 Registration Chair (Yong Guan) (oakland07-registration @
ieee-security.org) with the shipping address, please.
Terry Benzel
Treasurer, IEEE Security and Privacy
USC Information Sciences Institute
4676 Admiralty Way
Marina Del Rey, CA 90292
(310) 822-1511
IEEE CS Press
You may order some back issues from IEEE CS Press at
http://www.computer.org/cspress/catalog/proc9.htm
Computer Security Foundations Symposium
Copies of the proceedings of the Computer Security Foundations
Workshop (now Symposium) are available for $10 each. Copies of
proceedings are available starting with year 10 (1997). Photocopy
versions of year 1 are also $10.
Contact Jonathan Herzog if interested in purchase.
Jonathan Herzog
Department of Computer Science
Naval Postgraduate School
1 University Circle
Monterey, CA 93943
jcherzog@nps.edu
______________________________________________________________________
TC Officer Roster
______________________________________________________________________
Chair: Security and Privacy Chair Emeritus:
Prof. Cynthia Irvine Deborah Shands
U.S. Naval Postgraduate School The Aerospace Corporation
Computer Science Department El Segundo, CA
Code CS/IC oakland07-chair@ieee-security.org
Monterey CA 93943-5118
(831) 656-2461 (voice)
irvine@cs.nps.navy.mil
Vice Chair: Chair, Subcommittee on Academic Affairs:
Hilarie Orman Prof. Cynthia Irvine
Purple Streak, Inc. U.S. Naval Postgraduate School
500 S. Maple Dr. Computer Science Department, Code CS/IC
Salem, UT 84653 Monterey CA 93943-5118
hilarie @purplestreak.com (831) 656-2461 (voice)
irvine@cs.nps.navy.mil
Treasurer: Chair, Subcomm. on Security Conferences:
Terry Benzel Jonathan Millen
USC Information Scieces Intnl The MITRE Corporation, Mail Stop S119
4676 Admiralty Way, Suite 1001 202 Burlington Road Rte. 62
Los Angeles, CA 90292 Bedford, MA 01730-1420
(310) 822-1511 (voice) 781-271-51 (voice)
tbenzel @isi.edu jmillen@mitre.org
Security and Privacy Symposium Newsletter Editor
2008 General Chair: Hilarie Orman
Yong Guan Purple Streak, Inc.
Iowa State University 500 S. Maple Dr.
oakland08-chair@ieee-security.org cipher-editor@ieee-security.org
________________________________________________________________________
BACK ISSUES:
Cipher is archived at: http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year