_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 101 March 15, 2011 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion o Review of the Financial Cryptography Conference, the Workshop on Real-life Cryptographic protocols and standardization, and the Workshop on Ethics in Computer Security Research, (St. Lucia, February 28-March 4, 2011) by Omar Choudary o Hilarie Orman's review of "Surveillance or Security? The Risks Posed by New Wiretapping Technologies" by Susan Landau o Richard Austin's review of "Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry" by Harlan Carvey o News: Public key cryptography inventors honored o Research funding: National Science Foundation's Trustworthy Computing Program, sign up for news o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Calendar of events o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: Registration for the (2^5)th episode of the Security and Privacy Symposium is open. Last year's event was a sell-out, and the organizers recommend registering early this year. The program has been posted on the conference website, (see http://www.ieee-security.org), and you can see for yourself what the program committee selected for the edification of the attendees. Don't miss "Hookt on fon-iks". The Symposium has continued the track of "Systematization of Knowledge", introduced last year to general acclaim. There are also 3 workshops following the conference: Web 2.0 Security and Privacy, Systematic Approaches to Digital Forensic Engineering, and the Community Workshop on Ethical Guidelines for Security Research. Plans are also afoot for the annual Computer Security Foundations Symposium, to be held this year at Abbaye des Vaux de Cernay, France. We have a great article for those of you who did not journey to southern climes for the annual Financial Cryptography conference. Cipher encourages informal conference reports, and we are privileged have an eye-witness account of the technical papers and panels and workshops. My thanks to Cipher Associate Editor Sven Dietrich for coordinating this. Richard Austin reviews a book about that treasure trove of obscure information, the Windows registry, and Yong Guan has, as always, provided a snapshot of Cipher's online calendar and calls-for-papers announcements. If you think it ain't broken, you probably haven't checked the access log recently, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Review of Financial Cryptography St. Lucia, February 28-March 4, 2011 and Workshop on Ethics in Computer Security Research and Workshop on Real-Life Cryptographic Protocols by Omar Choudary ____________________________________________________________________ [Editor's note: Choudary's review is extensive, covering all the talks, panels, questions, etc. The accounts are too voluminous for this text edition of Cipher, and only a few excerpts are included here. (The volume is the only part of the problem; the terms of discussion in the conference trigger email defense systems when we email the reviews in Cipher!). You can read the entire review at the Cipher website, http://ieee-security.org/cipher.html] --------------------------------------------------------- "It's about the Benjamins" (presented by Serge Egelman) 61% of US computers infected, while people saying they want more security, so why the infections? What are the mitigation techniques? Experiment to pay people to install unknown executable using Mechanical Turk (Amazon) as experimental platform (paying $0.01, x5, x 10, x50, x100). Program would run for 1 hour and monitor if the user would quit. After the hour user gets the code and claims payment. For 50% of users they asked root privilege. Participation: 291/141/64 (viewed, download, exec) at 0.01$, through 1105/738/474 at 1$. People with antivirus had more malware than people without AV. Feedback based on the Mechanical Turk. Even security-diligent people would admit to infect their machine once the price was right. --------------------------------------------------------- Panel session: "the future of banking security and financial transactions for the 21st century" (chair Jean Camp) Ross Anderson. Interesting time in dynamics of payments systems. Two sides to the problem: a) you have to appeal to customers; b) big changes happen rarely. US has fight between retailers and customers: Walmart vs VISA/MasterCard. Issue with contactless where no PIN is used. How do we move towards a secure element in NFC-technology? Useful in many situations and markets such as the one in Affrica. There are no vendor plans to create secure applets that are inserted into the secure element of the phone; they just have an oyster-card-like tapped on the back. What we want: easy/secure way to do transactions. Hardware needs to be able to cope with new system, and maybe remove untraceability. Such payment schemes are going to take VISA/MasterCard out of the markets and they are very aware and afraid of this, so will try to limit market changes and innovation. All of this will involve some kind of legal discussions and new laws. What to do to make federated authentication work? Economic vision: how to do it well when your phone has 5 card tokens inside? What happens when your phone is taken/stolen? How many banks/institutions you need to call? Who is going to take up on responsibility? How to change business model such that banks and other institutions compete to be your friend? Ahmad-Reza Sadeghi. Based on discussions with German banks, security is not an issue but the business model. Social networks will be the basis for financial systems across different communities, exchanging information, credit and other financial stuff. Banks are observing this market and will probably create new communities to target the social factors. Injecting fake information in order to profit on the new system, will create a kind of anti-social network, where people will be afraid of all the social ads. We could see freedom fight vs terrorist patterns as users start to use the social network technologies. Steven M. Bellovin. Not sure if banks are stupid, greedy or ignorant. Banks design on the method "follow the money". Security analysis: fraud costs that much, security costs almost the same, so they really don't care. Banks don't seem to understand today's/yesterday's cyber attacks. They seem to understand just the physical attacks: very good at designing resistant vaults. Economic incentives of existing systems are wrong. Lenore D. Zuck. Focus on financial infrastructure in the US. There is very limited research and academic knowledge in the financial sector infrastructure. Only possible if we can come with a good funding proposal. Effort must come from academic community, to make the funding organizations move into pushing money. There are several areas which have received a lot of funding, e.g. botnets. FBI, NSF, others have been channeling money into this. NSF organising workshop on security of financial infrastructure (late 2009); result is that financial sector and academic community speak different languages. We need to get to a common sense of understanding. US payment systems settles 4.3 trillion $ a day VISA total amount is 5.4 trillion $ a year FBIIC and other organisations were organising a workshop for 2 days; financial community sees as having no threat, minor concerns on vanilla things: software correctness and insider threats. Difficult to openly admit that they have problems. Yesterday there was an attack on Morgan Stanley by Chinese hackers. Generally the systems are not secure but it is hard to analyse as they are closed systems. NIST and DSA are starting a funding program for financial security infrastructure, giving 2-5 million $, so basically nothing. Outcome: need to put more pressure to get more money. Questions Jon to Lenore: there are chunks of small amounts of money which can be easy to get. Can this be adapted for the academic world, just make a couple web pages and get the $10K? Answer: Not worth even doing the 2 web pages for just 10K $. Salvatore to Lenore: high network/infrastructure attacks are the big thing and were banks focus and say academics don't have knowledge/solutions. Ross: I worked in banks 25 years ago and things haven't changed. The security can be easily broken if you are within their space. The only solution is to train PhD students that then go into the banks and chop their systems and they can try to evolve those systems. Jean Camp: do banks actually talk to each other? Answer: of course they do, but nothing more secure comes out. Ross: unfortunately the risk assessment is done via multiple layers of management which remove any trace of real risk assessment from the low layers (i.e. engineers). Ahmad: we generated good PhD student that got accepted by the industry but within 2 years they are completely brain-washed. Don't see the solution to this. Lenore: dosn't matter how well we train students, since banks use 3rd party software in any solution. Banks believe that the PhD student can create secure software that works with their 3rd party applications. Ross: we need to be realistic about what important attacks can happen into the high level financial institution. The average guy from inside cannot do much. You can do organizational stuff and maybe terrorists could do a DDoS before christmass to bring down the payment market. Bernhard Esslinger: is there a big competition among banks to have less frauds than the other banks? Ahmad: they have numbers internally but there is no good outside transparency to actually see this is the case. The issue is: do we actually need banks at all? --------------------------------- Workshop on Ethics in Computer Security Research Enforcing community standards for research on users of the tor anonymity network (presented by Christopher Soghoian) About Christopher: privacy researcher (Washington DC), advocate and PhD candidate. Focus on ISP/telco assisted government surveillance. He was the first ever in-house technologist at the US federal trade commission. In Tor the communication from Alice and Bob is via multiple servers/relays such as no single organization can control all of them. Nasty people might be running Tor servers. There are active vs passive rogue servers; is possible to detect active attacks (MITM servers) and Tor can block these. But there is nothing we can do for passive data collection. Government will not disclose passive listening, hackers cannot really be stopped, but what about researchers who spy on Tor? There are bad example of research studies. McCoy et al (PETS '08): shining a light on dark places; geolocate users; created exit node Tor server. Researchers did not seek or obtain prior legal analysis of their network; only asked a few minutes of a law processors; therefore the community was not very happy. Their university IRB (Institution Review Board) said that no rules were violated. Castelluccia et al. ('10) made a study on private information disclosure from web searches with stolen session cookies (captured over Wi-Fi network); they got data from 500-600 people/day from their network while sniffing. From 10 users they got opt-in consent for actively hack accounts. 