_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/
_/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/
============================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 83 March 17, 2008
Hilarie Orman, Editor Sven Dietrich, Assoc. Editor
cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org
Yong Guan
Book Review Editor Calendar Editor
cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org
============================================================================
The newsletter is also at http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year
Contents:
* Letter from the Editor
* News Briefs
o A Heart Device Is Found Vulnerable to Hacker Attacks
o Chinese hackers: No site is safe
o Electronic gadgets latest sources of computer viruses
* Commentary and Opinion
o Richard Austin's review of "Mechanics of User Identification
and Authentication: Fundamentals of Identity Management"
by Dobromir Todorov
o Richard Austin's review of The dotCrime Manifesto: How to Stop
Internet Crime
by Philip Hallam-Baker
o Book reviews, Conference Reports and Commentary and News items
from past Cipher issues are available at the Cipher website
* Conference and Workshop Announcements
o Calendar of Upcoming Submission Deadlines and Events
* List of Computer Security Academic Positions, by Cynthia Irvine
* Staying in Touch
o Information for subscribers and contributors
o Recent address changes
* Links for the IEEE Computer Society TC on Security and Privacy
o Becoming a member of the TC
o TC Officers
o TC publications for sale
====================================================================
Letter from the Editor
====================================================================
Dear Readers:
This is the time of year to remind everyone that this newsletter is
published by the IEEE Technical Committee on Security and Privacy,
sponsor of two distinguished computer security events each year. The
Security and Privacy Symposium ("Oakland") is now accepting
registration for attendees. The program is varied and exciting ---
for example "Compromising Reflections -or- How to Read LCD Monitors
Around the Corner". See our www.ieee-security.org website for
pointers to all the conference information, including the two
workshops. The Web 2.0 Security workshop was such a success last year
that it continues on for a second run, and a workshop about digital
forensics is new this year.
The Computer Security Foundations Symposium will be held June in
Pittsburgh. Again, watch our web pages for the program and registration
information.
The news items that I've selected this month are from mainstream
publications in recent weeks. Viruses seem to have continued nearly
unabated over the last many years, long-distance hacking is a
world-wide hobby, and we continue to learn that no digital device is
safe from meddling. These issues, once known only to specialists in
the niche of a new field, are now topics for the popular press. They
are also going to be part of life as we and our descendents will know
it for a very long time to come. Death, taxes, and computer viruses.
Oh, and "bulging capacitors" --- the bane of my life this winter.
Google it.
Hold breath, close eyes, click "install",
Hilarie Orman
cipher-editor @ ieee-security.org
====================================================================
News Briefs
====================================================================
News briefs from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/NewsBriefs.html
____________________________________________________________________
A Heart Device Is Found Vulnerable to Hacker Attacks
By Barnaby J. Feder
New York Times, http://www.nytimes.com/2008/03/12/business/12heart-web.html
March 12, 2008
____________________________________________________________________
The threat seems largely theoretical, but a team of computer security
researchers reports that it has been able to gain wireless access to a
combination heart defibrillator and pacemaker. Two researchers
well-known in the computer security community, Tadayoshi Kohno and
Kevin Fu, were part of the research team, and their reports is
available through http://www.secure-medicine.org
____________________________________________________________________
Chinese hackers: No site is safe
By John Vause, CNN, March 11, 2008
http://www.cnn.com/2008/TECH/03/07/china.hackers/index.html
____________________________________________________________________
There are young Chinese hackers who claim, without proof, to have
broken into Pentagon websites and been paid by the Chinese government.
Although the presence of hackers young or old anywhere in the world is
hardly a surprise, the article claims that the expertise in China is
spread among at least 10,000 people.
____________________________________________________________________
Electronic gadgets latest sources of computer viruses
Thu March 13, 2008, AP Press, reported in CNN
http://www.cnn.com/2008/TECH/ptech/03/13/factory.installed.virus.ap/index.html
____________________________________________________________________
That digital picture frame or GPS unit, so attractive and easy to install,
may come with the dirty old viruses of the past, according to this article.
The corruption may come from media reproduction services overseas, where
the equipment and computers may be infected with or without the knowledge
====================================================================
Commentary and Opinion
====================================================================
Book reviews from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports
are archived at http://www.ieee-security.org/Cipher/ConfReports.html
____________________________________________________________________
Book Reviews By Richard Austin
March 10, 2008
Mechanics of User Identification and Authentication:
Fundamentals of Identity Management
by Dobromir Todorov
____________________________________________________________________
Auerbach 2008.
