_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 99 November 16, 2010 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion o Richard Austin's review of "Malware Analysts' Cookbook and DVD: Tools and Techniques for Fighting Malicious Code" by Michael Hale Ligh, Steven Adair, Blake Hartstein and Matthew Richard o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * News items o Simple email evades suspicion o Facebook faces down its botnet * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Calendar of Events o New calls-for-papers, by Yong Guan * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The deadline for submitting research papers to the Security and Privacy Symposium is imminent! In the last issue of Cipher I encouraged Computer Society members to vote for a change in leadership in the Society's elections. The write-in candidate that I backed got only a miniscule fraction of the vote. Nonetheless, I have some hope that the Computer Society understands that it needs to change. The conferences sponsored by the Technical Committees, like the TC on Security and Privacy, bring in as much as 50% of the Society's income. The volunteers who run the conferences deserve a better support organization, and the coming year will see if rumored changes offset some of the announced tightening of rules (such as requiring a minimum fee of $5000 for any CS sponsored event). This month's Cipher has a book review about malware analysis and also notes a New York Times' article about the Koobface worm. As we continue to battle for computer security, it seems that our physical security at airports is being assaulted not only by terrorists but also by our own Transportation Security Agency. Security and Privacy, natural enemies in transportation? Malware, the bedbug of computers, don't let it bite you, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin November 10, 2010 ____________________________________________________________________ Malware Analysts' Cookbook and DVD: Tools and Techniques for Fighting Malicious Code by Michael Hale Ligh, Steven Adair, Blake Hartstein and Matthew Richard John Wiley & Sons 2011. ISBN 978-0-470-61303-0 amazon.com USD37.79 Table of contents: http://media.wiley.com/product_data/excerpt/33/04706130/0470613033-1.pdf Battling malware has much in common with an arms race - defenders develop new defenses which forces adversaries to adapt and innovate to overcome those defenses, and the cycle repeats ad infinitum. Given this never-ending struggle and the wide prevalence of malware, malicious code analysis is becoming a more important component of the technical repertoire of information security professionals. For many years the classic starting point for aspiring malware analysts has been Peter Szor's "The Art of Computer Virus Research and Defense" (reviewed in the March, 2005 edition of Cipher by Bob Bruen, see http://ieee-security.org/Cipher/BookReviews/2005/Szor_by_bruen.html) and the "Malware Analyst's Cookbook" provides a valuable update on the state of the art. At 700+ pages (plus a DVD of tools), this book provides wide coverage of the tools and techniques used by the practicing malware analyst in a very hands-on fashion. The book is organized into 18 chapters made up of "recipes" that describe the purpose and use of a particular tool or technique. The recipes are clearly presented with illustrations and code snippets used to show the technique in action. The tools DVD uses the same chapter organization and clearly links its contents with the text (a pet peeve of mine is the companion CD/DVD which in nothing more than a blob of tools with no organization whatever). Many references are provided to aid in finding more details or additional information on a particular topic. The focus is on Windows malware (not surprising since most malware targets that platform) but uses tools that run on Windows, Linux and even MacOS. Topic coverage is comprehensive and ranges from how to research malware anonymously using Tor or various proxies to the tried-and-true techniques for analyzing suspicious executables or DLL's to cutting-edge topics such as memory forensics. The substantial value of the book is that it collects, in one place, accessible material on a plethora of useful tools whose documentation is scattered across a universe of project websites and archives. The recipes are much more than a regurgitation of "man" pages and show why a particular tool is useful and how it is applied in a particular situation. The authors gained many "credibility points" in the introduction when they identified and provided links to the compiler and driver kit required to modify their binary tools. By delving deep into the analysis of malware, the authors provide a master-course in how malware actually works and the devious techniques its creators use to subvert our systems to their purposes (confess, do you really know what an IAT-hook is?). If there is a criticism of the book, and it is a mild one, it is that it is a cookbook. Reading it front-to-back will cause you to quickly become lost in contemplation of individual trees and while remaining blindo the forest. A quick skim with a detailed working-through of several interesting recipes will set the stage for when you later reach for this book in carrying out a particular task. If you are a technical professional with an interest in or responsibility for malware analysis, this book is a worthy companion to Szor's book and merits a place on your shelf. It will become a familiar reference in answering the question "I wonder how you ...". ------- Richard Austin MS, CISSP (http://cse.spsu.edu/raustin2) spent 30+ years in the IT industry holding positions ranging from software developer to security architect before becoming a semi-retired, part-time academic. He welcomes your thoughts and comments on this review at raustin2 at spsu dot edu. ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html Simple email evades suspicion. KSL.COM, Sarah Doloff November 10, 2010 A particularly effective email trick has been making its way through some locales e.g. Utah (cf. http://www.ksl.com/?nid=148&sid=13231740). Apparently based on breaking into email accounts on popular email sites, it sends a short message to a few people at a time on a user's contact list. There is no subject, and the content is simply a URL. This simple trick is remarkably effective in bypassing the normal spam filters and suspicions of users. Because the email is from a known contact, and because there is no text, no advertising, no enticement, users seem to trust the link. Although the links are usually advertising, experts warn that following unknown links has inherent dangers. _______________________________________________________________________ Facebook faces down a botnet. New York Times Published: November 14, 2010 http://www.nytimes.com/2010/11/15/technology/15worm.html?src=busln Successful web services attract malware, and Facebook has been aware of one that targets its site for some time. Riva Richmond of The New York Times reports on how Joe Sullivan, Facebook's security chief, has battled the Koobface worm Although the worm's objective is to build a botnet for advertising services, the bulk of the money comes not from designer watches but from fake anti-virus software. The operators may have been netting $200K per month in such sales. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html New posting: October 2010 Rutgers University Management Science and Information Systems Department Piscataway, New Jersey Tenure-track Assistant/Associate professor Applications received by February 1, 2011 are given full consideration http://www.business.rutgers.edu/files/msis_communications_of_the_acm.pdf -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Cipher calendar announcements are on Twitter; follow "ciphernews" Date (Month/Day/Year), Event, Locations, web page for more info. 11/15/10: IEEE Network,Special Issue on Network Traffic Monitoring and Analysis http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm Submissions are due 11/15/10: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland; http://www.sec2011.org/ Submissions are due 11/18/10-11/19/10: IDMAN, 2nd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management, Oslo, Norway; http://ifipidman2010.nr.no/ifipidman2010/index.php5/Main_Page 11/19/10: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA http://oakland32-submit.cs.ucsb.edu/ Submissions are due 11/22/10-11/23/10: GameSec, The Inaugural Conference on Decision and Game Theory for Security, Berlin, Germany; http://www.gamesec-conf.org/ 11/29/10: SecIoT, 1st Workshop on the Security of the Internet of Things, Held in conjunction with the Internet of Things 2010, Tokyo, Japan; http://www.isac.uma.es/seciot10 11/30/10-12/ 3/10: CPSRT, International Workshop on Cloud Privacy, Security, Risk & Trust, Held in conjunction with the 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom 2010), Indianapolis, IN, USA; http://cpsrt.cloudcom.org/ 12/ 1/10: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany; http://www.sigsac.org/wisec/WiSec2011; Submissions are due 12/ 1/10-12/ 3/10: In-Bio-We-Trust, International Workshop on Bio-Inspired Trust Management for Information Systems, Held in conjunction with the Bionetics 2010, Boston, MA, USA; http://inbiowetrust.org 12/ 2/10: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece; http://www.wistp.org/; Submissions are due 12/ 3/10: Cybercrime and Cloud Forensics: Applications for Investigation Processes; http://igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/CallForChapterDetails.aspx?CallForContentId=41b320c0-7dd0-489c-b996-c5a9dcf81cb4 Chapter Proposal Submissions are due 12/ 6/10-12/10/10: ACSAC, 26th Annual Computer Security Applications Conference, Austin, Texas, USA; http://www.acsac.org 12/ 8/10: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy; http://ieee-policy.org Submissions are due 12/11/10-12/13/10: TrustCom, IEEE/IFIP International Symposium on Trusted Computing and Communications, Hong Kong SAR, China; http://trust.csu.edu.cn/conference/trustcom2010 12/12/10-12/15/10: WIFS, International Workshop on Information Forensics & Security Seattle, WA, USA; http://www.wifs10.org 12/13/10-12/15/10: Pairing, 4th International Conference on Pairing-based Cryptography, Yamanaka Hot Spring, Japan; http://www.thlab.net/pairing2010/ 12/13/10-12/15/10: INTRUST, International Conference on Trusted Systems, Beijing, China; http://www.tcgchina.org 12/15/10: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA; http://www.ifip1110.org; Submissions are due 12/15/10: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China; http://ispec2011.jnu.edu.cn/ Submissions are due 12/15/10-12/19/10: ICISS, 6th International Conference on Information Systems Security, Gandhinagar, India; http://www.cs.wisc.edu/iciss10/ 1/ 7/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria; http://sacmat.org/ Submissions are due 1/12/11: IFIPTM, 5th IFIP International Conference on Trust Management, Copenhagen, Denmark; http://www.ifiptm.org/ Submissions are due 1/14/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands; http://www.dimva.org/dimva2011; Submissions are due 1/19/11: HOST, 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, USA; http://www.engr.uconn.edu/HOST/ Submissions are due 1/21/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain; http://www.isac.uma.es/acns2011/ Submissions are due 1/30/11- 2/ 2/11: IFIP-DF, 7th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, FL, USA; http://www.ifip119.org 2/ 6/11- 2/ 9/11: NDSS, Network & Distributed System Security Symposium, San Diego, CA, USA; http://hotcrp.cylab.cmu.edu/ndss11/ 2/ 9/11- 2/10/11: ESSoS, International Symposium on Engineering Secure Software and Systems, Madrid, Spain; http://distrinet.cs.kuleuven.be/events/essos2011/ 2/10/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA; https://db.usenix.org/events/sec11/cfp/ Submissions are due 2/14/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France; http://sarssi-conf.org; Submissions are due 2/14/11- 2/16/11: FSE, 18th International