1803 distinct Google users, 46% of which were logged into their accounts. The privacy of colleagues was much more considered than Tor users. Therefore we are unsure why they thought it was ok to sniff against people using Tor. Conclusions: a) first study specific to Tor, second using Tor just as a shortcut to more data; b) several other studies since (even ones awarded best paper); c) problem here with privacy of Tor users: something should be done; d) also there is a problem in that this kind of action as a violation is not well documented. McCoy et al. don't provide info on their web page about the negative community response. Should we discourage Tor snooping research? In Christian's perspective definitely Yes. Should it be illegal if the FI does it? Google has engaged in a massive campaign of car-driving and Wi-Fi payload packet sniffing: claims this is not illegal therefore of course the FBI thinks it is clearly ok. We should establish standards for ethical work, and minimize user data collection and retention. Research should be legal in the country where it is performed. How to enforce the standard: reject academic papers that do not respect ethical considerations, at least on the top conferences; e.g. SOUPS now requires such kind of enforcement. Questions. Question: tcp-dump is not actually illegal in all research organisations. Answer: actually in US is illegal with minor exception that are related to the health of the network. Ross Anderson: not sure this is entirely a positive thing. In medical health the data records are made public for research, although there are many contra-arguments for privacy. Researchers make contributions based on that data. So there are disputes. Answer: I think the situation we have now is even worse than in the Tor example. George Danezis: I think the discussion is irrelevant as it is based on FBI and specific regulations, not general ethic point of view. Answer: we think there is a general ethic problem on the fact that researchers are sniffing for random reasons, regardless of local regulation. John McHugh: there is a problem if the Tor exit network is on a weak-protected Wi-Fi link. George: we published a paper here that shows how to break into facilities (RFID related). If we try to make such publications hard this will break against the principle of security disclosure for the goal of enforcing security. Answer: if we don't establish research community standards, thenpeople in DC will, and will do it in a bad way. Tyler Moore: an easy way to enforce the standard might be to publish a set of guidelines on the Tor website. Answer: pretty good idea. Maybe a few bullet-points to start using your server. ____________________________________________________________________ Book Review By Hilarie Orman 3/13/11 ____________________________________________________________________ Surveillance or Security? The Risks Posed by New Wiretapping Technologies by Susan Landau MIT Press 2010. ISBN 978-0-262-01530-1 383 pages, index, footnotes If you've ever wondered, "whither wiretap?", then you must read this new book, a successor to "Privacy on the Line". In a world of cell phones and Skype, post 9/11, how is US law enforcement changing its communications interceptions? This is a murky world, built around a patchwork of legislation addressing a shifting technological world, and Susan Landau has drawn on extensive public and confidential resources to explain it for the layman. Landau's well-researched writing is a superb resource for the citizen who wants to be an informed participant in the civil rights debate that is succinctly summarized in the title. The technology of the Internet, which has moved from being data on a voice network to carrying voice on a data network, is integral to the new world of surveillance, and the book has clear descriptions of the architecture, its security (or non-security) history, its vulnerabilities, and the challenges it presents for wiretap. In the new world of wiretap, the government has moved aggressively into massive fiber optic data capture, automated remote Internet packet interception, and deep packet inspection. You might ask, "Aren't court orders required?", and the answer is "yes", but the devil is in the details, and Landau is a skilled guide through the thicket of the legalties, both in theory, and, fascinatingly, in some examples of practice outside the legalities. There are fundamental questions surrounding the utility of surveillance, and Landau examines many of them, based on interviews, documents, and court decisions. How effective are the wiretap technologies in achieving their ultimate aim, the protection citizens from criminal harm? How many wiretaps are being done, is the number increasing as the technology becomes more deeply embedded in the equipment at ISPs? Can Internet surveillance be avoided? What are its successes and failures? Is law enforcement at odds with Internet innovation? Landau's contribution is as much in how she pursues these questions as in the answers that she has gleaned. Legislation, court documents, industry practices, and discussions with insiders and journalists can be fit together into a logical framework, a timeline, and a set of logical trends. Readers of this book can move forward in developing their own opinions on wiretap using more facts and fewer conspiracy theories. Does a nation have to sacrifice security for surveillance, or should the question be, does surveillance entail less security? Every technology has its weak points, and automated surveillance may open vulnerabilities that can be exploited by enemies of security. If these questions interest you, there is no better book to read than this. ____________________________________________________________________ Book Review By Richard Austin 3/12/2011 ____________________________________________________________________ Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry by Harlan Carvey Syngress 2011. ISBN 978-1-56749-580-6 amazon.com USD 62.95 Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry by Harlan Carvey. Syngress, 2011. ISBN 978-1-56749-580-6 amazon.com USD 62.95 In his last book "Windows Forensic Analysis, 2ed" (reviewed in the July, 2009 Cipher), Carvey introduced registry analysis in a single chapter. In the four chapters of this short book, he provides a much expanded view of the capabilities of registry analysis in both incident response and forensic investigation (though those two activates are definitely starting to merge). Carvey is a pleasure to read because of his deep knowledge of the material gained through sustained practice of the techniques and a knack for organizing and communicating technical detail in a comprehensible manner. In Chapter 1, "Registry Analysis", Carvey explains what the registry is, the treasure trove of information that is contained within it and tantalizing glimpses of what its analysis may reveal about the history of a system and the activities of its users (covered in detail in later chapters). The reader may be tempted to skip ahead (Chapter 4 was a definite magnet) but the foundational material is quite important to later topics. In Chapter 2, "Tools", Carvey offers a tour of a variety of tools (mostly Open Source) that are used in registry analysis. This chapter introduces "RegRipper", the tool that Carvey developed for his own use and has made available to the community. Written as Perl scripts (but also made available as .EXE files on the companion CD), these tools are both easy to use and extremely useful in making sense of registry contents. I contrast to the classic "tool catalog", the tools are presented in the context of how they are used, the information they provide and the overall part they play in an analysis. Chapter 3, "Case Studies: The System", begins the real "meat" of the book: how you actually use registry analysis in practice. As Carvey notes, much written about "registry analysis" consists of long lists (or worse, spreadsheets) of registry keys with no real insight provided in how they relate to one another or how they're used in answering questions of fact about actions in the real world. In contrast, he explores the system-related hives in the context of particular types of information (e.g., firewall policies) and shows what information the registry stores and how it can be retrieved in intelligible form. Sidebars are sprinkled through the chapter providing insights from real investigations on how that information fitted into the overall scenario. Chapter 4, "Case Studies: Tracking User Activity", focuses on what the registry can tell an analyst about the activities of