_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 92 September 15, 2009 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion o Richard Austin's review of "Beautiful Security: Leading Security Experts Explain How They Think" by Andy Oram and Jon Viega, Eds. o Review of the ARO Workshop on Digital Forensics (Arlington, VA, September 10-11, 2009) by Yong Guan o New NIST publication on Key Establishment (September 3, 2009) from Elaine Barker o New NIST publication on the Cryptographic Key Management Workshop (received August 24, 2009) from Sarah Caswell o NIST Draft Secure Domain Name System (DNS) Deployment Guide o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements o Upcoming calls-for-papers and events * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers, This month's issue features a Richard Austin book review of 16 essays from leading computer security gurus on the theme of "security is beautiful". The review caused me to reflect on the history of the field and to contrast early attitudes vs. current ones. Another event that caused reflection was the surprisingly widespread embedding of well-presented malware in the ads distributed to major newspapers during the past week. What's beautiful about this field? In the early days, security research meant designing total solutions for security and privacy. Provably secure operating systems and public key cryptography seemed to be the underpinnings of a future free of security problems. However, research was left behind in the dust of the digital information age, as the benefits of computers and networks led to an explosion of commercial software and data communication. The field was not going to stand still while waiting for perfectly secure software. Then a Pandora's box of malware, driven by an odd combination of adventurers and criminals, ensconced itself into the digital milieu, and all the awful predictions, save the most devastating, reiterated regularly by security gurus, came to pass, and still, the computers went on computing and the users continued to rely on them, and life, digitally, went on. I think the allure of the field is that almost any security solution has a place in the aggregate anti-malware force field that keeps us secure enough for practical purposes. The beauty is in the details of designing applications that are security-aware or security supporting, like a craftsman who can fit a wooden window frame perfectly. Perhaps we should call the today's field "security craftsmanship (research)". Bad choice for today: "Click here for a free anti-virus scan of your hard drive", Hilarie Orman Cipher Editor ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin September 13, 2009 ____________________________________________________________________ "Beautiful Security: Leading Security Experts Explain How They Think" by Andy Oram and Jon Viega, Eds. O'Reilly 2009. ISBN 978-0-596-52748-8 Amazon.com USD 34.07 Information security could be called many things: a head-on collision between people and technology, or a glistening Eldorado that lies forever tantalizingly just out of reach, but could it ever be called "beautiful"? In the preface, Oram opines that though information security (as opposed to "hacking") is often perceived as boring, it is "not tedious, not bureaucratic, and not constraining. In fact, it exercises the imagination like nothing else in technology" (p., xii). The following 16 chapters provide opportunities for well-known experts (the author list reads like a "Who's Who" of the security industry) to describe their particular specialty and give a glimpse of why they find it fascinating and even, perhaps, beautiful. The topics surveyed cover a broad expanse of the security landscape, for example, "Mudge" Zatko's take on "Psychological Security Traps" (where he introduces the very useful concept of "learned helplessness" as the reason for why so many give up on "doing the good they know they should do") , Phil Zimmermann and Jon Callas's "The Evolution of PGP's Web of Trust", Randy Sabettt's "Oh No, here come the information security lawyers!" and Anton Chuvakin's "Beautiful Log Handling". The authors do a great job of keeping to a high level presentation and avoiding the temptation to delve into technical detail. Perhaps the most "technical" material in the entire book is Mudge's discussion of how NTLM (Microsoft's NT LAN Manager) authentication hashes work, but that is done relatively painlessly with the aid of some great graphics. With sixteen authors you might expect the quality of the writing to vary, and it does, sometimes seeming to lose sight of the collection's theme of "Beautiful Security". All in all, those are minor blemishes in a work that manages to give, in a scant 258 pages, a masterful overview of the themes of modern information security. This book will appeal to a wide audience both inside and outside the security profession. For security professionals, it's a good antidote for our tendency to develop "tunnel vision" around our particular area of expertise by reminding us of just how broad our field really is. For the general reader, including those contemplating a career in information security but put off by the perception of it as endless repetition of "patch and pray", it's a very readable introduction to a critical and fascinating field of human endeavor. The authors are to be commended for their decision to donate the royalties from the book to the IETF. ------ Before beginning life as an itinerant university instructor and cybersecurity consultant, Richard Austin was the storage network security architect for a Fortune 25 company. He welcomes your thoughts and comments at rausti19 at Kennesaw dot edu ____________________________________________________________________ Review of the ARO Workshop on Digital Forensics Arlington, VA, September 10-11, 2009 by Yong Guan ____________________________________________________________________ Mr. Steven D. Shirley (Director of the DoD Cyber Crime Center) and Mr. Thomas G. Motta (Section Chief of Digital Evidence, FBI) were invited to give the keynote speeches. This workshop had 75 attendees from DHS, DoD, DOE, FBI, NIJ, NIST, academia, and industry, and discussed research challenges, approaches, and roadmaps in the area of digital forensics. The workshop report will be released soon after the workshop. For more info, please see http://www.engineering.iastate.edu/~guan/ARO-DF/index.html. ____________________________________________________________________ NIST Press Release, New Publication on Key Establishment September 3, 2009 by Elaine Barker ____________________________________________________________________ NIST announces the completion of Special