Workshop on Fast Software Encryption, Lyngby, Denmark; http://fse2011.mat.dtu.dk/ 2/14/11- 2/18/11: CT-RSA, RSA Conference, The Cryptographers' Track, San Francisco, CA, USA; http://ct-rsa2011.di.uoa.gr 2/15/11: TRUST, 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA; http://www.trust2011.org Submissions are due 2/21/11- 2/23/11: CODASPY, 1st ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA; http://www.codaspy.org/ 2/27/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; http://www.dfrws.org; Submissions are due 2/27/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy; http://www.safecomp2011.unina.it/ Submissions are due 2/28/11- 3/ 4/11: FC, 15th International Conference on Financial Cryptography and Data Security, Bay Gardens Beach Resort, St. Lucia; http://ifca.ai/fc11/ 3/ 4/11: WECSR, 2nd Workshop on Ethics in Computer Security Research, Bay Gardens Beach Resort, St. Lucia; http://www.cs.stevens.edu/~spock/wecsr2011/ 3/14/11- 3/15/11: LightSec, Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications, Istanbul, Turkey; http://www.light-sec.org 3/20/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; http://pstnet.unb.ca/pst2011; Submissions are due 3/21/11: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA; http://www.sesoc.org 3/21/11- 3/25/11: SAC-TRECK, 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan; http://www.trustcomp.org/treck/ 3/23/11- 3/25/11: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA http://www.ifip1110.org 4/ 6/11- 4/ 8/11: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China; http://wuxi.ss.pku.edu.cn/~RFIDSec2011/ 5/18/11- 5/21/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France; http://sarssi-conf.org 5/22/11- 5/25/11: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA http://oakland32-submit.cs.ucsb.edu/ 5/30/11- 6/ 1/11: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China; http://ispec2011.jnu.edu.cn/ 6/ 1/11- 6/ 3/11: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece; http://www.wistp.org/ 6/ 5/11- 6/ 9/11: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium Kyoto, Japan; http://www.ieee-icc.org/2011 6/ 5/11- 6/ 6/11: HOST, 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, USA; http://www.engr.uconn.edu/HOST/ 6/ 6/11- 6/ 8/11: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy; http://ieee-policy.org 6/ 7/11- 6/ 9/11: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland; http://www.sec2011.org/ 6/ 7/11- 6/10/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain; http://www.isac.uma.es/acns2011/ 6/14/11- 6/17/11: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany; http://www.sigsac.org/wisec/WiSec2011 6/15/11- 6/17/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria; http://sacmat.org/ 6/22/11- 6/24/11: TRUST, 4th International Conference on Trust and Trustworthy Computing Pittsburgh, PA, USA; http://www.trust2011.org 6/29/11- 7/ 1/11: IFIPTM, 5th IFIP International Conference on Trust Management, Copenhagen, Denmark; http://www.ifiptm.org/ 7/ 7/11- 7/ 8/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment Amsterdam, The Netherlands; http://www.dimva.org/dimva2011 7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; http://pstnet.unb.ca/pst2011 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; http://www.dfrws.org 8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA;https://db.usenix.org/events/sec11/cfp/ 9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy; http://www.safecomp2011.unina.it/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E98) ___________________________________________________________________ IEEE Network, Special Issue on Network Traffic Monitoring and Analysis, May 2011. (Submission Due 15 November 2010) http://dl.comsoc.org/livepubs/ni/info/cfp/cfpnetwork0511.htm Guest editor: Wei Wang (University of Luxembourg, Luxembourg), Xiangliang Zhang (University of Paris-sud 11, France), Wenchang Shi (Renmin University of China, China), Shiguo Lian (France Telecom R&D Beijing, China), and Dengguo Feng (Chinese Academy of Sciences, China) Modern computer networks are increasingly complex and ever-evolving. Understanding and measuring such a network is a difficult yet vital task for network management and diagnosis. Network traffic monitoring, analysis and anomaly detection provides useful tools in understanding network behavior and in determining network performance and reliability so as to effectively troubleshoot and resolve the issues in practice. Network traffic monitoring and anomaly detection also provides a basis for prevention and reaction in network security, as intrusions, attacks, worms, and other kinds of malicious behaviors can be detected by traffic analysis and anomaly detection. This special issue seeks original articles examining the state of the art, open issues, research results, tool evaluation, and future research directions in network monitoring, analysis and anomaly detection. Possible topics include: - Network traffic analysis and classification - Traffic sampling and signal processing methods - Network performance measurements - Network anomaly detection and troubleshooting - Network security threats and countermeasures - Network monitoring and traffic measurement systems - Real environment experiments and testbeds ------------------------------------------------------------------------- IFIP-SEC 2011 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland, June 7-9, 2011. (Submissions due 15 November 2010) http://www.sec2011.org/ The SEC conferences are in a series of well-established international conferences on Security and Privacy organized annually by the Technical Committee 11 (TC-11) of IFIP (International Federation for Information Processing). IFIP SEC 2011 aims at bringing together primarily researchers, but also practitioners from academia, industry and governmental institutions for elaborating and discussing IT Security and Privacy Challenges that we are facing today and in the future. Papers offering novel and mature research contributions, in any aspect of information security and