ISBN 978-1420052190 amazon.com USD75.40
At over 700 pages, this book is not what one would call light reading,
but in its five chapters, it provides an excellent overview of the
current state of authentication practices.
The book opens with an introductory chapter on the concepts of user
identification and authentication. Of particular interest is the
description of the threats (ranging from authentication bypass to
social engineering and dumpster diving) that an identification and
authentication solution must face and counter.
Not too surprisingly. the following two chapters are devoted to
authentication in UNIX and Windows. Coverage is thorough with
numerous examples and case studies that put the concepts into
practice. Tables and illustrations are common and provide ready
reference to capabilities, parameters and usage scenarios.
Chapter 4 is devoted to "Authenticating Access to Services and
Applications" and is the longest chapter in the book. Its discussion
is well organized and proceeds from security programming interfaces
such as the GSS-API, to authentication protocols (NTLM, Kerberos and
SASL) to SSL/TLS. It then discusses authentication in the context of
common applications such as Telnet and FTP, POP3 and IMAP before
moving on to databases such as MS SQL and Oracle. A final section
delves into the newer topics of SAML and WS-Security.
Chapter 5 covers how authentication functions in granting access to
infrastructure such as routers/switches, remote access, wireless and
centralized user authentication using RADIUS and TACACS+.
Unlike many books on such topics, Todorov does not rehash product
documentation and RFC's but focuses on how the technologies actually
work and are used in practice (including many traffic captures as
concrete illustrations) - a good indicator is Appendix B that
describes the layout of the lab that he used while writing the book.
The strengths of the book lie in its broad coverage and significant
level of detail. It is well organized and allows one to quickly
locate and drill down on the particular area of interest. With these
advantages, I would see this book as an excellent reference work that
belongs on the shelf of any practicing security professional.
____________________________________________________________________
Book Review By Richard Austin
March 10, 2008
The dotCrime Manifesto: How to Stop Internet Crime
by Philip Hallam-Baker
____________________________________________________________________
Addison-Wesley 2008.
ISBN 978-0321503589 amazon.com USD21.89 bookpool.com USD19.95
The dotCrime Manifesto: How to Stop Internet Crime by Philip Hallam-Baker.
Addison-Wesley, 2008. ISBN 978-0321503589
amazon.com USD21.89 bookpool.com USD19.95
The Internet is a crime-friendly place: SPAM clogs our EMAIL
infrastructure, phishing EMAILs seem to arrive every other day or so,
viruses and Trojans lurk at every corner to entrap the unwary, and
organized crime seems to see the Internet as the successor to the drug
trade. It's a pretty depressing picture but one that Hallam-Baker
believes can be changed.
The book is divided into four sections that form a logical progression
toward Hallam-Baker's vision of taking the Internet back. The first
section is entitled "People not Bits" and focuses on the human element
of the problem of Internet crime, both perpetrators and victims.
Motives are considered to reveal that, like many other crimes, it
really is all about the money. The "Hollywood stereotype" of the
socially-challenged teenager has been replaced by the skilled criminal
whose objective is not "15 minutes of fame" in an Internet chatroom
but a steady stream of income. Weaknesses in many countermeasures are
traced to a lack of concern for usability and deployment - that bears
repeating, in order for our countermeasures to be effective, they must
actually be usable by the target population and relatively easy to put
into effect.
The second section focuses on "Stopping the Cycle" and begins with a
charming analogy of "SPAM Whack-a-Mole" where one SPAM source is shut
down to only pop up in another place. The point is made that a
significant contributor to the frequency of SPAM is the underlying
lack of accountability in the core messaging protocols and the key
mantra of "authentication, accreditation and consequences" is
introduced as an outline for guiding a solution. SPAM's ugly twin,
the phishing EMAIL, is reviewed and found to flourish in the same
ground of a lack of accountability. To complete the section, the
botnets that play a major role in generating SPAM are examined. The
point is made that many individual "bots" are created with the help of
a SPAM/phishing EMAIL that lures the user into executing a malicious
attachment or visiting a malicious website for a "drive by download".
The third section, "Tools of the Trade" focuses on some of the tools
that will play a part in creating accountability on the Internet. A
relatively painless introduction to cryptography is followed by a good
discussion of what "trust" is and how it can be established and
verified.