a system's user(s). From searches to "the Trojan defense", Carvey walks the reader through how user activities leave traces in the registry record and how an analyst can use those traces to reconstruct the story of what likely happened in the real world. For the incident responder or forensic analyst, this is a must-read book that will equip them to make use of the wealth of information in the Windows registry to be more effective in accomplishing their daily tasks. In addition to the details of registry analysis, Carvey sprinkles much worthwhile detail about the investigative process itself throughout the book. The tools CD contains many of the tools mentioned in the book and I heartily compliment Carvey on providing both Perl scripts and their compiled version (is your humble correspondent the only one who always seems to be missing one required Perl library or another?). The book does have some minor flaws in the text (some typos, mismatched and mislabeled figures, etc) that should have been caught by the copy editor but they are at worst minor distractions from an excellent and worthwhile read. -------- Before beginning life as an itinerant university instructor and security consultant, Richard Austin (http://cse.spsu.edu/raustin2) spent 30+ years in the IT industry in positions ranging from software developer to security architect. He welcomes your thoughts and comments at raustin2 at spsu dot edu ==================================================================== News Items ==================================================================== ____________________________________________________________________ National Science Foundation Trustworthy Computing program ____________________________________________________________________ Carl Landwehr has said that academic researchers who are interested in funding opportunities and who are interested in occasional public announcements related to the National Science Foundation's Trustworthy Computing program, can subscribe to the new mailing list: trustworthy-computing-announce To subscribe, just send an e-mail from the address where you wish to receive messages to: join-trustworthy-computing-announce@lists.nsf.gov ____________________________________________________________________ National Inventors Hall of Fame For Immediate Release March 3, 2011 Contact: Rini Paiva, 330.388.6160, rpaiva@invent.org National Inventors Hall of Fame Announces 2011 Inductees ____________________________________________________________________ Inventors of Digital Camera, First Bar Code, Industrial Robot, and Defibrillator Batteries to be Honored Alexandria VA (March 3, 2011) - Continuing to celebrate its mission of recognizing and fostering invention, the National Inventors Hall of Fame has announced its 2011 Inductees. The life-changing innovations that have come about through this year's class include the sensor that makes cameras in today's cell phones possible, the battery that powers most implantable defibrillators, and the basis of exchanging secure information over the Internet. This year's Induction ceremony, sponsored in part by the United States Patent and Trademark Office and the Kauffman Foundation, will take place on May 4 at the historic Patent Office Building, now the Smithsonian American Art Museum and the National Portrait Gallery, in Washington, D.C. The location is particularly appropriate because this year's class of inductees includes a group of 29 historical inventors who will be recognized posthumously, most of whom would have submitted patent applications to the same building where they will be honored. The National Inventors Hall of Fame 2011 Inductees are: Living: George Devol Unimate Industrial Robot - George Devol's patent for the first digitally operated programmable robotic arm represents the foundation of the modern robotics industry. The first Unimate industrial robot was installed at an automotive plant in 1961. Unimation, Inc. soon began full scale production, expanding to include robots that could weld, print, and assemble. Today, industrial robots have transformed factories into safer places and improved products with precision and consistency. Whitfield Diffie, Martin Hellman, Ralph Merkle Public-key Cryptography - In 1976, Whitfield Diffie, Martin Hellman, and Ralph Merkle developed public key cryptography (PKC), a radically new method for securing electronic communications. PKC provides security on the otherwise highly insecure Internet, making it vital to such areas as e-commerce. Eric Fossum CMOS Active Pixel Image Sensor - Eric Fossum, now at Dartmouth College, led the team at NASA's Jet Propulsion Laboratory that created the CMOS active pixel sensor camera-on-a-chip. Today, CMOS image sensors are a fixture in camera phones, and other applications include digital SLR cameras, embedded web-cams, automotive safety systems, swallowable pill cameras, toys and video games, and wireless video-security networks. Worldwide annual revenue for the technology is estimated to reach $6 billion in 2011. Gary Michelson Spinal Surgical Devices - Orthopedic spinal surgeon Gary Michelson has a portfolio of over 250 U.S. and 500 foreign patents related to minimally invasive spinal fusion methods, instruments, and implants. These inventions have made spinal surgery safer, faster, more effective, and less expensive. Steve Sasson Digital Camera - In 1975, Kodak engineer Steve Sasson created a device that captured an image, converted it to an electronic signal, digitized the signal, and stored the image: the first digital camera. In 2008, 73% of Americans owned a digital camera and 34 million digital cameras were sold in the U.S., generating $7 billion in revenue. Virtually all of today's digital cameras rely on the same structure invented in 1975. Esther Takeuchi Lithium/Silver Vanadium Oxide (Li/SVO) Battery - Energy storage expert Esther Takeuchi, now at the University at Buffalo, led efforts at Greatbatch, Inc. to invent and refine the lifesaving Li/SVO battery technology, utilized in the majority of today's implantable cardioverter defibrillators (ICDs). ICD batteries have high energy density with the ability to support intermittent high-power pulses. In addition, they have a long life, are safe, and are durable. Today, over 300,000 ICDs are implanted every year. N. Joseph Woodland, Bernard Silver (1935-1963) First Optically Scanned Bar Code - Joe Woodland and Bernard Silver (deceased) invented the first optically scanned barcode, prompted in their work in 1948 after Silver overheard a food chain executive discussing his wish to capture product information at checkout. Today, the barcode has many applications, including tracking shipped packages, patient identification in hospitals, gift registries, and floor control in warehouses. It is estimated that five billion scans take place daily worldwide. "We're pleased to present such a stellar group of 2011 Inductees," said Edward Gray, Chairman of the Board of Directors of the National Inventors Hall of Fame, "We hope that their accomplishments remind us of the great innovation in America's past and the importance to America of continued innovation today." The National Inventors Hall of Fame annually accepts nominations for men and women whose work has changed society and improved the quality of life. The candidate's invention must be covered by a United States patent, and the work must have had a major impact on society, the public welfare, and the progress of science and the useful arts. About the Hall of Fame The National Inventors Hall of Fame is the premier non-profit organization in America dedicated to honoring legendary inventors whose innovations and entrepreneurial endeavors have changed the world. Founded in 1973 by the United States Patent and Trademark Office and the National Council of Intellectual Property Law Association, the Hall of Fame will have 460 Inductees with its 2011 Induction. The National Inventors Hall of Fame and Museum is located in the atrium of the Madison Building on the campus of the United States Patent and Trademark Office, at 600 Dulany Street, Alexandria, VA. Hall of Fame hours are Monday through Friday 9 AM to 5 PM, and Saturday from Noon to 5 PM (closed Sundays and federal holidays). Admission is free. For more information on the National Inventors Hall of Fame, including Inductee nomination forms, and a full listing of Inductees, please visit http://www.invent.org. For more information, visit http://www.invent.org/presskit/2011 ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== New, Posted February 2011 The University of Texas at Dallas Richardson/Dallas, Texas Assistant/Associate/Professor Until position filled http://csrc.utdallas.edu/UTD-Cyber-Security-Faculty-Position.pdf For older postings, see http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow "ciphernews" ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 3/15/11: SADFE, International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, http://conf.ncku.edu.tw/sadfe/sadfe11/; Submissions are due 3/15/11- 3/16/11: CSC, Workshop on Cryptography and Security in Clouds, Zurich, Switzerland http://www.zurich.ibm.com/~cca/csc2011/ 3/18/11: STM, 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk; http://www.isac.uma.es/stm11 Submissions are due 3/20/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; http://pstnet.unb.ca/pst2011 Submissions are due 3/21/11: ESORICS, 16th European Symposium on Research in Computer Security, Leuven, Belgium; https://www.cosic.esat.kuleuven.be/esorics2011/ Submissions are due 3/21/11: SESOC, 3rd International Workshop on Security and Social Networking, Held in conjunction with the PerCom 2011, Seattle, WA, USA, http://www.sesoc.org 3/21/11- 3/25/11: SAC-TRECK, 26th ACM Symposium on Applied Computing, Track: Trust, Reputation, Evidence and other Collaboration Know-how (TRECK), TaiChung, Taiwan; http://www.trustcomp.org/treck/ 