privacy are solicited for submission to the 26th IFIP TC-11 International Information Security Conference. Papers may present theory, applications, or practical experiences on security and privacy topics including but not limited to: - Access Control - Anonymity - Applications of Cryptography - Attacks and Malicious Software - Authentication and Authorization - Biometrics and Applications - Critical ICT Resources Protection - Data and Systems Integrity - Data Protection - ECommerce Privacy & Security - Enterprise Security - Identity Management - Information Hiding - Information Warfare - Internet and Web Security - Intrusion Detection - IT-Forensics - Mobile Computing Security - Mobile Networks Security - Network Security Protocols - Multilateral Security - Peer-to-Peer Security - Privacy Enhancing Technologies - RFID Privacy & Security - Risk Analysis and Management - Secure Electronic Voting - Secure Sensor Networks - Secure Systems Development - Security Architectures - Security Economics - Security Education - Security Management - Security Metrics - Semantic Web Privacy & Security - Smart Cards - Software Security - Spam, SPIT, SPIM - Transparency Enhancing Tools - Trust Management and Models - Trusted Computing - Ubiquitous Privacy & Security - Usability of Security and Privacy ------------------------------------------------------------------------- SP 2011 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA, May 22-25, 2011. (Submissions due 19 November 2010) http://oakland32-submit.cs.ucsb.edu/ Since 1980, the IEEE Symposium on Security and Privacy (S&P) has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation of secure systems. Topics of interest include: - Access control - Accountability - Anonymity - Application security - Attacks and defenses - Authentication - Censorship and censorship-resistance - Distributed systems security - Embedded systems security - Forensics - Hardware security - Intrusion detection - Language-based security - Malware - Metrics - Network security - Privacy-preserving systems - Protocol security - Secure information flow - Security and privacy policies - Security architectures - System security - Usability and security - Web security ------------------------------------------------------------------------- WiSec 2011 4th ACM Conference on Wireless Network Security, Hamburg, Germany, June 14-17, 2011. (Submissions due 1 December 2010) http://www.sigsac.org/wisec/WiSec2011 As wireless and mobile networking becomes ubiquitous, security and privacy gains in importance. The focus of ACM Conference on Wireless Network Security (ACM WiSec) is on exploring attacks on (and threats facing) wireless communication as well as techniques to address them. Settings of interest include: cellular, metropolitan, mesh, local-area, personal-area, home, vehicular, sensor, ad hoc, satellite, and underwater networks as well as cognitive radio and RFID. Topics of interest include, but are not limited to: - Naming and addressing vulnerabilities - Key management in wireless/mobile environments - Secure neighbor discovery / Secure localization - Secure PHY and MAC protocols - Trust establishment - Intrusion detection, detection of malicious behavior - Revocation of malicious parties - Denial of service - User privacy, location privacy - Anonymity, unobservability, prevention of traffic analysis - Identity theft and phishing in mobile networks - Charging & secure payment - Cooperation and prevention of non-cooperative behavior - Economics of wireless security - Vulnerability and attack modeling - Incentive-aware secure protocol design - Jamming/Anti-jamming communication - Cross-layer design for security - Monitoring and surveillance - Cryptographic primitives for wireless communication - Formal methods for wireless security - Mobile/wireless platform and systems (OS and application) security ------------------------------------------------------------------------- WISTP 2011 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece, June 1-3, 2011. (Submissions due 2 December 2010) http://www.wistp.org/ Technical enhancements of mobile network infrastructures and the availability of powerful mobile devices are rapidly changing the way in which users interact and communicate in everyday life. These devices include but not limited to PDAs, mobile phones, smart cards, wireless sensors, and RFID tags. Among the main common features of these devices include constraint resources and wireless communications. WISTP 2011 aims to address the security and privacy issues that are increasingly exposed by mobile communications and related services, along with evaluating their impact on individuals, and the society at large. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy of mobile and smart devices, as well as experimental studies of fielded systems based on wireless communication, the application of security technology, the implementation of systems, and lessons learned. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to: - Authentication and access control - Ad hoc networks security and privacy - Biometrics, national ID cards - Data security and privacy - Digital rights management - Embedded systems security - Human and psychological aspects of security - Identity management - Information assurance and trust management - Intrusion detection and information filtering - Lightweight cryptography - Mobile and ubiquitous network security - Mobile codes security - Mobile commerce security - Mobile devices security - Privacy enhancing technologies - RFID systems security - Secure self-organization and self-configuration - Security in location services - Security metrics - Security models and architectures - Security of GSM/GPRS/UMTS systems - Security and privacy policies - Security protocols - Smart card security - Vehicular network security and privacy - Wireless communication security and privacy - Wireless sensor network security and privacy ------------------------------------------------------------------------- Cybercrime and Cloud Forensics: Applications for Investigation