The final and longest section, "The Accountable Web", introduces
Hallam-Barker's vision of the future and the tools that will help us
get there. The section describes a mix of techniques that are
available "off the shelf" such as SSL/TLS and others that are under
active development (e.g., "Secure Internet Letterhead"). Chapter 14,
"Secure Identity" is particularly recommended as a clear and cogent
discussion of what "identity" really means and what it required to
establish and use one. Other chapters cover secure transport, secure
messaging, secure names (identities), secure networks, secure
platforms (such as the Trusted Platform Module from the Trusted
Computing Group), and law. The final chapter, "The dotCrime
Manifesto", is hopeful in noting that while the issue of Internet
crime is both huge and difficult, there are ways to address the
underlying problems.
Some of the ideas are controversial - for example, the idea of
accountability for EMAIL will chill some human rights activists with
the thought of a totalitarian regime being able to reliably trace a
dissident's messages, but Hallam-Barker provides good advice -
accountability should be only sufficient for its intended use. A
dissident's EMAIL should have a much lower accountability standard
than a physician's EMAIL communicating a patient's diagnosis.
This book will serve a number of audiences particularly the interested
general reader who wants to go beyond the media reports of SPAM
incidence, fresh phish, etc. As Hallam-Barker points out, if we are
going to "take a bite out of Internet crime", we have to pay attention
to securing the last two feet (the separation between the user and the
keyboard) and most of the people on the other side of that last two
feet are not security professionals. The book also provides a good
overview on accountability for security professionals both to shape
the solutions we pursue and provide context for evaluating the roles
of different technologies.
-----
Before retiring, Richard Austin was the storage network security
architect at a Fortune 25 company and currently earns his bread and
cheese as an iterant university instructor and security consultant.
He welcomes your thoughts and comments at rda7838@kennesaw.edu
====================================================================
Conference and Workshop Announcements
====================================================================
[This month's newsletter does not the topics from recents
calls-for-papers, but they are, as always, up-to-date on
our website at http://www.ieee-security.org ]
Notation regarding proceedings:
NP = No proceedings
AO = Proceedings are distributed to attendees only
BP = Only "best papers" will be published
No notation means that the proceedings will be
published for distribution outside the conference.
2/15/08: Smart Card Research and Advanced Application Conference
(CARDIS), Surrey, UK; Submissions are due;
http://www.scc.rhul.ac.uk/CARDIS/index.html
3/ 4/08- 3/ 7/08: Secure Software Engineering (SecSE), Barcelona,
Catalonia; info SecSE08 "replace with at-character" gmail.com,
http://www.ares-conference.eu/conf/
3/15/08: IEEE Computer and Communications Network Security Symposium
(Globecom), New Orleans, LA; Submissions are due; info:
info: abderrahim.benslimane@univ-avignon.fr;
http://www.IEEE-Globecom.org/2008
3/15/08: Security and Multimodality in Pervasive Environments (SMPE),
Dublin, Ireland; Submissions are due; info: coronato.a@na.ica.cnr.it;
http://www.na.icar.cnr.it/smpe08/
3/16/08- 3/20/08: Symposium on Applied Computing, Track on Trust,
Recommendations, Evidence and other Collaboration Know-how
(SAC-TRECK), Ceará, Brazil; info: Jean-Marc.Seigneur@trustcomp.org
http://www.acm.org/conferences/sac/sac2008/
3/17/08: Digital Forensic Research Workshop (DFRWS), Baltimore, MD;
Submissions are due; http://www.dfrws.org/2008/
3/17/08: Cyber Security and Information Intelligence Research
Workshop (CSIIRW), Oak Ridge, TN; Submissions are due; NP;