Publication (SP) 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. This Recommendation provides the specifications of key establishment schemes that are based on a standard developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.44, Key Establishment using Integer Factorization Cryptography. SP 800-56B provides asymmetric-based key agreement and key transport schemes that are based on the Rivest Shamir Adleman (RSA) algorithm. URL: http://csrc.nist.gov/publications/PubsSPs.html#800-56B ____________________________________________________________________ NIST Press Release, Cryptographic Key Management Workshop Summary Received August 24, 2009 from Sarah Caswell ____________________________________________________________________ NIST announces that the Draft NIST Interagency Report 7609, Cryptographic Key Management Workshop Summary (June 8-9, 200), is available for public comment at http://csrc.nist.gov/publications/drafts/ir7609/draft-nistir-7609.pdf The Cryptographic Key Management (CKM) workshop was initiated by the NIST Computer Security Division to identify and develop technologies that would allow organizations to leap ahead of normal development lifecycles to vastly improve the security of future sensitive and valuable computer applications. The workshop was the first step in developing a CKM framework. This summary provides the highlights of the presentations, organized by both topic and by presenter. Please provide comments by September 18, 2009 to ebarker@nist.gov, with "Comments on the Key Management Workshop Report" in the subject line. ____________________________________________________________________ NIST DRAFT Secure Domain Name System (DNS) Deployment Guide August 26, 2009 ____________________________________________________________________ NIST has drafted another revision of the document "Secure Domain Name System (DNS) Deployment Guide" (SP 800-81). This revision addresses all the comments and feedback received for the first revision through public comments in March 2009, in addition to adding 3 more subsections described below. After addressing the public comments received in this round, it will be published as NIST SP 800-81r1. Federal agencies and private organizations as well as individuals are invited to review this draft and submit comments to NIST by sending them to SecureDNS@nist.gov before September 30, 2009. Comments will be reviewed and posted on the CSRC website. All comments will be analyzed, consolidated, and used in revising the draft Guidelines before final publication. A brief description of the 3 new subsections is given below: What is New in this revision leading to SP 800-81r1: (1) Guidelines on Procedures for migrating to a new Cryptographic Algorithm for signing of the Zone (Section 11.5). (2) Guidelines for Procedures for migrating to NSEC3 specifications from NSEC for providing authenticated denial of existence (Section 11.6). (3) Deployment Guidelines for Split-Zone under different scenarios (Section 11.7). http://www.csrc.nist.gov/publications/drafts/800-81-rev1/nist_draft_sp800-81r1-round2.pdf ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 9/14/09- 9/18/09: SECURECOMM, 5th International ICST Conference on Security and Privacy for Communication Networks, Athens, Greece; http://www.securecomm.org 9/15/09: EC2ND, 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy; http://2009.ec2nd.org/; Submissions are due 9/15/09: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain; http://fc10.ifca.ai/; Submissions are due 9/21/09: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA; http://www.sigsac.org/wisec/WiSec2010; Submissions are due 9/21/09- 9/25/09: ESORICS, 14th European Symposium on Research in Computer Security, Saint Malo, France; http://www.esorics.org 9/24/09: DPM, 4th International Workshop on Data Privacy Management, Saint Malo, Britany, France; http://dpm09.dyndns.org/ 9/24/09- 9/25/09: SETOP, International Workshop on Autonomous and Spontaneous Security, Held in conjunction with ESORICS 2009, Saint Malo, Britany, France; http://conferences.telecom-bretagne.eu/setop-2009 9/24/09- 9/25/09: STM, 5th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2009 Saint Malo, France; http://stm09.dti.unimi.it 9/27/09- 9/30/09: SRDS, 28th International Symposium on Reliable Distributed Systems, Niagara Falls, New York, USA; http://www.cse.buffalo.edu/srds2009/ 9/28/09: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China; http://www.dacas.cn/asiaccs2010; Submissions are due 9/30/09: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy; http://distrinet.cs.kuleuven.be/events/essos2010; Submissions are due 9/30/09: SecSE, 4th International Workshop on Secure Software Engineering, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland; http://www.sintef.org/secse; Submissions are due 9/30/09-10/ 2/09: ICDF2C, International Conference on Digital Forensics & Cyber Crime, Albany, NY, USA; http://www.d-forensics.org/ 10/ 1/09: SPattern, 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland; http://www-ifs.uni-regensburg.de/spattern10/; Submissions are due 10/ 6/09-10/10/09: SIN, 2nd ACM International Conference on Security of Information and Networks, Eastern Mediterranean University, Gazimagusa, TRNC, North Cyprus; http://www.sinconf.org/cfp/cfp.htm 10/ 9/09: RFIDsec, The 2010 Workshop on RFID Security, Singapore; http://rfidsec2010.i2r.a-star.edu.sg/; Submissions are due 10/11/09: VizSec, Workshop on Visualization for Cyber Security, Atlantic City, NJ, USA; http://vizsec.org/vizsec2009/ 10/12/09: SecPri-WiMob, International Workshop on Security and Privacy in Wireless and Mobile Computing, Networking and Communications, Held in the 5th IEEE International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob 2009), Marrakech, Morocco; http://www.icsd.aegean.gr/SecPri_WiMob_2009/ 10/12/09-10/14/09: TSP, IEEE International Symposium on Trust, Security and Privacy for Pervasive Applications, Held in conjunction with the IEEE International Conference on Mobile Ad-hoc and Sensor Systems (MASS 2009), Macau SAR, China; http://trust.csu.edu.cn/conference/tsp2009/ 10/14/09: MetriSec, 5th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2009), Lake Buena Vista, Florida, USA; http://www.cs.kuleuven.be/conference/MetriSec2009/ 10/15/09: Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures; http://ees.elsevier.com/jsa/; Submissions are due 10/15/09: WECSR, Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain; http://www.cs.stevens.edu/~spock/wecsr2010/; Submissions are due 10/18/09: SESOC, International Workshop on SECurity and SOCial Networking, Mannheim, Germany; http://www.sesoc.org; Submissions are due 10/19/09-10/21/09: NSS, 3rd