Processes, (Chapter proposal submission Due 3 December 2010) http://igi-global.com/AuthorsEditors/AuthorEditorResources/CallForBookChapters/ CallForChapterDetails.aspx?CallForContentId=41b320c0-7dd0-489c-b996-c5a9dcf81cb4 Editor: Cyril Onwubiko (Research Series Ltd, London, UK) and Thomas Owens (Brunel University, London, UK) Cloud computing has the potential to become one of the most transformative developments in how information technology services are created, delivered, and accessed. However, cloud computing represents both opportunity and crisis for cybercrime investigation and digital forensics. With the rise of cyber attacks and various crimes in the highly complex multi-jurisdictional and multi-tenant cloud environments, there is an urgent need to extend the applications of investigation processes into the Cloud. This book will introduce the new area of cloud forensics and collect research and case studies on current, state-of-the-art applications for investigation processes in cloud computing environments. Chapters may address cloud forensics applications from the perspectives of cloud providers, cloud customers, security architects, law enforcement agencies, research institutes, etc. This book will serve as a reference for cloud communities, digital forensics practitioners, researchers who wish to understand current issues, advancing research, and technical innovations in the field of cloud forensics. ------------------------------------------------------------------------- POLICY 2011 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy, June 6-8, 2011. (Submissions due 8 December 2010) http://ieee-policy.org The symposium brings together researchers and practitioners working on policy-based systems across a wide range of application domains including policy-based networking, privacy, trust and security management, autonomic computing, pervasive systems and enterprise systems. POLICY 2011 is the 12th in a series of successful events, which have provided a forum for discussion and collaboration between researchers, developers and users of policy-based systems. In addition to the areas mentioned above, we specifically encourage this year contributions on policy-based techniques in support of Cloud computing and Enterprise Service Oriented applications as well as the use of reasoning, verification and learning techniques in policy-based systems. ------------------------------------------------------------------------- IFIP-CIP 2011 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 23-25, 2011. (Submissions due 15 December 2010) http://www.ifip1110.org The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Following the success of the first four conferences, the Fifth Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection will again provide a forum for presenting original, unpublished research results and innovative ideas related to all aspects of critical infrastructure protection. Papers and panel proposals are solicited. Submissions will be refereed by members of Working Group 11.10 and other internationally-recognized experts in critical infrastructure protection. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.10. The conference will be limited to seventy participants to facilitate interactions among researchers and intense discussions of research and implementation issues. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to: - Infrastructure vulnerabilities, threats and risks - Security challenges, solutions and implementation issues - Infrastructure sector interdependencies and security implications - Risk analysis and risk assessment methodologies - Modeling and simulation of critical infrastructures - Legal, economic and policy issues related to critical infrastructure protection - Secure information sharing - Infrastructure protection case studies - Distributed control systems/SCADA security - Telecommunications network security ------------------------------------------------------------------------- ISPEC 2011 7th Information Security Practice and Experience Conference, Guangzhou, China, May 30 - June 1, 2011. (Submissions due 15 December 2010) http://ispec2011.jnu.edu.cn/ ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Authors are invited to submit full papers presenting new research results related to information security technologies and applications. All submissions must describe original research that is not published or currently under review by another conference or journal. Areas of interest include, but are not limited to: - Applied cryptography - Access control - Digital rights management - Economic incentives for deployment of information security systems - Information security in vertical applications - Network security - Privacy and anonymity - Risk evaluation and security certification - Resilience and availability - Secure system architectures - Security policy - Security protocols - Trust model and management - Usability aspects of information security systems ------------------------------------------------------------------------- SACMAT 2011 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria, June 15-17, 2011. (Submissions due 7 January 2010) http://sacmat.org/ ACM SACMAT is the premier forum for the presentation of research results and experience reports on leading edge issues of access control, including models, systems, applications, and theory. The aims of the symposium are to share novel access control solutions that fulfil the needs of heterogeneous applications and environments, and to identify new directions for future research and development. SACMAT provides researchers and practitioners with a unique opportunity to share their perspectives with others interested in the various aspects of access control. Papers offering novel research contributions in all aspects of access control are solicited. We solicit proposals for panels and systems demonstrations as well. Topics of Interest: - Access control models and extensions - Access control requirements - Access control design methodology - Access control