http://www.ioc.ornl.gov/csiirw
3/17/08: Interdisciplinary Studies in Information Privacy and
Security (ISIPS), New Brunswick, New Jersey; Submissions are due;
http://www.scils.rutgers.edu/ci/isips/WebPage%20ISIPS%20Practice/index.html
3/18/08- 3/20/08: Symposium on Information, Computer and
Communications Security (ASIACCS), Tokyo, Japan;
http://www.rcis.aist.go.jp/asiaccs08/
3/21/08: Workshop in Information Security Theory and Practices
(WISTP), Sevilla, Spain; Submissions are due; info: wistp2008sec@xlim.fr;
http://wistp2008.xlim.fr/
3/24/08: Security and Privacy for Communication Networks
(Securecomm), Istanbul, Turkey; Submissions are due; NP;
http://www.securecomm.org
3/31/08- 4/ 2/08: Wireless Network Security (WiSec), Alexandria, VA;
http://discovery.csc.ncsu.edu/WiSec08/
3/31/08: European Symposium on Research in Computer Security
(ESORICS), Malaga, Spain; Submissions are due;
http://www.isac.uma.es/esorics08
4/ 4/08: Recent Advances in Intrusion Detection (RAID), Cambridge, MA;
Submissions are due; info: rkc@ll.mit.edu;
http://www.ll.mit.edu/IST/RAID2008/
4/ 7/08- 4/11/08: Asynchronous Circuits and Systems (ASYNC),
Newcastle upon Tyne, UK; http://async.org.uk/async2008/
4/11/08: New Security Paradigms Workshop (NSPW), Squaw Valley, CA;
Submissions are due; http://www.nspw.org
4/14/08: Usability, Psychology, and Security (UPSEC), San Francisco, CA;
info: upsec08chairs@usenix.org, http://www.usenix.org/upsec08/cfp
4/14/08: Conference on Embedded Networked Sensor Systems (SenSys),
Raleigh, NC; Submissions are due; http://sensys.acm.org/2008/
4/18/08: Workshop on Security (IWSEC), Kagawa, Japan; Submissions are due
http://www.iwsec.org
4/21/08: IFIP International Workshop on Network and System Security
(NSS), Shanghai, China; Submissions are due; info: wanlei@deakin.edu.au;
http://nss.cqu.edu.au
4/25/08: International Conference on Network Protocols (ICNP),
Orlando, Florida; Submissions are due; proceedings to attendees only
(AO); info: icnp2008@cs.purdue.edu,
http://www.cs.purdue.edu/homes/fahmy/icnp2008/
4/25/08: Advances in Computer Security and Forensics (ACSF),
Liverpool, UK; Submissions are due; info: J.Haggerty@ljmu.ac.uk; AO;
http://www.cms.livjm.ac.uk/acsf3/
4/30/08: Digital Forensics and Incident Analysis (WDFIA), Malaga, Spain;
Submissions are due; info: wdfia08@aegean.gr;
http://www.aegean.gr/wdfia08
4/30/08: Workshop on Aliasing, Confinement and Ownership (IWACO)
Paphos, Cyprus; Submissions are due; info: mueller@microsoft.com; BP;
(see the ieee-security.org website calendar for more info)
4/30/08: Conference on Risks and Security of Internet and Systems
(CRiSIS), Tozeur, Tunisia; Submissions are due; NP;
http://www.redcad.org/crisis2008/
5/ 9/08: Workshop on Artificial Intelligence for Security (AISec),
Alexandria, VA; Submissions are due; http://www.aisec.info
5/12/08- 5/14/08: Cyber Security and Information Intelligence
Research Workshop (CSIIRW), Oak Ridge, TN; NP,http://www.ioc.ornl.gov/csiirw
5/12/08: Interdisciplinary Studies in Information Privacy and
Security (ISIPS), New Brunswick, New Jersey;
http://www.scils.rutgers.edu/ci/isips/WebPage%20ISIPS%20Practice/index.html
5/13/08- 5/16/08: Workshop in Information Security Theory and
Practices (WISTP), Sevilla, Spain; info: wistp2008sec@xlim.fr
http://wistp2008.xlim.fr/
5/16/08: Workshop on Security and Privacy in Wireless and Mobile
Computing, Networking and Communications (SecPri_WiMob), Avignon,
France; Submissions are due; http://www.aegean.gr/SecPri_WiMob_2008
5/18/08- 5/21/08: Symposium on Security and Privacy (IEEE S&P),
Berkeley/Oakland, CA; info: oakland08-generalchair @ ieee-security.org,
http://www.ieee-security.org/TC/SP2008/oakland08-cfp.html
5/18/08: Asia-Pacific Trusted Infrastructure Technologies Conference
(APTC), Yangtze River Cruiser, China; Submissions are due;
http://grid.hust.edu.cn/aptc08/
5/22/08: Systematic Approaches to Digital Forensic Engineering (SADFE),
Oakland, CA; info: yasinac@cs.fsu.edu,
http://conf.ncku.edu.tw/sadfe/sadfe08/