International Conference on Network & System Security, Gold Coast, Australia; http://nss2007.cqu.edu.au/FCWViewer/view.do?page=8494 10/19/09-10/21/09: DMM, 1st International Workshop on Denial of Service Modelling and Mitigation, Held in conjunction with 3rd International Conference on Network & System Security (NSS 2009), Gold Coast, Australia; http://conf.isi.qut.edu.au/dmm2009 10/28/09-10/30/09: IWSEC, 4th International Workshop on Security, Toyama, Japan; http://www.iwsec.org 10/31/09: Springer Requirements Engineering journal, Special Issue on Digital Privacy: Theory, Policies and Technologies; http://www.springer.com/computer/programming/journal/766; Submissions are due 11/ 1/09: Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks; http://www.elsevier.com/locate/comcom; Submissions are due 11/ 1/09-11/ 6/09: LISA, 23rd USENIX Large Installation System Administration Conference, Baltimore, MD, USA; http://usenix.org/events/lisa09/ 11/ 1/09-11/ 6/09: IS, 4th International Symposium on Information Security, Vilamoura, Algarve-Portugal; http://www.onthemove-conferences.org/index.php?option=com_content&view=article&id=65&Itemid=140 11/ 5/09-11/ 6/09: FAST, 6th International Workshop on Formal Aspects in Security and Trust, Eindhoven, the Netherlands; http://www.iit.cnr.it/FAST2009/ 11/ 9/09-11/10/09: EC2ND, 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy; http://2009.ec2nd.org/ 11/ 9/09-11/13/09: CCS, 16th ACM Conference on Computer and Communications Security, Chicago, IL, USA; http://sigsac.org/ccs/CCS2009/index.shtml 11/ 9/09: SafeConfig, Workshop on Assurable & Usable Security Configuration, Held on conjunction with the ACM CCS 2009, Chicago, IL, USA; http://www.arc.cs.depaul.edu/~ehab/ccs/safeconfig09/ 11/11/09: TrustCol, 4th International Workshop on Trusted Collaboration, Crystal City, Washington DC; http://scl.cs.nmt.edu/trustcol09 11/13/09: STC, 4th Annual Workshop on Scalable Trusted Computing, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; http://projects.cerias.purdue.edu/stc2009/call.html 11/13/09: SWS, ACM Workshop on Secure Web Services, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; http://sesar.dti.unimi.it/SWS09/ 11/13/09: SPIMACS, ACM Workshop on Security and Privacy in Medical and Home-Care Systems, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; http://www.infosecon.net/SPIMACS/cfp.php 11/13/09: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 16th ACM Conference on Computer and Communications Security (CCS 2009), Chicago, IL, USA; http://crypto.cs.stonybrook.edu/ccsw09 11/15/09: IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information; https://mc.manuscriptcentral.com/cs-ieee; Submissions are due 11/18/09: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA; http://oakland10.cs.virginia.edu/cfp.html; Submissions are due 11/18/09-11/20/09: IWNS, International Workshop on Network Steganography, Held in conjunction with the International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, Hubei, China; http://stegano.net/workshop 11/18/09-11/20/09: SECMCS, Workshop on Secure Multimedia Communication and Services, Held in conjunction with the 2009 International Conference on Multimedia Information Networking and Security (MINES 2009), Wuhan, China; http://liss.whu.edu.cn/mines2009/SECMCS.htm 11/30/09: MidSec, 2nd Workshop on Middleware Security, Held in conjunction with the 10th ACM/IFIP/USENIX International Middleware Conference (MIDDLEWARE 2009), Urbana Champaign, Illinois, USA; http://www.cs.kuleuven.be/conference/MidSec2009/ 12/ 6/09-12/ 9/09: WIFS, 1st IEEE International Workshop on Information Forensics and Security, London, UK; http://www.wifs09.org 12/ 6/09-12/10/09: ASIACRYPT, 15th Annual International Conference on the Theory and Application of Cryptology and Information Security, Tokyo, Japan; http://asiacrypt2009.cipher.risk.tsukuba.ac.jp 12/ 7/09-12/11/09: ACSAC, 25th Annual Computer Security Applications Conference, Honolulu, Hawaii, USA; http://www.acsac.org 12/ 8/09-12/11/09: ICPADS, 15th IEEE International Conference on Parallel and Distributed Systems, Shenzhen, China; http://www.comp.polyu.edu.hk/conference/icpads09/ 12/ 9/09-12/11/09: ReConFig, International Conference on ReConFigurable Computing and FPGAs, Special Track on Reconfigurable Computing for Security and Cryptography, Cancun, Mexico; http://www.reconfig.org 12/10/09-12/12/09: F2GC, 2nd International Workshop on Forensics for Future Generation Communication environments, Jeju, Korea; http://www.ftrg.org/F2GC2009/ 12/10/09-12/12/09: MPIS, 2nd International Workshop on Multimedia, Information Privacy and Intelligent Computing Systems, Jeju, Korea; http://www.ftrg.org/MPIS2009/ 12/12/09-12/14/09: CANS, 8th International Conference on Cryptography and Network Security, Kanazawa, Ishikawa, Japan; http://www.rcis.aist.go.jp/cans2009/ 12/12/09-12/14/09: UbiSafe, 2nd IEEE International Symposium on Ubisafe Computing; Chengdu, China; http://cs.okstate.edu/ubisafe09/ 12/12/09-12/14/09: SCC, Workshop on Security in Cloud Computing, Chengdu, Sichuan, China; http://bingweb.binghamton.edu/~ychen/SCC09.htm 12/12/09-12/15/09: Inscrypt, 5th China International Conference on Information Security and Cryptology, Beijing China; http://www.inscrypt.cn/ 12/14/09: TaPP, 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA; http://www.usenix.org/events/tapp10/cfp/; Submissions are due 12/14/09-12/18/09: ICISS, 5th International Conference on Information Systems Security, Kolkata, India; http://www.eecs.umich.edu/iciss09/ 12/17/09-12/19/09: INTRUST, The International Conference on Trusted Systems, Beijing, P. R. China; http://www.tcgchina.org 12/19/09: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan; http://www.ifip-tm2010.org/; Submissions are due 12/31/09: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA; http://www.ifip1110.org; Submissions are due 1/ 3/10- 1/ 6/10: IFIP-DF, 6th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Hong Kong, Hong Kong; http://www.ifip119.org/Conferences/WG11-9-CFP-2010.pdf 1/ 5/10- 1/ 8/10: HICSS-DF, 43rd Hawaii International Conference on System Sciences, Digital Forensics Minitrack, Koloa, Kauai, Hawaii; http://www.hicss.hawaii.edu/hicss_43/apahome43.html 1/25/10- 1/28/10: FC, Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain; http://fc10.ifca.ai/ 1/28/10- 1/29/10: WECSR, Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain; http://www.cs.stevens.edu/~spock/wecsr2010/ 2/ 3/10- 2/ 4/10: ESSoS, 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy; http://distrinet.cs.kuleuven.be/events/essos2010 2/ 5/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China; http://www.tcgchina.org/acns2010/; Submissions are due 2/15/10- 2/18/10: SecSE, 4th International Workshop on Secure Software Engineering, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland; http://www.sintef.org/secse 2/15/10- 2/18/10: SPattern, 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland; http://www-ifs.uni-regensburg.de/spattern10/ 2/17/10- 2/19/10: SNDS, 18th Euromicro International Conference on Parallel, Distributed and network-based Processing, Special Session on Security in Networked and Distributed Systems, Pisa, Italy; http://www.comsec.spb.ru/SNDS10/ 2/22/10- 2/23/10: RFIDsec, The 2010 Workshop on RFID Security, Singapore; http://rfidsec2010.i2r.a-star.edu.sg/ 2/22/10: TaPP, 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA; http://www.usenix.org/events/tapp10/cfp/ 2/28/10- 3/ 3/10: NDSS, 17th Annual Network & Distributed System Security Symposium, San Diego, CA, USA; http://www.isoc.org/isoc/conferences/ndss/10/cfp.shtml 3/14/10- 3/17/10: IFIP-CIP, 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA; http://www.ifip1110.org 3/22/10- 3/24/10: WiSec, 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA; http://www.sigsac.org/wisec/WiSec2010 3/22/10- 3/26/10: SAC-CF, 25th ACM Symposium on Applied Computing, Computer Forensics Track, Sierre, Switzerland; http://comp.uark.edu/~bpanda/sac2010cfp.pdf 3/22/10- 3/26/10: SAC-TRECK, 25th ACM Symposium on Applied Computing, Trust, Reputation, Evidence and other Collaboration Know-how Track, Sierre, Switzerland; http://www.trustcomp.org/treck/ 3/22/10- 3/26/10: SAC-ISRA, 25th ACM Symposium on Applied Computing, Information Security Research and Applications Track, Sierre, Switzerland; http://www.albany.edu/~er945/CfP_SAC2010_ISRA.html 3/22/10- 3/26/10: SAC-SEC, 25th ACM Symposium on Applied Computing, Computer Security Track, Sierre, Switzerland; http://www.dmi.unict.it/~giamp/sac/10cfp.html 3/29/10- 4/ 2/10: SESOC, International Workshop on SECurity and SOCial Networking, Mannheim, Germany; http://www.sesoc.org 4/13/10- 4/16/10: ASIACCS, 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China; http://www.dacas.cn/asiaccs2010 5/16/10- 5/19/10: SP, 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA; http://oakland10.cs.virginia.edu/cfp.html 6/16/10- 6/18/10: IFIP-TM, 4th IFIP International Conference on Trust Management, Morioka, Japan; http://www.ifip-tm2010.org/ 6/22/10- 6/25/10: ACNS, 8th International Conference on Applied Cryptography and Network Security, Beijing, China; http://www.tcgchina.org/acns2010/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since 91) ------------------------------------------------------------------------- FC 2010 Financial Cryptography and Data Security, Tenerife, Canary Islands, Spain, January 25-28, 2010. (Submissions due 15 September 2009) http://fc10.ifca.ai/ Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged. ------------------------------------------------------------------------- EC2ND 2009 5th European Conference on Computer Network Defence, Politecnico di Milano, Milano, Italy, November 12-13, 2009. (Submissions due 15 September 2009) http://2009.ec2nd.org/ The theme of the conference is the protection of computer networks. The conference will draw participants from academia and industry in Europe and beyond to discuss hot topics in applied network and systems security. EC2ND invites submissions presenting novel ideas at an early stage with the intention to act as a discussion forum and feedback channel for promising, innovative security research. While our goal is to solicit ideas that are not completely worked out, and might have challenging and interesting open questions, we expect submissions to be supported by some evidence of feasibility or preliminary quantitative results. Topics include but are not limited to: - Intrusion Detection - Denial-of-Service - Privacy Protection - Security Policy - Peer-to-Peer and Grid Security - Network Monitoring - Web Security - Vulnerability Management and Tracking - Network Forensics - Wireless and Mobile Security - Cryptography - Network Discovery and Mapping - Incident Response and Management - Malicious Software - Web Services Security - Legal and Ethical Issues ------------------------------------------------------------------------- WiSec 2010 3rd ACM Conference on Wireless Network Security, Stevens Institute of Technology, Hoboken, NJ, USA, March 22-24, 2010. (Submissions due 21 September 2009) http://www.sigsac.org/wisec/WiSec2010 As wireless networks become ubiquitous, their security gains in importance. The ACM Conference on Wireless Network Security (WiSec) aims at exploring attacks on wireless networks as well as techniques to thwart them. The considered networks encompass cellular, metropolitan, local area, vehicular, ad hoc, satellite, underwater, cognitive radio, and sensor networks, as well as RFID. Topics of interest include, but are not limited to: - Naming and addressing vulnerabilities - Key management in wireless/mobile environments - Secure neighbor discovery / Secure localization - Secure PHY and MAC protocols - Trust establishment - Intrusion detection, detection of malicious behavior - Revocation of malicious parties - Denial of service - User privacy, location privacy - Anonymity, prevention of traffic analysis - Identity theft and phishing in mobile networks - Charging - Cooperation and prevention of non-cooperative behavior - Economics of wireless security - Vulnerability and attack modeling - Incentive-aware secure protocol design - Jamming/Anti-jamming communication - Cross-layer design for security - Monitoring and surveillance - Cryptographic primitives for wireless communication - Formal methods for wireless security - Mobile platform and systems (OS and application) security ------------------------------------------------------------------------- ASIACCS 2010 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, April 13-16, 2010. (Submissions due 28 September 2009) http://www.dacas.cn/asiaccs2010 ASIACCS is a major international forum for information security researchers, practitioners, developers, and users to explore and exchange the latest cyber-security ideas, breakthroughs, findings, techniques, tools, and experiences. We invite submissions from academia, government, and industry presenting novel research on all theoretical and practical aspects of computer and network security. Topics of interest include, but are not limited to: - anonymity - access control - secure networking - accounting and audit - key management - intrusion detection - authentication - smartcards - data and application security - Malware and botnets - privacy-enhancing technology - software security - inference/controlled disclosure - intellectual-property protection - digital-rights