mechanisms, systems, and tools - Access control in distributed and mobile systems - Access control for innovative applications - Administration of access control policies - Delegation - Identity management - Policy/Role engineering - Safety analysis and enforcement - Standards for access control - Trust management - Trust and risk models in access control - Theoretical foundations for access control models - Usability in access control systems - Usage control ------------------------------------------------------------------------- IFIPTM 2011 5th IFIP International Conference on Trust Management, Copenhagen, Denmark, June 29 - July 1, 2011. (Submissions due 12 January 2011) http://www.ifiptm.org/ The mission of the IFIPTM 2011 Conference is to share research solutions to problems of Trust and Trust management, including related Security and Privacy issues, and to identify new issues and directions for future research and development work. IFIPTM 2011 invites submissions presenting novel research on all topics related to Trust, Security and Privacy, including but not limited to those listed below: Security, trust and privacy - formal aspects (specification, reasoning and analysis) - applications and services - policy management - in social networks and emerging contexts - in collaborative applications, crowdsourcing and wiki systems - ethical, sociological, psychological and legal aspects - human-computer interaction and usable systems Trust and reputation management systems - architectures and models - metrics and computation - applications Identity management and trust - anonymity, privacy and accountability - legal aspects Trustworthy systems - platforms & Standards - software and services - applications ------------------------------------------------------------------------- DIMVA 2011 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands, July 7-8, 2011. (Submissions due 14 January 2011) http://www.dimva.org/dimva2011 The annual DIMVA conference serves as a premier forum for advancing the state of the art in intrusion detection, malware detection, and vulnerability assessment. DIMVA's scope includes, but is not restricted to the following areas: Intrusion Detection - Novel approaches & new environments - Insider detection - Prevention & response - Data leakage - Result correlation & cooperation - Evasion attacks - Potentials & limitations - Operational experiences - Privacy, legal & social aspects Malware Detection - Automated analysis, reversing & execution tracing - Containment & sandboxed operation - Acquisition of specimen - Infiltration - Behavioral models - Prevention & containment - Trends & upcoming risks - Forensics & recovery - Economic aspects Vulnerability Assessment - Vulnerability detection & analysis - Vulnerability prevention - Web application security - Fuzzing techniques - Classification & evaluation - Situational awareness ------------------------------------------------------------------------- HOST 2011 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, June 5-6, 2011. (Submissions due 19 January 2011) http://www.engr.uconn.edu/HOST/ A wide range of applications, from secure RFID tagging to high-end trusted computing, relies on dedicated and trusted hardware platforms. The security and trustworthiness of such hardware designs are critical to their successful deployment and operation. Recent advances in tampering and reverse engineering show that important challenges lie ahead. For example, secure electronic designs may be affected by malicious circuits, Trojans that alter system operation. Furthermore, dedicated secure hardware implementations are susceptible to novel forms of attack that exploit side-channel leakage and faults. Third, the globalized, horizontal semiconductor business model raises concerns of trust and intellectual-property protection. HOST 2011 is a forum for novel solutions to address these challenges. Innovative test mechanisms may reveal Trojans in a design before they are able to do harm. Implementation attacks may be thwarted using side-channel resistant design or fault-tolerant designs. New security-aware design tools can assist a designer in implementing critical and trusted functionality, quickly and efficiently. HOST 2011 seeks contributions based on, but not limited to, the following topics: - Trojan detection and isolation - Implementation Attacks and Countermeasures - Side channel Analysis and Fault Analysis - Intellectual Property Protection and Metering - Tools and Methodologies for Secure Hardware Design - Hardware Architectures for Cryptography - Hardware Security Primitives: PUFs and TRNGs - Applications of Secure Hardware - Interaction of Secure Hardware and Software ------------------------------------------------------------------------- ACNS 2011 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain, June 7-10, 2011. (Submissions due 21 January 2011) http://www.isac.uma.es/acns2011/ Original papers on all aspects of applied cryptography as well as computer/network security and privacy are solicited. Topics of interest include, but are not limited, to: - Applied cryptography and cryptographic protocols - Cryptographic primitives, e.g., cryptosystems, ciphers and hash functions - Network security protocols - Privacy, anonymity and untraceability - Security for the next-generation Internet - Internet fraud, e.g., phishing, pharming, spam, and click fraud - Email and web security - Public key infrastructures, key management, certification and revocation - Trust and its metrics - Usable security and cryptography - Intellectual property protection and digital rights management - Modeling and protocol design - Automated protocols analysis - Secure virtualization and security in cloud computing - Security and privacy in sensor, mobile, ad hoc and delay-tolerant networks, p2p systems, as well as wireless (e.g., RFID, Bluetooth) communications ------------------------------------------------------------------------- USENIX Security 2011 20th USENIX Security Symposium, San Francisco, CA, USA, August 10?12, 2011. (Submissions due 10 