5/22/08: Workshop on Web 2.0 Security (W2SP), Oakland, CA;
http://www.ieee-security.org/TC/SP2008/oakland08.html
5/23/08: Workshop on Digital Identity Management (DIM), Fairfax, VA;
info: ccs2008-dim_at_lab.ntt.co.jp; Submissions are due; NP;
http://www2.pflab.ecl.ntt.co.jp/dim2008
5/25/08- 5/28/08: Service, Security and its Data management
technologies in Ubi-comp (SSDU), Kunming, China;
http://grid.hust.edu.cn/gpc2008/
6/ 3/08- 6/ 6/08: Applied Cryptography and Network Security (ACNS),
Columbia University, New York City, NY; http://acns2008.cs.columbia.edu/
6/ 3/08- 6/ 6/08: Workshop on Security and High Performance Computing
Systems (SHPCS), Nicosia, Cyprus; proceedings to attendees only (AO);
info: guha@eecs.ucf.edu; http://www.diiga.univpm.it/~spalazzi/nicosia/
6/ 3/08- 6/ 4/08: Applications of Pairing-Based Cryptography: IBE and
Beyond (NIST-IBE), Gaithersburg, MD; info: ibe@nist.gov;
http://csrc.nist.gov/groups/ST/IBE/index.html
6/ 4/08- 6/ 5/08: Symposium on Information Assurance (IASymp),
Albany, NY; AO, http://www.albany.edu/iasymposium
6/20/08: Workshop on Wireless Security and Privacy (WISP), Beijing, China;
info: zjiang@wcupa.edu;
http://www.ieee.org/portal/pages/pubs/transactions/stylesheets.html
6/22/08- 6/27/08: USENIX Annual Technical Conference (USENIX), Boston MA;
info: conference@usenix.org; http://www.usenix.org/events/usenix08/
6/23/08- 6/25/08: Computer Security Foundations Symposium (CSF),
Pittsburgh, PA; http://www.cylab.cmu.edu/CSF2008/
6/25/08- 6/27/08: Workshop on the Economics of Information Security
(WEIS), Hanover, New Hampshire; proceedings to attendees only (AO),
http://weis2008.econinfosec.org
7/ 7/08: (or 7/8/08) ./cfps/cfp-IWACO2008.html>IWACO, Paphos, Cyprus;
info: mueller@microsoft.com; BP
7/ 8/08- 7/18/08: Human Aspects of Information Security & Assurance
(HAISA), Plymouth, UK; info: info@haisa.org; http://www.haisa.org
7/10/08- 7/11/08: Detection of Intrusions and Malware and
Vulnerability Assessment (DIMVA), Paris, France;
http://www.dimva.org/dimva2008/
7/10/08- 7/11/08: Advances in Computer Security and Forensics (ACSF),
Liverpool, UK; info: J.Haggerty@ljmu.ac.uk; AO,
http://www.cms.livjm.ac.uk/acsf3/
7/14/08- 7/16/08: Australasian Conference on Information Security and
Privacy (ACISP), Wollongong, Australia;
http://www.uow.edu.au/conferences
7/21/08- 7/25/08: Security and Multimodality in Pervasive
Environments (SMPE), Dublin, Ireland; info: coronato.a@na.ica.cnr.it;
http://www.na.icar.cnr.it/smpe08/
7/23/08- 7/25/08: Symposium On Usable Privacy and Security (SOUPS),
Carnegie Mellon University, Pittsburgh, PA;
http://cups.cs.cmu.edu/SOUPS/
7/28/08- 8/ 1/08: USENIX Security Symposium (USENIXSec), San Jose, CA;
info: sec08chair@usenix.org; http://www.usenix.org/sec08/cfpa/
8/11/08- 8/13/08: Digital Forensic Research Workshop (DFRWS),
Baltimore, MD; http://www.dfrws.org/2008/
9/ 8/08- 9/10/08: Information Security Conference (SEC), Milan, Italy;
http://sec2008.dti.unimi.it
9/ 8/08- 9/11/08: Smart Card Research and Advanced Application
Conference (CARDIS), Surrey, UK;
http://www.scc.rhul.ac.uk/CARDIS/index.html
9/15/08- 9/17/08: Recent Advances in Intrusion Detection (RAID),
Cambridge, MA; info: rkc@ll.mit.edu; http://www.ll.mit.edu/IST/RAID2008/
9/22/08- 9/25/08: New Security Paradigms Workshop (NSPW),
Squaw Valley, CA; , http://www.nspw.org
9/22/08- 9/25/08: Security and Privacy for Communication Networks
(Securecomm), Istanbul, Turkey; NP, http://www.securecomm.org
10/ 6/08-10/ 8/08: European Symposium on Research in Computer Security
(ESORICS), Malaga, Spain; http://www.isac.uma.es/esorics08
10/ 9/08: Digital Forensics and Incident Analysis (WDFIA), Malaga, Spain;
info: wdfia08@aegean.gr; http://www.aegean.gr/wdfia08
10/12/08: Workshop on Security and Privacy in Wireless and Mobile
Computing, Networking and Communications (SecPri_WiMob), Avignon,
France; http://www.aegean.gr/SecPri_WiMob_2008
10/14/08-10/17/08: Asia-Pacific Trusted Infrastructure Technologies