management - trusted computing - phishing and countermeasures - commercial and industry security - security management - web security - applied cryptography - mobile-computing security - cryptographic protocols - data/system integrity - information warfare - formal methods for security - identity management - security in ubiquitous computing, e.g., RFIDs - security and privacy for emerging technologies, e.g., VoIP, peer-to-peer and overlay network systems, Web 2.0 ------------------------------------------------------------------------- ESSoS 2010 2nd International Symposium on Engineering Secure Software and Systems, Pisa, Italy, February 3-4, 2010. (Submissions due 30 September 2009) http://distrinet.cs.kuleuven.be/events/essos2010 The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The symposium will feature two days of technical program as well as one day of tutorials. The technical program includes an experience track for which the submission of highly informative case studies describing (un)successful secure software project experiences and lessons learned is explicitly encouraged. Topics of interest include, but are not limited to: - scalable techniques for threat modeling and analysis of vulnerabilities - specification and management of security requirements and policies - security architecture and design for software and systems - model checking for security - specification formalisms for security artifacts - verification techniques for security properties - systematic support for security best practices - security testing - security assurance cases - programming paradigms, models and DLS's for security - program rewriting techniques - processes for the development of secure software and systems - security-oriented software reconfiguration and evolution - security measurement - automated development - trade-off between security and other non-functional requirements - support for assurance, certification and accreditation ------------------------------------------------------------------------- SecSE 2010 4th International Workshop on Secure Software Engineering, Held in conjunction with ARES 2010, Krakow, Poland, February 15-18, 2010. (Submissions due 30 September 2009) http://www.sintef.org/secse Software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defence mechanisms like IDS and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This workshop will focus on techniques, experiences and lessons learned for building secure and dependable software. Suggested topics include, but are not limited to: - Secure architecture and design - Security in agile software development - Aspect-oriented software development for secure software - Security requirements - Risk management in software projects - Secure implementation - Secure deployment - Testing for security - Quantitative measurement of security properties - Static and dynamic analysis for security - Verification and assurance techniques for security properties - Lessons learned - Security and usability - Teaching secure software development - Experience reports on successfully attuning developers to secure software engineering ------------------------------------------------------------------------- SPattern 2010 4th International Workshop on Secure systems methodologies using patterns, Held in conjunction with the 5th International Conference on Availability, Reliability and Security (ARES 2010), Krakow, Poland, February 15-18, 2010. (Submissions due 1 October 2009) http://www-ifs.uni-regensburg.de/spattern10/ Security patterns have arrived to a stage where there are a significant number of them, two books about them have been published, and industry is starting to accept and use them. Analysis and design patterns have been around for about ten years and have found practical use in many projects. They have been incorporated into several software development methodologies where less experienced developers can use them to receive the advice and knowledge of experts. The situation is not so clear for security patterns because no accepted methodology exists for their use. Catalogs of security patterns are a good step, but they are not enough. Building secure systems is a difficult process where security aspects are interlaced with the satisfaction of functional requirements. Developers are typically experts on a language or a development methodology but know little about security, which results in them not knowing what security mechanisms make sense at which moments. We need methodologies that guide a designer at each stage of the development cycle. A few of them have appeared, but none of them has been tested in production applications. This workshop focuses on secure software methodologies. We seek papers describing individual security patterns, new methodologies, new aspects of existing methodologies, pattern languages to use in the methodologies, reference architectures, blueprints, and related aspects. Experiences in applying the methodologies to real situations are especially welcome. ------------------------------------------------------------------------- RFIDsec 2010 The 2010 Workshop on RFID Security, Singapore, February 22-23, 2010. (Submissions due 9 October 2009) http://rfidsec2010.i2r.a-star.edu.sg/ RFIDSec aims to provide a major forum to address the fundamental issues in theory and practice related to security and privacy issues, designs, standards, and case studies in the development of RFID systems and EPCglobal network. Papers representing original research in both the theory and practice concerning RFID security are solicited. Topics of interest include, but are not limited to: - New applications for secure RFID systems - Data protection and privacy-enhancing techniques for RFID - Cryptographic protocols for RFID - Authentication protocols - Key update mechanisms - Scalability issues - Integration of secure RFID systems - Middleware and security - Public-key infrastructures - Resource-efficient implementation of cryptography - Small-footprint hardware - Low-power architectures - Attacks on RFID systems such as RFID malwares - RFID security hardware such as RFID with PUF - Trust model, data protection and sharing for EPCglobal Network ------------------------------------------------------------------------- Journal of System Architecture, Special Issue on Security and Dependability Assurance of Software Architectures, Spring 2010. (Submission Due 15 October 2009) http://ees.elsevier.com/jsa/ Guest editor: Ernesto Damiani (Università degli Studi di Milano, Italy), Sigrid Gürgens (Fraunhofer Institute for Secure Information Technology, Germany), Antonio MaƱa (Universidad de Málaga, Spain), George Spanoudakis (City University, London, UK), and