February 2011) https://db.usenix.org/events/sec11/cfp/ The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems and network security, including: - Adaptive security and system management - Analysis of network and security protocols - Applications of cryptographic techniques - Attacks against networks and machines - Authentication and authorization of users, systems, and applications - Automated tools for source code analysis - Botnets - Cryptographic implementation analysis and construction - Denial-of-service attacks and countermeasures - File and filesystem security - Firewall technologies - Forensics and diagnostics for security - Hardware security - Intrusion and anomaly detection and prevention - Malicious code analysis, anti-virus, anti-spyware - Network infrastructure security - Operating system security - Privacy-preserving (and compromising) systems - Public key infrastructure - Rights management and copyright protection - Security architectures - Security in heterogeneous and large-scale environments - Security policy - Self-protecting and -healing systems - Techniques for developing secure systems - Technologies for trustworthy computing - Usability and security - Voting systems analysis and security - Wireless and pervasive/ubiquitous computing security - Web security, including client-side and server-side security ------------------------------------------------------------------------- SAR/SSI 2011 International Conference on Network and Information Systems Security, La Rochelle, France, May 18-21, 2011. (Submissions due 14 February 2011) http://sarssi-conf.org The SAR-SSI conference series provides a forum for presenting novel research results, practical experiences and innovative ideas in network and information systems security. The goal of SAR-SSI-2011 is fostering exchanges among academic researchers, industry and a wider audience interested in network and information system security. The conference will offer a broad area of events, ranging from panels, tutorials, technical presentations and informal meetings. Prospective authors are encouraged to submit papers describing novel research contributions as well as proposals for tutorials and panels. ------------------------------------------------------------------------- TRUST 2011 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA, June 22-24, 2011. (Submissions due 15 February 2011) http://www.trust2011.org This conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself has two main strands, one devoted to technical aspects and one devoted to socio-economic aspects of trusted computing. The conference solicits original papers on any aspect (technical or social and economic) of the design, application and usage of trusted and trustworthy computing, which concerns a broad range of concepts including trustworthy infrastructures, cloud computing, services, hardware, software and protocols. Topics of interest include, but are not limited to: Technical Strand - Architecture and implementation technologies for trusted platforms and trustworthy infrastructures - Trust, Security and Privacy in embedded systems - Trust, Security and Privacy in social networks - Trusted mobile platforms and mobile phone security - Implementations of trusted computing (hardware and software) - Applications of trusted computing - Trustworthy infrastructures and services for cloud computing (including resilience) - Attestation and integrity verification - Cryptographic aspects of trusted and trustworthy computing - Design, implementation and analysis of security hardware, i.e., hardware with cryptographic and security functions, physically unclonable functions (PUFs) - Intrusion resilience in trusted computing - Virtualization for trusted platforms - Secure storage - Security policy and management of trusted computing - Access control for trusted platforms - Privacy aspects of trusted computing - Verification of trusted computing architectures - Usability and end-user interactions with trusted platforms - Limitations of trusted computing Socio-economic Strand - Usability and user perceptions of trustworthy systems and risks - Effects of trustworthy systems upon user, corporate, and governmental behavior - Economic drivers for trustworthy systems in corporate environment - The impact of trustworthy systems in enhancing trust in cloud-like infrastructures - The adequacy of guarantees provided by trustworthy systems for systems critically dependent upon trust, such as elections and government oversight - The impact of trustworthy systems upon digital forensics, police investigations and court proceedings - Game theoretical approaches to modeling or designing trustworthy systems - Approaches to model and simulate scenarios of how trustworthy systems would be used in corporate environments and in personal space - Experimental economics studies of trustworthiness - The interplay between privacy, privacy enhancing technologies and trustworthy systems - Critiques of trustworthy systems ------------------------------------------------------------------------- DFRWS 2011 11th Digital Forensics Research Conference, New Orleans, LA, USA, August 1-3, 2011. (Submissions due 27 February 2010) http://www.dfrws.org/ DFRWS brings together leading researchers, developers, practitioners, and educators interested in advancing the state of the art in digital forensics from around the world. As the most established venue in the field, DFRWS is the preferred place to present both cutting-edge research and perspectives on best practices for all aspects of digital forensics. As an independent organization, we promote open community discussions and disseminate the results of our work to the widest audience. We invite original contributions as research papers, panel proposals, Work-in-Progress talks, workshop proposals, and demo proposals. Topics of Interest: - Forensic analysis - Incident response and live analysis - Network-based forensics, including network traffic analysis, traceback and attribution - Event reconstruction methods and tools - File system and memory