3/22/11: ESAS, 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany; http://compsac.cs.iastate.edu/workshop_details.php?id=32&y Submissions are due 3/23/11- 3/25/11: IFIP-CIP, 5th Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA; http://www.ifip1110.org 3/25/11: W2SP, Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA; http://w2spconf.com/2011/cfp.html Submissions are due 3/29/11: FCS, Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada; http://www.di.ens.fr/~blanchet/fcs11/; Submissions are due 3/29/11: LEET, 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Boston, MA, USA; http://www.usenix.org/events/leet11/cfp/ 3/31/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, http://raid2011.org; Submissions are due 4/ 1/11: VizSec, 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA; http://www.vizsec2011.org/ Submissions are due 4/ 4/11: NSPW, New Security Paradigms Workshop, Marin County, CA, USA; http://www.nspw.org; Submissions are due 4/ 5/11: HealthSec, 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/healthsec11/cfpa/ Submissions are due 4/ 6/11- 4/ 8/11: RFIDsec-Asia, Workshop on RFID Security, Wuxi, China; http://wuxi.ss.pku.edu.cn/~RFIDSec2011/ 4/ 8/11: ASA, 5th International Workshop on Analysis of Security APIs, Paris, France; http://www.lsv.ens-cachan.fr/~steel/asa5/ Submissions are due 4/18/11: CSET, 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/events/cset11/cfp/ Submissions are due 4/20/11: EVT/WOTE, Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/evtwote11/cfpa Submissions are due 4/24/11: PBD, 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria; http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=53; Submissions are due 4/26/11: IWSEC, 6th International Workshop on Security, Tokyo, Japan; http://www.iwsec.org/2011/index.html; Submissions are due 5/ 2/11: WOOT, 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/woot11/cfpa/ Submissions are due 5/ 5/11: HotSec, 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/hotsec11/cfpa; Submissions are due 5/ 6/11: ACM-CCS, 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA; http://www.sigsac.org/ccs/CCS2011/ Submissions are due 5/ 9/11: SAC, 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada; http://sac2011.ryerson.ca/SAC11_poster.pdf Submissions are due 5/10/11: CRiSIS, 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania; http://www.crisis-conference.org/ Submissions are due 5/11/11: NSS, 5th International Conference on Network and System Security, Milan, Italy; http://anss.org.au/nss2011 Submissions are due 5/16/11: SecureComm, 7th International Conference on Network Security & Privacy London, United Kingdom; http://www.securecomm.org Submissions are due 5/18/11- 5/20/11: IH, 13th Information Hiding Conference, Prague, Czech Republic; http://www.ihconference.org/ 5/18/11- 5/21/11: SAR/SSI, International Conference on Network and Information Systems Security, La Rochelle, France; http://sarssi-conf.org 5/20/11: Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing; http://www3.interscience.wiley.com/journal/114299116/home Submissions are due 5/22/11- 5/25/11: SP, 32nd IEEE Symposium on Security & Privacy, The Claremont Resort, Berkeley/Oakland, California, USA; http://oakland32-submit.cs.ucsb.edu/ 5/26/11: SADFE, International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA; http://conf.ncku.edu.tw/sadfe/sadfe11/ 5/26/11: W2SP, Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA; http://w2spconf.com/2011/cfp.html 5/30/11: MetriSec, 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada; http://metrisec2011.cs.nku.edu/ Submissions are due 5/30/11- 6/ 1/11: ISPEC, 7th Information Security Practice and Experience Conference, Guangzhou, China; http://ispec2011.jnu.edu.cn/ 6/ 1/11- 6/ 3/11: WISTP, 5th Workshop in Information Security Theory and Practice, Heraklion, Crete, Greece; http://www.wistp.org/ 6/ 5/11- 6/ 9/11: ICC-CISS, IEEE ICC 2011, Communication and Information Systems Security Symposium, Kyoto, Japan; http://www.ieee-icc.org/2011 6/ 5/11- 6/ 6/11: HOST, 4th IEEE International Sympoium on Hardware-Oriented Security and Trust, San Diego, CA, USA; http://www.engr.uconn.edu/HOST/ 6/ 6/11- 6/ 8/11: POLICY, 12th IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy; http://ieee-policy.org 6/ 7/11- 6/ 9/11: IFIP-SEC, 26th IFIP TC-11 International Information Security Conference, Luzern, Switzerland; http://www.sec2011.org/ 6/ 7/11- 6/10/11: ACNS, 9th International Conference on Applied Cryptography and Network Security, Nerja, Malaga, Spain; http://www.isac.uma.es/acns2011/ 6/14/11- 6/17/11: WiSec, 4th ACM Conference on Wireless Network Security, Hamburg, Germany; http://www.sigsac.org/wisec/WiSec2011 6/15/11- 6/17/11: SACMAT, 16th ACM Symposium on Access Control Models and Technologies, Innsbruck, Austria; http://sacmat.org/ 6/20/11: D-SPAN, 2nd IEEE International Workshop on Data Security and PrivAcy in wireless Networks, Held in conjunction with IEEE WoWMoM 2011, Lucca, Italy; http://home.gwu.edu/~nzhang10/DSPAN2011/ 6/20/11: FCS, Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada; http://www.di.ens.fr/~blanchet/fcs11/ 6/22/11- 6/24/11: TRUST, 4th International Conference on Trust and Trustworthy Computing, Pittsburgh, PA, USA; http://www.trust2011.org 6/27/11- 6/28/11: STM, 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk; http://www.isac.uma.es/stm11 6/27/11- 6/29/11: CSF, 24th IEEE Computer Security Foundations Symposium, Domaine de l'Abbaye des Vaux-de-Cernay, France; http://csf2011.inria.fr/ 6/29/11- 7/ 1/11: IFIPTM, 5th IFIP International Conference on Trust Management Copenhagen, Denmark; http://www.ifiptm.org/ 6/30/11: TrustCom, 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China; http://trust.csu.edu.cn/conference/trustcom2011 Submissions are due 6/30/11: ASA, 5th International Workshop on Analysis of Security APIs, Paris, France; http://www.lsv.ens-cachan.fr/~steel/asa5/ 7/ 7/11- 7/ 8/11: DIMVA, 8th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Amsterdam, The Netherlands; http://www.dimva.org/dimva2011 7/11/11- 7/13/11: DBSec, 25th Annual WG 11.3 Conference on Data and Applications Security and Privacy, Richmond, Virginia, USA; http://www.egr.vcu.edu/dbsec2011/ 7/18/11- 7/22/11: ESAS, 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany; http://compsac.cs.iastate.edu/workshop_details.php?id=32&y 7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; http://pstnet.unb.ca/pst2011 7/20/11: VizSec, 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA; http://www.vizsec2011.org/ 7/22/11- 7/24/11: ID, ACM/Springer International Workshop on Identity: Security Management & Applications, Kochi, Kerala, India; http://www.acc-rajagiri.org/ID2011.html 7/27/11- 7/29/11: PETS, 11th Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada; http://petsymposium.org/2011/ 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; http://www.dfrws.org 8/ 8/11: CSET, 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium (USENIX Security 2011), San Francisco, CA, USA; http://www.usenix.org/events/cset11/cfp/ 8/ 8/11: WOOT, 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/woot11/cfpa/ 8/ 8/11- 8/ 9/11: EVT/WOTE, Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/evtwote11/cfpa 8/ 9/11: HealthSec, 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/healthsec11/cfpa/ 8/ 9/11: HotSec, 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA; http://www.usenix.org/hotsec11/cfpa 8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA; https://db.usenix.org/events/sec11/cfp/ 8/11/11- 8/12/11: SAC, 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada; http://sac2011.ryerson.ca/SAC11_poster.pdf 8/22/11- 8/26/11: PBD, 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria; http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=53 9/ 6/11- 9/ 8/11: NSS, 5th International Conference on Network and System Security, Milan, Italy; http://anss.org.au/nss2011 9/ 7/11- 9/ 9/11: SecureComm, 7th International Conference on Network Security & Privacy, London, United Kingdom; http://www.securecomm.org 9/12/11- 9/14/11: ESORICS, 16th European Symposium on Research in Computer Security, Leuven, Belgium; https://www.cosic.esat.kuleuven.be/esorics2011/ 9/12/11- 9/15/11: NSPW, New Security Paradigms Workshop, Marin County, CA, USA; http://www.nspw.org 9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy; http://www.safecomp2011.unina.it/ 9/20/11- 9/21/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA; http://raid2011.org 9/21/11: MetriSec, 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada; http://metrisec2011.cs.nku.edu/ 9/26/11- 9/28/11: CRiSIS, 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania; http://www.crisis-conference.org/ 10/17/11-10/21/11: ACM-CCS, 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA; http://www.sigsac.org/ccs/CCS2011/ 11/ 8/11-11/10/11: IWSEC, 6th International Workshop on Security, Tokyo, Japan; http://www.iwsec.org/2011/index.html 11/16/11-11/18/11: TrustCom, 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China; http://trust.csu.edu.cn/conference/trustcom2011 ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E100) ___________________________________________________________________ SADFE 2011 International Workshop on Systematic Approaches to Digital Forensic Engineering, Held in conjunction with the IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 15 March 2011) http://conf.ncku.edu.tw/sadfe/sadfe11/ The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop promotes systematic approaches to cyber crime investigations, by furthering the advancement of digital forensic engineering as a disciplined science and practice. Today's digital artifacts permeate our lives and are part of every crime and every case of digital discovery. The field of digital forensics faces many challenges, including scale, scope and presentation of highly technical information