Claudio A. Ardagna (Università degli Studi di Milano, Italy) The JSA special issue will focus in particular on context, methodologies, techniques, and tools for V&V of software architectures, with particular focus on supporting assurance and compliance, as well as security and dependability certification, for evolving and long-lived systems. Authors are invited to submit papers on a variety of topics, including but not limited to: - foundations and new perspectives of V&V mechanisms and security certifications - solutions, tools, frameworks for S&D assurance and certification - new and/or existing certification processes and tools suitable for challenging contexts (e.g., telecommunications, mobile, real time, process control, and embedded systems), and/or experience with them - new and/or existing modelling techniques which are particularly suited to evolving systems, and/or experience with them - tools and case studies that integrate techniques from different areas, such as V&V mechanisms, including static verification, dynamic verification, testing, product and process certification, empirical software engineering, modeling of evolving and distributed systems ------------------------------------------------------------------------- WECSR 2010 Workshop on Ethics in Computer Security Research, Held in conjunction with the 14th International Conference on Financial Cryptography and Data Security (FC 2010), Tenerife, Canary Islands, Spain, January 28-29, 2010. (Submissions due 15 October 2009) http://www.cs.stevens.edu/~spock/wecsr2010/ Computer security often leads to discovering interesting new problems and challenges. The challenge still remains to follow a path acceptable for Institutional Review Boards at academic institutions, as well as compatible with ethical guidelines for professional societies or government institutions. However, no exact guidelines exist for computer security research yet. This workshop will bring together computer security researchers, practitioners, policy makers, and legal experts. This workshop solicits submissions describing or suggesting ethical and responsible conduct in computer security research. While we focus on setting standards and sharing prior experiences and experiments in computer security research, successful or not, we tap into research behavior in network security, computer security, applied cryptography, privacy, anonymity, and security economics. This workshop will favor discussions among participants, in order to shape the future of ethical standards in the field. ------------------------------------------------------------------------- SESOC 2010 International Workshop on SECurity and SOCial Networking, Mannheim, Germany, March 29 - April 2 2010. (Submissions due 18 October 2009) http://www.sesoc.org Future pervasive communication systems aim at supporting social and collaborative communications: the evolving topologies are expected to resemble the actual social networks of the communicating users and information on their characteristics can be a powerful aid for any network operation. New emerging technologies that use information on the social characteristics of their participants raise entirely new privacy concerns and require new reflections on security problems such as trust establishment, cooperation enforcement or key management. The aim of this workshop is to encompass research advances in all areas of security, trust and privacy in pervasive communication systems, integrating the social structure of the network as well. Topics of interest include: - new aspects of trust - privacy concerns - availability and resilience - community based secure communication - data confidentiality, data integrity - anonymity, pseudonymity - key management - secure bootstrapping - security issues in forwarding, routing - security aspects regarding cooperation - new reputation systems - new attack paradigms - new requirements for software security - malware ------------------------------------------------------------------------- Springer Requirements Engineering journal, Special Issue on Digital Privacy: Theory, Policies and Technologies, Summer 2010. (Submission Due 31 October 2009) http://www.springer.com/computer/programming/journal/766 Guest editor: Annie I. Anton (North Carolina State University, USA), Travis D. Breaux (Institute for Defense Analyses, USA), Stefanos Gritzalis (University of the Aegean, Greece), and John Mylopoulos (University of Trento, Italy) This special issue of the Requirements Engineering journal aims at providing researchers and professionals with insights on the state-of-the-art in Digital Privacy from the views of Theory, Policies and Technologies. Topics of interest may include one or more of the following (but are not limited to) themes: - Compliance of system policies to privacy requirements - Methods, tools and techniques for realizing privacy requirements - Alignment of system policies to privacy requirements - Alignment of privacy requirements to privacy laws, regulations and standards - Agent-oriented privacy engineering - Verification and validation of privacy requirements - Integrating privacy requirements in system engineering - Formal methods on privacy - Privacy policies and human rights - Privacy policy enforcement - Privacy policies for companies engaging in eCommerce - Privacy policies in the digital business - Privacy enhancing technologies and systems ------------------------------------------------------------------------- Elsevier Computer Communications, Special Issue on Multimedia Networking and Security in Convergent Networks, Summer 2010. (Submission Due 1 November 2009) http://www.elsevier.com/locate/comcom Guest editor: Chang Wen Chen (University at Buffalo, USA), Stefanos Gritzalis (University of the Aegean, Greece), Pascal Lorenz (University of Haute Alsace, France), and Shiguo Lian (France Telecom R&D Beijing, China) Authors are invited to submit detailed technical manuscripts reporting recent developments in the topics related to the special issue. Note the special emphasis on convergent and heterogeneous networks - this special issue is devoted to exploring the challenges and solutions for multimedia communication and security in convergent network environments. The new challenge in network management is to deal with heterogeneous client capabilities as well as dynamic end-to-end resources availability, and to ensure satisfactory service quality for every client. The new challenge in secure communication is to solve the privacy and security issues becoming increasingly important topics in network convergence. Some suggested topics include but are not limited to: - Heterogeneous multimedia networking - Cross-layer multimedia adaptation - Inter-network multimedia adaptation - QoS control in network convergence - Interactive Mobile TV based on network convergence - Mobile community based on network convergence - Smart home networks based on network convergence - Telematics systems based on network convergence - E-healthcare systems based on network convergence - Privacy preserving in network convergence - Multimedia content security in network convergence - Digital rights management in network convergence - Content tracking and filtering in network convergence - Intrusion detection and prevention in network convergence - Other networking or security issues in network convergence ------------------------------------------------------------------------- https://mc.manuscriptcentral.com/cs-ieee IEEE Security & Privacy, Special Issue on Privacy-Preserving Sharing of Sensitive Information, July/August 2010. (Submission Due 15 November 2009) Guest editor: Sal Stolfo (Columbia University, USA) and Gene Tsudik (UC Irvine, USA) Privacy-Preserving Sharing of Sensitive Information (PPSSI) is motivated by the increasing need for organizations or people who don't fully trust each other to share sensitive information. Many types of organizations must often collect, analyze, and disseminate data rapidly and accurately without exposing sensitive information to wrong or untrusted parties. For example, census-takers collect private data with the understanding that it won't be released in a form traceable to the individual who provided it. Companies might be willing to divulge sensitive financial data to organizations that release only aggregate data for an industry sector. A hospital might share patient information with a state health agency but only to allow the latter to determine the number (and not the identities) of uninsured patients. While statistical methods for protecting data have been in use for decades, they're not foolproof and they generally involve a trusted third party to produce privacy-preserving statistical digests. More recently, techniques employing secure multi-party function evaluation, encrypted keywords, and private information retrieval have been studied and, in a few cases, deployed, However there are no practical tools and technologies to guarantee data privacy, especially, whenever organizations have certain common goals and require exchanges of data. To this end, the objective of PPSSI technology is to enable multiple entities to cooperate and share information without exposing more than what is necessary to complete a common task. Potential submission topics include (but are not limited to) the following: - PPSSI requirements and policy enforcement; prospective policies governing PPSSI, including formal models and policy languages as well as trust models. - Data "cleaning" and obfuscation techniques. - Cryptographic protocols; innovative constructs, their performance and implementation issues, for example, private information retrieval, searching over encrypted data and private set operations. - Data management; storage and data management issues arising in PPSSI settings. - Secure hardware; architectures and technologies in support of PPSSI ------------------------------------------------------------------------- SP 2010 31st IEEE Symposium on Security and Privacy, The Claremont Resort, Oakland, CA, USA, May 16-19, 2010. (Submissions due 18 November 2009) http://oakland10.cs.virginia.edu/cfp.html Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. *Systematization of Knowledge Papers*: In addition to the standard research papers, we are also soliciting papers focused on systematization of knowledge. The goal of this call is to encourage work that evaluates, systematizes, and contextualizes existing knowledge. These papers will provide a high value to our community but would otherwise not be accepted because they lack novel research contributions. Suitable papers include survey papers that provide useful perspectives on major research areas, papers that support or challenge long-held beliefs with compelling evidence, or papers that provide an extensive and realistic evaluation of competing approaches to solving specific problems. Submissions will be distinguished by a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions the emphasis will be on value to the community. Accepted papers will be presented at the symposium and included in the proceedings. *Workshops*: The Symposium is also soliciting submissions for co-located workshops. Workshop proposals should be sent by Friday, 21 August 2009 by email to Carrie Gates (carrie.gates@ca.com). Workshops may be half-day or full-day in length. Submissions should include the workshop title, a short description of the topic of the workshop, and biographies of the organizers. ------------------------------------------------------------------------- TaPP 2010 2nd Workshop on the Theory and Practice of Provenance, Held in conjunction with the 8th USENIX Conference on File and Storage Technologies (FAST 2010), San Jose, CA, USA, February 22, 2010. (Submissions due 14 December 2009) http://www.usenix.org/events/tapp10/cfp/ Provenance, or meta-information about computations, computer systems, database queries, scientific workflows, and so on, is emerging as a central issue in a number of disciplines. The TaPP workshop series builds upon a set of workshops on Principles of Provenance organized in 2007-2009, which helped raise the profile of this area within diverse research communities, such as databases, security, and programming languages. We hope to attract serious cross-disciplinary, foundational, and highly speculative research and to facilitate needed interaction with the broader systems community and with industry. We invite submissions addressing research problems involving provenance in any area of computer science, including but not limited to: - Databases (Data provenance and lineage, Uncertainty/probabilistic databases, Curated databases, Data quality/integration/cleaning, Privacy/anonymity, Data forensics) - Programming languages and software engineering (Bi-directional, adaptive, and self-adjusting computation, Traceability, Source code management/version control/configuration management, Model-driven design and analysis) - Systems and security (Provenance aware/versioned file systems, Provenance and audit/integrity/information flow security, Trusted computing, Traces and reflective/adaptive/self-adjusting systems, Digital libraries) - Workflows/scientific computation (Efficient/incremental recomputation, Scientific data exploration and visualization, Workflow provenance querying, User interfaces) ------------------------------------------------------------------------- IFIP-TM 