analysis - Application analysis - Embedded systems - Small scale and mobile devices - Large-scale investigations - Digital evidence storage and preservation - Data mining and information discovery - Data hiding and recovery - Data extraction and reconstruction - Multimedia analysis - Database forensics - Tool testing and development - Digital evidence and the law - Anti-forensics and anti-anti-forensics - Case studies and trend reports - Malware forensics - Data visualization in forensic analysis - Forensics of virtual and cloud environments - Investigation of insider attacks - Error rates of forensic methods - Interpersonal communications and social network analysis - Non-traditional approaches to forensic analysis ------------------------------------------------------------------------- SAFECOMP 2011 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy, September 19-21, 2011. (Submissions due 27 February 2011) http://www.safecomp2011.unina.it/ SAFECOMP is an annual event covering the state-of-the-art, experience and trends in the areas of safety, security and reliability of critical computer applications. The 2011 Key theme is "Safety and security of computer-based systems and infrastructures: from risk assessment to threat mitigation". Papers are invited in application and industrial sectors as well as research areas. Especially papers on industrial experience and practice are encouraged. ------------------------------------------------------------------------- PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. (Submissions due 20 March 2011) http://pstnet.unb.ca/pst2011 PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following: - Privacy Preserving / Enhancing Technologies - Critical Infrastructure Protection - Network and Wireless Security - Operating Systems Security - Intrusion Detection Technologies - Secure Software Development and Architecture - PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce - Network Enabled Operations - Digital forensics - Information Filtering, Data Mining and Knowledge from Data - National Security and Public Safety - Security Metrics - Recommendation, Reputation and Delivery Technologies - Continuous Authentication - Trust Technologies, Technologies for Building Trust in e-Business Strategy - Observations of PST in Practice, Society, Policy and Legislation - Digital Rights Management - Identity and Trust management - PST and Cloud Computing - Human Computer Interaction and PST - Implications of, and Technologies for, Lawful Surveillance - Biometrics, National ID Cards, Identity Theft - PST and Web Services / SOA - Privacy, Traceability, and Anonymity - Trust and Reputation in Self-Organizing Environments - Anonymity and Privacy vs. Accountability - Access Control and Capability Delegation - Representations and Formalizations of Trust in Electronic and Physical Social Systems ------------------------------------------------------------------------- ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ IEEE Security and Privacy Symposium The 2010 hardcopy proceedings are available at $25 each. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium (through 2009) is $10, plus shipping and handling. The 2009 hardcopy proceedings are not available. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium is $5, plus shipping and handling. The 2008 hardcopy proceedings are $10 plus shipping and handling; the 29 year CD is $5.00, plus shipping and handling. The 2007 proceedings are available in hardcopy for $10.00, the 28 year CD is $5.00, plus shipping and handling. The 2006 Symposium proceedings and 11-year CD are sold out. The 2005, 2004, and 2003 Symposium proceedings are available for $10 plus shipping and handling. Shipping is $5.00/volume within the US, overseas surface mail is $8/volume, and overseas airmail is $14/volume, based on an order of 3 volumes or less. The shipping charge for a CD is $3 per CD (no charge if included with a hard copy order). Send a check made out to the IEEE Symposium on Security and Privacy to the 2011 treasurer (below) with the order description, including shipping method and shipping address. Robin Sommer Treasurer, IEEE Symposium Security and Privacy 2011 International Computer Science Institute Center for Internet Research 1947 Center St., Suite 600 Berkeley, CA 94704 USA oakland11-treasurer@ieee-security.org IEEE CS Press You may order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm Computer Security Foundations Symposium Copies of the proceedings of the Computer Security Foundations Workshop (now Symposium) are available for $10 each. Copies of proceedings are available starting with year 10 (1997). Photocopy versions of year 1 are also $10. Contact Jonathan Herzog if interested in purchase. Jonathan Herzog jherzog@alum.mit.edu ____________________________________________________________________________ TC Officer Roster ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Hilarie Orman Ulf Lindqvist Purple Streak, Inc. SRI 500 S. Maple Dr. Menlo Park, CA Woodland Hills, UT 84653 (650)859-2351 (voice) ieee-chair@purplestreak.com ulf.lindqvist@sri.com Vice Chair: Chair, Subcommittee on Academic Affairs: Sven Dietrich Prof. Cynthia Irvine Department of Computer Science U.S. Naval Postgraduate School Stevens Institute of Technology Computer Science Department, Code CS/IC +1 201 216 8078 Monterey CA 93943-5118 spock AT cs.stevens.edu (831) 656-2461 (voice) irvine@nps.edu Treasurer: Chair, Subcomm. on Security Conferences: Terry Benzel Jonathan Millen USC Information Sciences Intnl The MITRE Corporation, Mail Stop S119 4676 Admiralty Way, Suite 1001 202 Burlington Road Rte. 62 Los Angeles, CA 90292 Bedford, MA 01730-1420 (310) 822-1511 (voice) 781-271-51 (voice) tbenzel @isi.edu jmillen@mitre.org Newsletter Editor: Security and Privacy Symposium, 2011 Chair: Hilarie Orman Deborah Frincke Purple Streak, Inc. Pacific Northwest National Laboratory 500 S. Maple Dr. deborah.frincke@pnl.gov Woodland Hills, UT 84653 cipher-editor@ieee-security.org ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year