in legal venues to nontechnical audiences. Digital evidence may be extant for only nanoseconds or for years; they may consist of a single modified bit, or huge volumes of data; they may be found locally or spread globally throughout a complex digital infrastructure on public or private systems. Following the success of previous SADFE workshops, cyber crime investigations and digital forensics tools will continue to be the key topics of the meeting. We also welcome a broader range of digital forensics papers that do not necessarily involve either crime or digital forensics tools. General attack analysis, the insider threat, insurance and compliance investigations, similar forms of retrospective analysis, and digital discovery are all viable topics. Past speakers and attendees of SADFE have included computer and information scientists, social scientists, digital forensic practitioners, IT professionals, law enforcement, lawyers, and judges. The synthesis of science with practice and the law with technology form the foundation of this conference. SADFE addresses the gap between today's practice and the establishment of digital forensics as a science. To advance the field, SADFE-2011 solicits broad-based, innovative approaches to digital forensic engineering in the following four areas: - Digital Data and Evidence Management: advanced digital evidence discovery, collection, and storage - Scientific Principle-based Digital Forensic Processes: systematic engineering processes supporting digital evidence management which are sound on scientific, technical and legal grounds - Digital Evidence Analytics: advanced digital evidence analysis, correlation, and presentation - Forensic-support technologies: forensic-enabled and proactive monitoring/response To honor the outstanding work in digital forensics, the SADFE will provide awards for the highest overall quality papers and posters from the accepted program, as measured by scientific contribution, depth, and impact. A student must be the first author to be eligible for the best student paper award. ------------------------------------------------------------------------- STM 2011 7th International Workshop on Security and Trust Management, Held in conjunction with IFIPTM 2011, Copenhagen, Denamrk, June 27-28, 2011. (Submissions due 18 March 2011) http://www.isac.uma.es/stm11 STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM'11 is the seventh workshop in this series and will be held in Copenhagen, Denmark in conjunction with IFIPTM 2011. Topics of interest include, but are not limited to: - access control - cryptography - digital right management - economics of security - key management - ICT for securing digital as well as physical assets - identity management - networked systems security - privacy and anonymity - reputation systems and architectures - security and trust management architectures - semantics and computational models for security and trust - trust assessment and negotiation - trust in mobile code - trust in pervasive environments - trust models - trust management policies - trusted platforms and trustworthy systems - trustworthy user devices ------------------------------------------------------------------------- PST 2011 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada, July 19-21, 2011. (Submissions due 20 March 2011) http://pstnet.unb.ca/pst2011 PST2011 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2011 will include an Innovation Day featuring workshops and tutorials followed by two days of high-quality research papers whose topics include, but are NOT limited to, the following: - Privacy Preserving / Enhancing Technologies - Critical Infrastructure Protection - Network and Wireless Security - Operating Systems Security - Intrusion Detection Technologies - Secure Software Development and Architecture - PST Challenges in e-Services, e.g. e-Health, e-Government, e Commerce - Network Enabled Operations - Digital forensics - Information Filtering, Data Mining and Knowledge from Data - National Security and Public Safety - Security Metrics - Recommendation, Reputation and Delivery Technologies - Continuous Authentication - Trust Technologies, Technologies for Building Trust in e-Business Strategy - Observations of PST in Practice, Society, Policy and Legislation - Digital Rights Management - Identity and Trust management - PST and Cloud Computing - Human Computer Interaction and PST - Implications of, and Technologies for, Lawful Surveillance - Biometrics, National ID Cards, Identity Theft - PST and Web Services / SOA - Privacy, Traceability, and Anonymity - Trust and Reputation in Self-Organizing Environments - Anonymity and Privacy vs. Accountability - Access Control and Capability Delegation - Representations and Formalizations of Trust in Electronic and Physical Social Systems ------------------------------------------------------------------------- ESORICS 2011 16th European Symposium on Research in Computer Security, Leuven, Belgium, September 12-14, 2011. (Submissions due 21 March 2011) https://www.cosic.esat.kuleuven.be/esorics2011/ ESORICS is the annual European research event in Computer Security. The Symposium started in 1990 and has been held in several European countries, attracting a wide international audience from both the academic and industrial communities. Papers offering novel research contributions in computer security are solicited for submission to the Symposium. The primary focus is on original, high quality, unpublished research and implementation experiences. Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. We encourage submissions of papers discussing industrial research and development. Suggested topics include but are not restricted to: - Access Control - Accountability - Ad hoc Networks - Anonymity - Applied Cryptography - Attacks and Viral Software - Authentication and Delegation - Biometrics - Database Security - Digital Content Protection - Distributed Systems Security - Electronic Payments - Embedded Systems Security - Inference Control - Information Hiding - Identity Management - Information Flow Control - Integrity - Intrusion Detection - Formal Security Methods - Language-Based Security - Network Security - Phishing and Spam Prevention - Privacy - Risk Analysis and Management - Secure Electronic Voting - Security Architectures - Security Economics - Security and Privacy Policies - Security for Mobile Code - Security in Location Services - Security in Social Networks - Security Models - Security Verification - Software Security - Steganography - Systems Security - Trust Models and Management - Trustworthy User Devices - Web Security - Wireless Security ------------------------------------------------------------------------- ESAS 2011 6th IEEE International Workshop on Engineering Semantic Agent Systems, Held in conjunction with IEEE COMPSAC 2011, Munich, Germany, July 18-22, 2011. (Submissions due 22 March 2011) http://compsac.cs.iastate.edu/workshop_details.php?id=32&y Semantic web technologies render dynamic, heterogeneous, distributed, shared semantic content equally accessible to human reader and software agents. ESAS Workshops Series focuses on concepts, foundations and applications of semantic agent systems and bringing forward better practices of engineering them. Research and technologies related to Semantic Web and agent systems are very much in focus at ESAS. Topics of interest span a wide spectrum of both theory and practice of semantics and agent architectures, including software agents, mobile agents, autonomous semantic agents, context-aware intelligent agents, agents as semantic web services, multi-agent systems, agent communities, cooperation and goal seeking through shared policy and ontology, safety & security in semantic multi-agent information systems, and other QoS issues. ------------------------------------------------------------------------- W2SP 2011 Web 2.0 Security and Privacy 2011 Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2011), Berkeley, CA, USA, May 26, 2011. (Submissions due 25 March 2011) http://w2spconf.com/2011/cfp.html W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers and their eco-system. We have had four years of successful W2SP workshops. This year, we will additionally invite selected papers to a special issue of the journal. We are seeking both short position papers (2-4 pages) and longer papers (a maximum of 10 pages). The scope of W2SP 2011 includes, but is not limited to: - Trustworthy cloud-based services - Privacy and reputation in social networks - Security and privacy as a service - Usable security and privacy - Security for the mobile web - Identity management and psuedonymity - Web services/feeds/mashups - Provenance and governance - Security and privacy policies for composible content - Next-generation browser technology - Secure extensions and plug-ins - Advertisement and affiliate fraud - Measurement study for understanding web security and privacy ------------------------------------------------------------------------- FCS 2011 Workshop on Foundations of Computer Security, Held in conjunction with LICS 2011, Toronto, Ontario, Canada, June 20, 2011. (Submissions due 29 March 2011) http://www.di.ens.fr/~blanchet/fcs11/ Computer security is an established field of computer science of both theoretical and practical significance. In recent years, there has been increasing interest in logic-based foundations for various methods in computer security, including the formal specification, analysis and design of security protocols and their applications, the formal definition of various aspects of security such as access control mechanisms, mobile code security and denial-of-service attacks, and the modeling of information flow and its application to confidentiality policies, system composition, and covert channel analysis. The aim of the workshop FCS'11 