2010 4th IFIP International Conference on Trust Management, Morioka, Japan, June 16-18, 2010. (Submissions due 19 December 2009) http://www.ifip-tm2010.org/ The mission of the IFIPTM 2010 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2010 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below: - Trust models, formalization, specification, analysis and reasoning - Reputation systems and architectures - Engineering of trustworthy and secure software - Ethics, sociology and psychology of trust - Security management and usability issues including security configuration - Trust management frameworks for secure collaborations - Language security - Security, trust and privacy for service oriented architectures and composite applications - Security, trust and privacy for software as a service (SaaS) - Security, trust and privacy for Web 2.0 Mashups - Security, privacy, and trust as a service - Legal issues related to the management of trust - Semantically-aware security management - Adaptive security policy management - Mobile security - Anonymity and privacy vs. accountability - Critical infrastructure protection, public safety and emergency management - Privacy and identity management in e-services - Biometrics, national ID cards, identity theft - Robustness of trust and reputation systems - Distributed trust and reputation management systems - Human computer interaction aspects of privacy, security & trust - Applications of trust and reputation management in e-services - Trusted platforms and trustworthy systems ------------------------------------------------------------------------- IFIP-CIP 2010 4th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Fort McNair, Washington, DC, USA, March 14-17, 2010. (Submissions due 31 December 2009) http://www.ifip1110.org The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first three conferences, the Fourth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas /home/ho/projects/cipher/bin/strlen: Command not found. spacear: Subscript out of range. related to all aspects of critical infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to: - Infrastructure vulnerabilities, threats and risks - Security challenges, solutions and implementation issues - Infrastructure sector interdependencies and security implications - Risk analysis and risk assessment methodologies - Modeling and simulation of critical infrastructures - Legal, economic and policy issues - Secure information sharing - Infrastructure protection case studies - Distributed control systems/SCADA security - Telecommunications network security ------------------------------------------------------------------------- ACNS 2010 8th International Conference on Applied Cryptography and Network Security, Beijing, China, June 22-25, 2010. (Submissions due 5 February 2010) http://www.tcgchina.org/acns2010/ Original papers on all aspects of applied cryptography and network security are solicited for submission to ACNS '10. Topics of relevance include but are not limited to: - Applied cryptography and provably-secure cryptographic protocols - Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions - Network security protocols - Techniques for anonymity; trade-offs between anonymity and utility - Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast - Economic fraud on the Internet: phishing, pharming, spam, and click fraud - Email and web security - Public key infrastructure, key management, certification, and revocation - Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID - Trust metrics and robust trust inference in distributed systems - Security and usability - Intellectual property protection and digital rights management - Modeling and protocol design for rational and malicious adversaries - Automated analysis of protocols ------------------------------------------------------------------------- ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ IEEE Security and Privacy Symposium The 2007 proceedings are available in hardcopy for $30.00, the 28 year CD is $20.00, plus shipping and handling. The 2006 Symposium proceedings and 11-year CD are sold out. The 2005, 2004, and 2003 Symposium proceedings are available for $10 plus shipping and handling. Shipping is $4.00/volume within the US, overseas surface mail is $7/volume, and overseas airmail is $11/volume, based on an order of 3 volumes or less. The shipping charge for a CD is $1 per CD (no charge if included with a hard copy order). Send a check made out to the IEEE Symposium on Security and Privacy to the 2007 treasurer (below) with the order description, including shipping method, and send email to the 2007 Registration Chair (Yong Guan) (oakland07-registration @ ieee-security.org) with the shipping address, please. Terry Benzel Treasurer, IEEE Security and Privacy USC Information Sciences Institute 4676 Admiralty Way Marina Del Rey, CA 90292 (310) 822-1511 IEEE CS Press You may order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm Computer Security Foundations Symposium Copies of the proceedings of the Computer Security Foundations Workshop (now Symposium) are available for $10 each. Copies of proceedings are available starting with year 10 (1997). Photocopy versions of year 1 are also $10. Contact Jonathan Herzog if interested in purchase. Jonathan Herzog jherzog@alum.mit.edu ____________________________________________________________________________ TC Officer Roster ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Prof. Cynthia Irvine David Du U.S. Naval Postgraduate School Department of Computer Science Computer Science Department and Engineering Code CS/IC University of Minnesota Monterey CA 93943-5118 Minneapolis, MN 55455 (831) 656-2461 (voice) du@umn.edu irvine@nps.edu Vice Chair: Chair, Subcommittee on Academic Affairs: Hilarie Orman Prof. Cynthia Irvine Purple Streak, Inc. U.S. Naval Postgraduate School 500 S. Maple Dr. Computer Science Department, Code CS/IC Salem, UT 84653 Monterey CA 93943-5118 hilarie @purplestreak.com (831) 656-2461 (voice) irvine@nps.edu Treasurer: Chair, Subcomm. on Security Conferences: Terry Benzel Jonathan Millen USC Information Sciences Intnl The MITRE Corporation, Mail Stop S119 4676 Admiralty Way, Suite 1001 202 Burlington Road Rte. 62 Los Angeles, CA 90292 Bedford, MA 01730-1420 (310) 822-1511 (voice) 781-271-51 (voice) tbenzel @isi.edu jmillen@mitre.org Newsletter Editor: Security and Privacy Symposium: General Chair 2010 Hilarie Orman Ulf Lindqvist Purple Streak, Inc. SRI 500 S. Maple Dr. Menlo Park, CA Salem, UT 84653 ulf.lindqvist@sri.com cipher-editor@ieee-security.org (650)859-2351 ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year