Conference (APTC), Yangtze River Cruiser, China;
http://grid.hust.edu.cn/aptc08/
10/18/08-10/19/08: IFIP International Workshop on Network and System
Security (NSS), Shanghai, China; info: wanlei@deakin.edu.au;
http://nss.cqu.edu.au
10/19/08-10/22/08: International Conference on Network Protocols
(ICNP), Orlando, Florida; proceedings to attendees only (AO);
info: icnp2008@cs.purdue.edu; http://www.cs.purdue.edu/homes/fahmy/icnp2008/
10/27/08: Workshop on Artificial Intelligence for Security (AISec),
Alexandria, VA; http://www.aisec.info
10/28/08-10/30/08: Conference on Risks and Security of Internet and
Systems (CRiSIS), Tozeur, Tunisia; NP,
http://www.redcad.org/crisis2008/
10/31/08: NIST SHA3 Hash Functio Competition (NIST-SHA3),
info: bstein@nist.gov; Submissions are due;
http://www.nist.gov/hash-competition
10/31/08: Workshop on Digital Identity Management (DIM), Fairfax, VA;
info: ccs2008-dim_at_lab.ntt.co.jp; NP,
http://www2.pflab.ecl.ntt.co.jp/dim2008
11/ 5/08-11/ 7/08: Conference on Embedded Networked Sensor Systems
(SenSys), Raleigh, NC; http://sensys.acm.org/2008/
11/25/08-11/27/08: Workshop on Security (IWSEC), Kagawa, Japan,
http://www.iwsec.org
11/30/08-12/ 4/08: IEEE Computer and Communications Network Security
Symposium (Globecom), New Orleans, LA; http://www.IEEE-Globecom.org/2008
info: abderrahim.benslimane@univ-avignon.fr,
====================================================================
Upcoming Calls-For-Papers and Events
====================================================================
The complete Cipher Calls-for-Papers is located at
http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html
The Cipher event Calendar is at
http://www.ieee-security.org/Calendar/cipher-hypercalendar.html
====================================================================
Listing of academic positions available
by Cynthia Irvine
====================================================================
http://cisr.nps.edu/jobscipher.html
--------------
This job listing is maintained as a service to the academic
community. If you have an academic position in computer security and
would like to have in it included on this page, send the following
information:
Institution,
City, State,
Position title,
date position announcement closes, and
URL of position description
to: irvine@cs.nps.navy.mil
====================================================================
Information on the Technical Committee on Security and Privacy
====================================================================
____________________________________________________________________
Information for Subscribers and Contributors
____________________________________________________________________
SUBSCRIPTIONS:
Two options, each with two options:
1. To receive the full ascii CIPHER issues as e-mail, send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe".
OR
send a note to cipher-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
2. To receive a short e-mail note announcing when a new issue of
CIPHER is available for Web browsing send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe postcard".
OR
send a note to cipher-postcard-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
To remove yourself from the subscription list, send e-mail to
cipher-admin@ieee-security.org with subject line "unsubscribe" or
"unsubscribe postcard" or, if you have subscribed directly to the
xmission.com mailing list, use your password (sent monthly) to
unsubscribe per the instructions at
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard
Those with access to hypertext browsers may prefer to read Cipher
that way. It can be found at URL http://www.ieee-security.org/cipher.html
CONTRIBUTIONS:
to cipher @ ieee-security.org are invited. Cipher is a NEWSletter,
not a bulletin board or forum. It has a fixed set of departments,
defined by the Table of Contents. Please indicate in the
subject line for which department your contribution is intended.