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. ------------------------------------------------------------------------- RAID 2011 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA, September 20-21, 2011. (Submissions due 31 March 2011) http://raid2011.org This symposium, the 14th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series furthers advances in intrusion defense by promoting the exchange of ideas in a broad range of topics. As in previous years, all topics related to intrusion detection, prevention and defense systems and technologies are within scope, including but not limited to the following: - Network and host intrusion detection and prevention - Anomaly and specification-based approaches - IDS cooperation and event correlation - Malware prevention, detection, analysis, containment - Web application security - Insider attack detection - Intrusion response, tolerance, and self-protection - Operational experiences with current approaches - Intrusion detection assessment and benchmarking - Attacks against intrusion detection systems - Formal models, analysis, and standards - Deception systems and honeypots - Vulnerability analysis and forensics - Adversarial machine learning for security - Visualization techniques - High-performance intrusion detection - Legal, social, and privacy issues - Network exfiltration detection - Botnet analysis, detection, and mitigation - Cyber-physical systems ------------------------------------------------------------------------- VizSec 2011 8th International Symposium on Visualization for Cyber Security, Held in conjunction with the Symposium on Usable Privacy and Security (SOUPS 2011), Pittsburgh, PA, USA, July 20, 2011. (Submissions due 1 April 2011) http://www.vizsec2011.org/ The annual symposium joins academic, government, and industry leaders from around the globe to share the latest developments and applications of visualization techniques to address current cyber security challenges. Researchers and practitioners are invited to submit technical papers and panel session proposals that offer a novel contribution to security visualization. Papers are encouraged on new visualization technologies and methods that have been applied and demonstrated to be useful in a range of security domains including, but not limited to, computer forensics, risk assessment, cryptography, malware analysis, and situational awareness. ------------------------------------------------------------------------- NSPW 2011 New Security Paradigms Workshop, Marin County, CA, USA, September 12-15, 2011. (Submissions due 4 April 2011) http://www.nspw.org The New Security Paradigms Workshop (NSPW) is seeking papers that address the current limitations of information security. Today's security risks are diverse and plentiful - botnets, database breaches, phishing attacks, targeted cyber attacks - and yet present tools for combating them are insufficient. To address these limitations, NSPW welcomes unconventional, promising approaches to important security problems and innovative critiques of current security theory and practice. We are particularly interested in perspectives from outside computer security, both from other areas of computer science (such as operating systems, human-computer interaction, databases, programming languages, algorithms) and other sciences that study adversarial relationships such as biology and economics. We discourage papers that offer incremental improvements to security and mature work that is appropriate for standard information security venues. ------------------------------------------------------------------------- HealthSec 2011 2nd USENIX Workshop on Health Security and Privacy, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. (Position Paper Submissions due 5 April 2011) http://www.usenix.org/healthsec11/cfpa/ The focus of HealthSec '11 is the exploration of security and privacy issues that arise from the exploding quantity of digital personal health information, in both the provider and the patient settings. The Program Committee strongly encourages cross-disciplinary interactions between fields, including, but not limited to, technology, medicine, and policy. Surprising results and thought-provoking ideas will be strongly favored; complete papers with polished results in well-explored research areas are comparatively discouraged. We will select position papers that show potential to stimulate or catalyze further research and explorations of new directions, as well as extended abstracts that explore a specific issue a little more deeply, including preliminary results. Position papers are solicited on topics in all areas relating to healthcare information security and privacy, including: - Security and privacy models for healthcare information systems - Industry experience in securing healthcare information systems - Design and deployment of patient-oriented systems for securely accessing and managing personal health data - Security and privacy threats against existing and future medical devices--and countermeasures - Regulatory and policy issues of healthcare information systems - Privacy of medical information - Usability issues, especially combined with security constraints - Threat models for healthcare information systems ------------------------------------------------------------------------- ASA 2011 5th International Workshop on Analysis of Security APIs, Paris, France, June 30, 2011. (Position Paper Submissions due 8 April 2011) http://www.lsv.ens-cachan.fr/~steel/asa5/ Security APIs allow untrusted code to access sensitive resources in a secure way. Security API analysis is an emerging field of computer security research. The aim of the ASA workshop is to bring together researchers working in security API analysis for a day of presentations and discussions. Since the field is relatively young, polished research papers will not be solicited. Instead, the workshop will follow the format that was highly successful at ASA in 2007-10: prospective participants are invited to submit a short (1-4 page) abstract describing their current work and/or interests in the area. We plan to have two sessions of 20-minute talks by participants, with each session followed by informal discussion. There will also be a workshop dinner in the evening, and subject to confirmation, an invited speaker. The scope of ASA runs from theoretical results and formalisms for API analysis right through to applications and empirical results with security APIs deployed `in the field'. Applications of interest include (but are not limited to) financial applications (e.g. APIs of Hardware Security Modules), smartcard APIs, the Trusted Computing Architecture, and security APIs for web based systems. ------------------------------------------------------------------------- CSET 2011 4th Workshop on Cyber Security Experimentation and Test, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 18 April 2011) http://www.usenix.org/events/cset11/cfp/ The focus of CSET is on the science of cyber security evaluation, as well as experimentation, measurement, metrics, data, and simulations as those subjects relate to computer and network security. The science of cyber security is challenging for a number of reasons: - Data: There is an absence of data usable by the community. Moreover, there is no clear understanding of what good data would look like if it was obtained, and how the value of data changes over time. - Realism: Experiments must faithfully recreate the relevant features of the phenomena they investigate in order to obtain correct results, yet data about threats and the Internet landscape is sparse, modeling humans is hard, and issues of scaling (up or down) are not well understood. Hence careful reasoning about "realism" is required. - Rigor: Repeatability and correctness must be ensured in any scientific experimentation. These can be extremely hard to achieve. - Risk: Cyber security experiments naturally carry significant risk if not properly contained and controlled. At the same time, these experiments may well require some degree of interaction with the larger world to be useful. Meeting these challenges requires transformational advance in understanding of the relationship between scientific method and cyber security evaluation, as well as transformational advance in capability of the underlying resources and infrastructure and usability of the data. The 4th Workshop on Cyber Security Experimentation and Test (CSET '11) invites submissions on the science, design, architecture, construction, operation, and use of cyber security data and experiments. ------------------------------------------------------------------------- EVT/WOTE 2011 Electronic Voting Technology Workshop/ Workshop on Trustworthy Elections, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8-9, 2011. (Submissions due 20 April 2011) http://www.usenix.org/evtwote11/cfpa USENIX, ACCURATE, and IAVoSS are sponsoring the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11). EVT/WOTE brings together researchers from a variety of disciplines, ranging from computer science and human-computer interaction experts through political scientists, legal experts, election administrators, and voting equipment vendors. Papers should contain original research in any area related to electronic voting technologies and verifiable elections. Example applications include but are not limited to: - Ballot-box electronic voting systems - Remote electronic voting systems - Voter registration systems - Procedures for ballot auditing - Cryptographic (or non-cryptographic) verifiable election schemes ------------------------------------------------------------------------- PBD 2011 1st International Workshop on Privacy by Design, Held in conjunction with the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, August 22-26, 2011. (Submissions due 24 April 2011) http://www.ares-conference.eu/conf/index.php?option=com_content&view=article&id=53 While data privacy was in the past mainly assured through procedures, laws or static access control policies, these protection mechanisms tend to be ineffective once data is ubiquitously available, outsourced to partially untrusted servers or processed by third parties. In addition, most current approaches towards achieving privacy - such as anonymisation and aggregation - are either incompatible with the increasing complexity of data usage or easy to compromise due to advances in statistical analysis and availability of side-information. Recent research tries to provide technical solutions in order to minimize the exposure of sensitive data while still allowing data-driven business models. For example, cryptographic schemes such as Secure Multiparty Computation, data-centric protection schemes such as Enterprise Rights Management or trusted virtualization technologies may be used to make IT systems intrinsically privacy friendly, finally contributing to the vision of "privacy by design". The aim of the workshop is to bring together researchers, systems engineers and privacy professionals in order to drive the concept of Privacy by Design and discuss implementation aspects as well as the surrounding legal and economic issues. The main topics of interest comprise but are not limited to: - design issues of privacy-enhanced systems - cryptographic approaches for privacy - practical aspects of Secure Multiparty Computation - data centric security - Information/Enterprise Rights Management - privacy-enhanced system architectures - privacy and biometrics - privacy in the cloud - Privacy Enhancing Technologies - censorship resistance - economic and legal aspects of privacy - usability of Privacy Enhancing Technologies ------------------------------------------------------------------------- IWSEC 2011 6th International Workshop on Security, Tokyo, Japan, November 8-10, 2011. (Submissions due 26 April 2011) http://www.iwsec.org/2011/index.html Original papers on the research and development of various security topics are solicited for submission to IWSEC 2011. Topics of interest for IWSEC 2011 include but are not limited to: - Foundations of Security - Security in Networks and Ubiquitous Computing Systems - Security in Real Life Applications ------------------------------------------------------------------------- WOOT 2011 5th USENIX Workshop on Offensive Technologies, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 8, 2011. (Submissions due 2 May 2011) http://www.usenix.org/woot11/cfpa/ Computer security is unique among systems disciplines in that practical details matter and concrete case studies keep the field grounded in practice. WOOT provides a forum for high-quality, peer-reviewed papers discussing tools and techniques for attack. Submissions should reflect the state of the art in offensive computer security technology, either surveying previously poorly known areas or presenting entirely new attacks. Submission topics include but are not limited to: - Vulnerability research (software auditing, reverse engineering) - Penetration testing - Exploit techniques and automation - Network-based attacks (routing, DNS, IDS/IPS/firewall evasion) - Reconnaissance (scanning, software, and hardware fingerprinting) - Malware design and implementation (rootkits, viruses, bots, worms) - Denial-of-service attacks - Web and database security - Weaknesses in deployed systems (VoIP, telephony, wireless, games) - Practical cryptanalysis (hardware, DRM, etc.) ------------------------------------------------------------------------- HotSec 2011 6th USENIX Workshop on Hot Topics in Security, Held in conjunction with the 20th USENIX Security Symposium, San Francisco, CA, USA, August 9, 2011. (Submissions due 5 May 2011) http://www.usenix.org/hotsec11/cfpa HotSec is renewing its focus by placing singular emphasis on new security ideas and problems. Works reflecting incremental ideas or well understood problems will not be accepted. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. HotSec takes a broad view of security and privacy and encompasses research on topics including but not limited to: - Large-scale threats - Network security - Hardware security - Software security - Physical security - Programming languages - Applied cryptography - Privacy - Human-computer interaction - Emerging computing environment - Sociology - Economics ------------------------------------------------------------------------- ACM-CCS 2011 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, October 17-21, 2011. (Submissions due 6 May 2011) please see http://www.sigsac.org/ccs/CCS2011/ The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. ------------------------------------------------------------------------- SAC 2011 18th International Workshop on Selected Areas in Cryptography, Toronto, Ontario, Canada, August 11-12, 2011. (Submissions due 9 May 2011) http://sac2011.ryerson.ca/SAC11_poster.pdf The Workshop on Selected Areas in Cryptography (SAC) is an annual conference dedicated to specific themes in the area of cryptographic system design and analysis. Authors are encouraged to submit original papers related to the themes for the SAC 2011 workshop: - Design and analysis of symmetric key primitives and cryptosystems, including block and stream ciphers, hash functions, and MAC algorithms. - Efficient implementations of symmetric and public key algorithms. - Mathematical and algorithmic aspects of applied cryptology. - Cryptographic tools and methods for securing clouds. ------------------------------------------------------------------------- CRiSIS 2011 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania, September 26-28, 2011. (Submissions due 10 May 2011) http://www.crisis-conference.org/ The topics addressed by CRiSIS range from the analysis of risks, attacks to networks and system survivability, passing through security models, security mechanisms and privacy enhancing technologies. Prospective authors are invited to submit research results as well as practical experiment or deployment reports. Industrial papers about applications and case studies, such as telemedicine, banking, e-government and critical infrastructure, are also welcome. The list of topics includes but is not limited to: - Analysis and management of risks - Attacks and defences - Attack data acquisition and network monitoring - Cryptography, Biometrics, Watermarking - Dependability and fault tolerance of Internet applications - Distributed systems security - Embedded system security - Intrusion detection and Prevention systems - Hardware-based security and Physical security - Trust management - Organizational, ethical and legal issues - Privacy protection and anonymization - Security and dependability of operating systems - Security and safety of critical infrastructures - Security and privacy of peer-to-peer system - Security and privacy of wireless networks - Security models and security policies - Security of new generation networks, security of VoIP and multimedia - Security of e-commerce, electronic voting and database systems - Traceability, metrology and forensics - Use of smartcards and personal devices for Internet applications - Web security ------------------------------------------------------------------------- NSS 2011 5th International Conference on Network and System Security, Milan, Italy, September 6-8, 2011. (Submissions due 11 May 2011) http://anss.org.au/nss2011 NSS is an annual international conference covering research in network and system security. The 5th International Conference on Network and System Security (NSS 2011) will be held in Milan, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include, but are not limited to: - Active Defense Systems - Adaptive Defense Systems - Analysis, Benchmark of Security Systems - Authentication - Biometric Security - Complex Systems Security - Database and System Security - Data Protection - Data/System Integrity - Distributed Access Control - Distributed Attack Systems - Denial-of-Service - Electronic Communication Privacy - High Performance Network Virtualization - High Performance Security Systems - Hardware Security - Identity Management - Intelligent Defense Systems - Insider Threats - Intellectual Property Rights Protection - Internet and Network Forensics - Intrusion Detection and Prevention - Key Distribution and Management - Large-Scale Attacks and Defense - Malware - Network Resiliency - Network Security - RFID Security and Privacy - Security Architectures - Security for Critical Infrastructures - Security in P2P Systems - Security in Cloud and Grid Systems - Security in E-Commerce - Security in Pervasive/Ubiquitous Computing - Security and Privacy in Smart Grid - Security and Privacy in Wireless Networks - Secure Mobile Agents and Mobile Code - Security Policy - Security Protocols - Security Simulation and Tools - Security Theory and Tools - Standards and Assurance Methods - Trusted Computing - Trust Management - World Wide Web Security ------------------------------------------------------------------------- SecureComm 2011 7th International Conference on Network Security & Privacy, London, United Kingdom, September 7-9, 2011. (Submissions due 16 May 2011) http://www.securecomm.org SecureComm 2011 seeks high-quality research contributions in the form of well developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, applied cryptography) will also be considered if a clear connection to private or secure communications/networking is demonstrated. The aim of SecureComm is to bring together security and privacy experts in academia, industry and government as well as practitioners, standards developers and policy makers, in order to engage in a discussion about common goals and explore important research directions in the field. SecureComm also serves as a venue for learning about state-of-the-art in security and