Calendar and Calls-for-Papers entries should be sent to
cipher-cfp @ ieee-security.org
and they will be automatically included in both departments. To
facilitate the semi-automated handling, please send either a text
version of the CFP or a URL from which a text version can be easily
obtained. For Calendar entries, please include a URL and/or e-mail
address for the point-of-contact. For Calls for Papers, please submit
a one paragraph summary. See this and past issues for examples. ALL
CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS
APPLY. All reuses of Cipher material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy,
publications using Cipher material should obtain permission from the
contributors.
____________________________________________________________________
Recent Address Changes
____________________________________________________________________
Address changes from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/AddressChanges.html
_____________________________________________________________________
How to become <> a member of the
IEEE Computer Society's TC on Security and Privacy
_____________________________________________________________________
You may easily join the TC on Security & Privacy by completing
the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm
______________________________________________________________________
TC Publications for Sale
______________________________________________________________________
IEEE Security and Privacy Symposium
The 2007 proceedings are available in hardcopy for $30.00, the
28 year CD is $20.00, plus shipping and handling.
The 2006 Symposium proceedings and 11-year CD are sold out.
The 2005, 2004, and 2003 Symposium proceedings are available for $10
plus shipping and handling.
Shipping is $4.00/volume within the US, overseas surface mail is
$7/volume, and overseas airmail is $11/volume, based on an order of 3
volumes or less. The shipping charge for a CD is $1 per CD (no charge
if included with a hard copy order). Send a check made out to the
IEEE Symposium on Security and Privacy to the 2007 treasurer (below)
with the order description, including shipping method, and send email
to the 2007 Registration Chair (Yong Guan) (oakland07-registration @
ieee-security.org) with the shipping address, please.
Terry Benzel
Treasurer, IEEE Security and Privacy
USC Information Sciences Institute
4676 Admiralty Way
Marina Del Rey, CA 90292
(310) 822-1511
IEEE CS Press
You may order some back issues from IEEE CS Press at
http://www.computer.org/cspress/catalog/proc9.htm
Computer Security Foundations Symposium
Copies of the proceedings of the Computer Security Foundations
Workshop (now Symposium) are available for $10 each. Copies of
proceedings are available starting with year 10 (1997). Photocopy
versions of year 1 are also $10.
Contact Jonathan Herzog if interested in purchase.
Jonathan Herzog
Department of Computer Science
Naval Postgraduate School
1 University Circle
Monterey, CA 93943
jcherzog@nps.edu
______________________________________________________________________
TC Officer Roster
______________________________________________________________________
Chair: Security and Privacy Chair Emeritus:
Prof. Cynthia Irvine Deborah Shands
U.S. Naval Postgraduate School The Aerospace Corporation
Computer Science Department El Segundo, CA
Code CS/IC oakland07-chair@ieee-security.org
Monterey CA 93943-5118
(831) 656-2461 (voice)
irvine@nps.edu
Vice Chair: Chair, Subcommittee on Academic Affairs:
Hilarie Orman Prof. Cynthia Irvine
Purple Streak, Inc. U.S. Naval Postgraduate School
500 S. Maple Dr. Computer Science Department, Code CS/IC
Salem, UT 84653 Monterey CA 93943-5118
hilarie @purplestreak.com (831) 656-2461 (voice)
irvine@nps.edu
Treasurer: Chair, Subcomm. on Security Conferences:
Terry Benzel Jonathan Millen
USC Information Scieces Intnl The MITRE Corporation, Mail Stop S119
4676 Admiralty Way, Suite 1001 202 Burlington Road Rte. 62
Los Angeles, CA 90292 Bedford, MA 01730-1420
(310) 822-1511 (voice) 781-271-51 (voice)
tbenzel @isi.edu jmillen@mitre.org
Security and Privacy Symposium Newsletter Editor
2008 General Chair: Hilarie Orman
Yong Guan Purple Streak, Inc.
Iowa State University 500 S. Maple Dr.
oakland08-chair@ieee-security.org cipher-editor@ieee-security.org
________________________________________________________________________
BACK ISSUES:
Cipher is archived at: http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year