privacy research, giving attendees the opportunity to network with experts in the field. Topics include: - Network Intrusion Detection and Prevention, Firewalls, Packet Filters - Malware and botnets - Communication Privacy and Anonymity - Distributed denial of service - Public Key Infrastructures, key management, credentials - Web security - Secure Routing, Naming/Addressing, Network Management - Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs - Security & Privacy for emerging technologies: VoIP, peer-to-peer and overlay network systems, Web 2.0 ------------------------------------------------------------------------- Security and Communication Networks (SCN), Special Issue on Security and Privacy in Ubiquitous Computing, 2012, (Submission Due 20 May 2011) http://www3.interscience.wiley.com/journal/114299116/home Editor: Ali Miri (Ryerson University, Canada), Nen-Fu Huang (National Tsing Hua University, Taiwan, ROC), and Abderrahim Benslimane (University of Avignon, France) The research area of mobile computing has become more important following the recent widespread drive towards mobile ad hoc networks, wireless sensor networks and vehicular ad hoc network tracking technologies and their applications. The availability of high bandwidth 3G infrastructures and the pervasive deployment of low cost WiFi infrastructures and WiMAX to create hotspots around the world serve to accelerate the development of mobile computing towards ubiquitous computing. Security and privacy in converged computing systems are considered an important part of these systems, and pose challenging open problems. This special issue will focus on the research challenges and issues in security and privacy in ubiquitous computing. Manuscripts regarding novel algorithms, architectures, implementations and experiences are welcome. Topics include but are not limited to: - Secure architectures for converged communication networks - Multi-hop authentication and authorization - Context-aware security in computing - Security management of mobile data - Security for ubiquitous multimedia communication - Secure user interactions and ubiquitous services - Security and privacy in location based services - Security and privacy in mobile social networks - Trust management in ubiquitous services - Security in home networks - Homeland security and surveillance - Trusted cloud computing - Secure group communication/multicast - Secure machine-to-machine communication - Security in portable devices and wearable computers - Privacy protection in distributed data mining - Energy efficient intrusion detection schemes in mobile computing ------------------------------------------------------------------------- MetriSec 2011 7th International Workshop on Security Measurements and Metrics, Held in conjunction with the International Symposium on Empirical Software Engineering and Measurement (ESEM 2011), Banff, Alberta, Canada, September 21, 2011. (Submissions due 30 May 2011) http://metrisec2011.cs.nku.edu/ Quantitative assessment is a major stumbling block for software and system security. Although some security metrics exist, they are rarely adequate. The engineering importance of metrics is intuitive: you cannot consistently improve what you cannot measure. Economics is an additional driver for security metrics: customers are unlikely to pay a premium for security if they are unable to quantify what they receive. The goal of the workshop is to foster research into security measurements and metrics and to continue building the community of individuals interested in this field. This year, MetriSec continues its co-location with ESEM, which offers an opportunity for the security metrics folks to meet the metrics community at large. The organizers solicit original submissions from industry and academic experts on the development and application of repeatable, meaningful measurements in the fields of software and system security. The topics of interest include, but are not limited to: - Security metrics - Security measurement and monitoring - Development of predictive models - Experimental validation of models - Formal theories of security metrics - Security quality assurance - Empirical assessment of security architectures and solutions - Mining data from attack and vulnerability repositories: e.g. CVE, CVSS - Software security metrics - Static analysis metrics - Simulation and statistical analysis - Security risk analysis - Industrial experience ------------------------------------------------------------------------- TrustCom 2011 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China, November 16-18, 2011. (Submissions due 30 June 2011) http://trust.csu.edu.cn/conference/trustcom2011 With rapid development and increasing complexity of computer and communications systems and networks, user requirements for trust, security and privacy are becoming more and more demanding. However, there is a grand challenge that traditional security technologies and measures may not meet user requirements in open, dynamic, heterogeneous, mobile, wireless, and distributed computing environments. Therefore, we need to build systems and networks in which various applications allow users to enjoy more comprehensive services while preserving trust, security and privacy at the same time. As useful and innovative technologies, trusted computing and communications are attracting researchers with more and more attention. IEEE TrustCom-11 is an international conference for presenting and discussing emerging ideas and trends in trusted computing and communications in computer systems and networks from both the research community as well as the industry. ------------------------------------------------------------------------- Calendar of Security and Privacy Related Events maintained by Hilarie Orman Cipher calendar announcements are on Twitter; follow "ciphernews" Date (Month/Day/Year), Event, Locations, web page for more info. * 1/31/03: PKI '03, Gaithersburg, MD. http://middleware.internet2.edu/pki03/ * 1/31/03: SIGCOMM 2003, Karlsruhe, Germany http://www.acm.org/sigcomm/sigcomm2003 -------------- * 2/06/03- 2/07/03: NDSS'03, San Diego, CA http://www.isoc.org/isoc/conferences/ndss/03/index.shtml * 2/10/03: CRYPTO '03, Santa Barbara, CA. http://www.iacr.org/conferences/crypto2003/cfp.html * 2/15/03: IEEE-NetMag, Submissions for Middleware issue are due, http://www.cs.utah.edu/flux/cipher/cfps/cfp-IEEE-NetMag.html -------------- ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since 100) ____________________________________________________________________ ==================================================================== Conferences and Workshops (the call for papers deadline has passed) ==================================================================== ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ IEEE Security and Privacy Symposium The 2010 hardcopy proceedings are available at $25 each. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium (through 2009) is $10, plus shipping and handling. The 2009 hardcopy proceedings are not available. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium is $5, plus shipping and handling. The 2008 hardcopy proceedings are $10 plus shipping and handling; the 29 year CD is $5.00, plus shipping and handling. The 2007 proceedings are available in hardcopy for $10.00, the 28 year CD is $5.00, plus shipping and handling. The 2006 Symposium proceedings and 11-year CD are sold out. The 2005, 2004, and 2003 Symposium proceedings are available for $10 plus shipping and handling. Shipping is $5.00/volume within the US, overseas surface mail is $8/volume, and overseas airmail is $14/volume, based on an order of 3 volumes or less. The shipping charge for a CD is $3 per CD (no charge if included with a hard copy order). Send a check made out to the IEEE Symposium on Security and Privacy to the 2011 treasurer (below) with the order description, including shipping method and shipping address. Robin Sommer Treasurer, IEEE Symposium Security and Privacy 2011 International Computer Science Institute Center for Internet Research 1947 Center St., Suite 600 Berkeley, CA 94704 USA oakland11-treasurer@ieee-security.org IEEE CS Press You may order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm Computer Security Foundations Symposium Copies of the proceedings of the Computer Security Foundations Workshop (now Symposium) are available for $10 each. Copies of proceedings are available starting with year 10 (1997). Photocopy versions of year 1 are also $10. Contact Jonathan Herzog if interested in purchase. Jonathan Herzog jherzog@alum.mit.edu ____________________________________________________________________________ TC Officer Roster ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Hilarie Orman Ulf Lindqvist Purple Streak, Inc. SRI 500 S. Maple Dr. Menlo Park, CA Woodland Hills, UT 84653 (650)859-2351 (voice) ieee-chair@purplestreak.com ulf.lindqvist@sri.com Vice Chair: Chair, Subcommittee on Academic Affairs: Sven Dietrich Prof. Cynthia Irvine Department of Computer Science U.S. Naval Postgraduate School Stevens Institute of Technology Computer Science Department, Code CS/IC +1 201 216 8078 Monterey CA 93943-5118 spock AT cs.stevens.edu (831) 656-2461 (voice) irvine@nps.edu Treasurer: Chair, Subcomm. on Security Conferences: Terry Benzel Jonathan Millen USC Information Sciences Intnl The MITRE Corporation, Mail Stop S119 4676 Admiralty Way, Suite 1001 202 Burlington Road Rte. 62 Los Angeles, CA 90292 Bedford, MA 01730-1420 (310) 822-1511 (voice) 781-271-51 (voice) tbenzel @isi.edu jmillen@mitre.org Newsletter Editor: Security and Privacy Symposium, 2011 Chair: Hilarie Orman Deborah Frincke Purple Streak, Inc. Pacific Northwest National Laboratory 500 S. Maple Dr. deborah.frincke@pnl.gov Woodland Hills, UT 84653 cipher-editor@ieee-security.org ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year