_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 103 July 19, 2011 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion o Richard Austin's review of "Digital Forensics with Open Source Tools" by Cory Altheide and Harlan Carvey. o Hilarie Orman's comments on changes proposed for the Security and Privacy Symposium. o NIST requests comments re key derivation o US Dept of Defense Announces Cyber Operating Strategy, Signals More Offensive Action? o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Calendar of Events o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: It seems that everyone in the UK should be adding "Hi Rupert" to all their voicemail messages. As we move towards convergence of data, computing, and communication, the means for corruption and crime simply keep pace. Sufficient unto the day. This summer's Cipher issue has a Richard Austin review of a book on digital forensics, showing that crime is ever more a part of our digital lives. Now is a frenetic time for the organizing team for the Security and Privacy Symposium for next year. It will be bigger and better than ever, but it will not be at the Claremont Hotel. Stay tuned, and read the status update in this issue. Somewhat obscured by the phone hacking scandal, the announcement of a US Department of Defense cyberstrategy was accompanied by statements about a more "proactive" offensive posture by the US military in cyberspace. A comment in the report caught my eye --- it said that the inventors of the Internet could not have imagined its current importance to the US military. If my memory serves me, it was the military that had difficulties with imagination in that area. I hope that the Cipher conference notices help you plan your fall and winter publication strategies, and that you find conferences suited to your interests and professional needs. Summertime, and the hacking is easy, Phish are jumping, and the clickthroughs are high, Hilarie Orman ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin July 17, 2011 ____________________________________________________________________ Digital Forensics with Open Source Tools by Cory Altheide and Harlan Carvey. Syngress, 2011. ISBN 978-1-56749-586-8 amazon.com USD 46.99 Table of Contents: http://www.elsevierdirect.com/toc.jsp?isbn=9781597495868 It's sometimes said that the the cost of digital forensics inhibits adoption of the technology. While it is true that the proprietary, commercial tools can be quite pricey, this book reminds us that many important analysis tasks can be performed using Open Source tools. In a brief 264 pages the authors present an excellent overview of how to perform common forensic tasks using solely Open Source tools. After a brief introductory chapter, the authors launch into building an analysis system capable of running the tools. While they do cover building a Windows system, this is very much a Linux-based book as many of the tools are only available for Linux-based systems. However, don't let your "Linux-Phobia" deter you as the authors provide good background, some clear examples and a lot of illustrations. They also get many kudos from your humble correspondent for using freely available forensic images (from Simson Garfinkel's "digital corpora", etc) so you can follow along and see the same results as shown in the book. Having covered creation of the examination system, the next chapters cover disk/file system analysis, operating system artifacts, Internet artifacts and file analysis. The progression is logical and builds from the basics of sectors on a disk through the analysis of an email container file such as an Outlook folder (PST). I am particularly impressed with how they chose to structure the split between platform and application artifacts. Many authors spend time duplicating (and mis-duplicating) material when an application (such as Firefox) can run on both Windows and Linux. Altheide and Carvey chose to cover the platforms (Windows, Linux and OS X) and then cover the application-related material separately. So in the chapter on file analysis, you will find discussion of zip files independent of whether the file was created on a Linux or Windows system. The book concludes with a catch-all chapter that introduces some graphical environments and provides some excellent discussion on the advantages and perils of constructing timelines. An appendix covers some useful tools (FTK Imager, Case Notes, etc) that are not Open Source but are available at no cost. Regardless of whether you are a system administrator curious about just how much of that CSI-stuff you can really do or an experienced forensic practitioner interested in what Open Source tools can offer, this book is a worthwhile read. The authors, both veterans from the trenchlines of incident response and digital forensics, select a useful set of Open Source forensic tools, consolidate the documentation normally scattered across dozens of man pages or project websites and provide solid tips and tricks of the trade in how they may be effectively used in practice. A minor frustration is the uneven level of detail with some topics being presented at the tutorial level (e.g., The Sleuth Kit) and others being more or less just recipes that list command-line options and show tool output. Perhaps a second edition will even out the coverage and make the book even more useful. ------------------ Before beginning life as an itinerant university instructor and independent cybersecurity consultant, Richard Austin (http://cse.spsu.edu/raustin2) spent 30+ years in the IT industry in positions ranging from software developer to security architect. He welcomes your thoughts and comments at raustin2 at spsu dot edu ____________________________________________________________________ Commentary Summary of Changes Proposed for the Security and Privacy Symposium Berkeley/Oakland, Calfornia, May 23-25, 2011 by Hilarie Orman 7/18/2011 ____________________________________________________________________ By all measures, the 32nd Security and Privacy Symposium was a smashing success. Following on the heels of the "30th Anniversary Celebration" of 2010, the 2011 Symposium had more papers, more press coverage, and more attendees than any previous conference. The conference "sold out" because the meeting room for this single-track conference could not hold any more people. Even some early registrants were put on a waiting list. A comfortable "overflow room" with live audio and slide projection attracted only a few people, and most elected to vie for seats in the main room. The traditional venue, the Claremont Hotel on the border between Berkeley and Oakland in California, shone in its complete remodeling of the interior and guest rooms. A jazz group played in the foyer for evening events, the receptions were well-attended and guests were plyed with delicious appetizers. At the Tuesday evening business sessions, the organizers had to face up to the unhappy fact that the conference could no longer remain at the Claremont if was to accommodate the expected demand for more than 420 attendees in 2012. Therefore, the conference organizers immediately delved into the problem of finding a nearby venue for late May, 2012 and also 2013. This is not an easy task, and the consequences involve paying early cancellation fees to the Claremont and negotiating contracts using substantial time from IEEE Computer Society employees. This process is underway, and the announcement of a new venue should follow shortly. Keep in touch by visiting the 2012 website, http://ieee-security.org/TC/SP2012 . Another innovation is in store for 2012. The workshops associated with the symposium will have their own organizational team, and they are working on increasing the number of workshops and ensuring a continuing level of high-quality. Keep in touch by visiting the 2012 workshop website, http://ieee-security.org/TC/SPW2012 . Attendees also expressed a strong desire for relaxing the access rules that result from assigning copyright for the technical proceedings to the IEEE. The 2011 proceedings are now online at http://ieee-security.org/TC/SP2011. This is done in accordance with rules specified in the IEEE Computer Society's Policies and Procedures Manual. Finally, attendees said they wanted a longer technical program, if the quality could be maintained. Accordingly, the planning for 2012 is using the premise that the last day of the conference will have at least one session after lunch. Read more about the business meeting and the conference results at http://www.ieee-security.org/TC/Reports.html . Hilarie Orman Chair, Technical Committee on Security and Privacy ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ____________________________________________________________________ NIST requests comments re key derivation July 14, 2011, Sara Caswell ____________________________________________________________________ The second draft of NIST SP 800-56C: Recommendation for Key Derivation through Extraction-then-Expansion is available for public comments. The initial draft was released in September 2010. This second version incorporates resolutions to the comments received during the first comment period. This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure. NIST is in the process of modifying SP 800-56A and SP 800-56B to include the extraction-then-expansion key derivation procedure specified in this draft Recommendation (800-56C). You can find the second draft of NIST SP 800-56C at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-56-C . Please submit comments to 800-56Ccomments@nist.gov with "Comments on SP 800-56C" in the subject line. The comment period closes on August 11, 2011. ____________________________________________________________________ US Dept of Defense Announces Cyber Operating Strategy, Signals More Offensive Action? ____________________________________________________________________ The US Department of Defense has issued a summary of its new cyber operating strategy: http://www.defense.gov/news/d20110714cyber.pdf . In an Associated Press article by Lisa Baldor from July 14, quoted in the Navy Times http://www.navytimes.com/news/2011/07/ap-pentagon-publish-strategy-cyberspace-war-071411/, a Department spokesman indicated a desire to increase offensive operations. "In an interview with a group of reporters Thursday before release of the document, Marine Gen. James Cartwright said the new strategy is focused on defending against attack, but he believes the U.S. government broadly and the Pentagon in particular need to develop offensive approaches that reduce incentives to attack U.S. computer systems. Cartwright is vice chairman of the Joint Chiefs of Staff. "If it's OK to attack me and I'm not going to do anything other than improve my defenses every time you attack me, it's difficult" to stop that cycle, Cartwright said. "He said the Pentagon currently focuses 90 percent of its cybersecurity effort on defense and 10 percent on offense. A better balance for the U.S. government as a whole would be 50-50, he said." ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== Posted June 2011 University of Waterloo Waterloo, ON, Canada Postdoctoral Research Position Open until filled http://crysp.uwaterloo.ca/prospective/postdoc/ -------------- http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Cipher calendar announcements are on Twitter; follow "ciphernews" Date (Month/Day/Year), Event, Locations, web page for more info. 7/16/11: WPES, 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; http://wpes11.rutgers.edu/; Submissions are due 7/19/11: WPLS, Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA; http://www.comm.utoronto.ca/~akhisti/GlobecomWorkshop/; Submissions are due 7/19/11- 7/21/11: PST, 9th International Conference on Privacy, Security and Trust, Montreal, Quebec, Canada; http://pstnet.unb.ca/pst2011 7/21/11: eCrime Researchers Summit, 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA; http://ecrimeresearch.org; Submissions are due 7/22/11- 7/24/11: ID, ACM/Springer International Workshop on Identity: Security, Management & Applications, Kochi, Kerala, India; http://www.acc-rajagiri.org/ID2011.html 7/27/11- 7/29/11: PETS, 11th Privacy Enhancing Technologies Symposium, Waterloo, ON, Canada; http://petsymposium.org/2011/ 7/31/11: Nordsec, 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia; http://nordsec2011.cyber.ee; Submissions are due 8/ 1/11: INTRUST, International Conference on Trusted Systems, Beijing, China; http://www.onets.com.cn/intrust11; Submissions are due 8/ 1/11- 8/ 3/11: DFRWS, 11th Digital Forensics Research Conference, New Orleans, LA, USA; http://www.dfrws.org 8/ 9/11: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA; http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml; Submissions are due 8/10/11- 8/12/11: USENIX Security, 20th USENIX Security Symposium, San Francisco, CA, USA; https://db.usenix.org/events/sec11/cfp/ 8/15/11: WICT-NDF, World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India; http://www.mirlabs.org/wict11/index.php-c=main&a=show&id=34.htm; Submissions are due 8/15/11: Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics; http://onlinelibrary.wiley.com/doi/10.1002/sec.344/full; Submissions are due 8/21/11: International Journal of Information Security, Special Issue on SCADA and Control System Security; http://springerlink.com/content/c228708131853np8/fulltext.pdf; Submissions are due 8/22/11- 8/24/11: WISA, 12th International Workshop on Information Security Applications, Jeju Island, Korea; http://www.wisa.or.kr 8/29/11: CT-RSA, RSA Conference, Cryptographers' Track, San Francisco, California, USA; http://ctrsa2012.cs.haifa.ac.il/; Submissions are due 9/ 6/11- 9/ 7/11: EC2ND, 7th European Conference on Computer Network Defense, Gothenburg, Sweden; http://2011.ec2nd.org/ 9/ 6/11- 9/ 8/11: IWSSC, 1st International Workshop on Securing Services on the Cloud, Held in conjunction with the 5th International Conference on Network and System Security (NSS 2011), Milan, Italy; http://sesar.dti.unimi.it/iwssc2011 9/12/11- 9/14/11: ESORICS, 16th European Symposium on Research in Computer Security Leuven, Belgium; https://www.cosic.esat.kuleuven.be/esorics2011/ 9/15/11: IFIP-DF, 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa; http://www.ifip119.org; Submissions are due 9/15/11: FC, 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire; http://fc12.ifca.ai/; Submissions are due 9/15/11- 9/16/11: FAST, 8th International Workshop on Formal Aspects of Security & Trust, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium; http://www.iit.cnr.it/FAST2011/Unico.htm 9/15/11- 9/16/11: SETOP, 4th International Workshop on Autonomous and Spontaneous Security, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011) Leuven, Belgium; http://setop2011.dyndns.org/ 9/15/11- 9/16/11: DPM, 6th International Workshop on Data Privacy Management, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011) Leuven, Belgium; http://dpm2011.dyndns.org/ 9/15/11- 9/16/11: EuroPKI, 8th European Workshop on Public Key Services, Applications and Infrastructures, Held in conjunction with the European Symposium on Research in Computer Security (ESORICS 2011), Leuven, Belgium; http://www.cosic.esat.kuleuven.be/europki2011/ 9/18/11: ESSoS, 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands; http://distrinet.cs.kuleuven.be/events/essos2012/; Submissions are due 9/19/11- 9/21/11: SAFECOMP, 30th International Conference on Computer Safety, Reliability and Security, Naples, Italy; http://www.safecomp2011.unina.it/ 9/20/11- 9/21/11: RAID, 14th International Symposium on Recent Advances in Intrusion Detection, Menlo Park, CA, USA; http://raid2011.org 9/26/11- 9/28/11: CRiSIS, 6th International Conference on Risks and Security of Internet and Systems, Timisoara, Romania; http://www.crisis-conference.org/ 9/30/11: Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications; http://www.elsevierscitech.com/cfp/CEE-SI-Recent-Advances-Security-Privacy.pdf; Submissions are due 10/01/11: IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems; http://isj.engineering.utsa.edu/special.php?issue=spc; Submissions are due 10/17/11: STC, 6th ACM Workshop on Scalable Trusted Computing, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; http://www.cs.utsa.edu/~acmstc/stc2011/ 10/17/11: WPES, 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; http://wpes11.rutgers.edu/ 10/19/11: SecIoT, 2nd Workshop on the Security of the Internet of Things, Held in conjunction with IEEE iThings 2011, Dalian, China; http://www.isac.uma.es/seciot11 10/21/11: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; http://crypto.cs.stonybrook.edu/ccsw11 10/21/11: AISec, 4th Workshop on Artificial Intelligence and Security, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA; http://tsig.fujitsulabs.com/~aisec2011/ 10/24/11-10/26/11: DSPSR, 1st IEEE/IFIP EUC Workshop on Data Management, Security and Privacy in Sensor Networks and RFID, Held in conjunction with the 9th IEEE/IFIP International Conference on Embedded and Ubiquitous Computing (EUC 2011), Melbourne, Australia; http://www.deakin.edu.au/~rchell/DSPSR2011.html 10/26/11-10/28/11: Nordsec, 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia; http://nordsec2011.cyber.ee 11/ 7/11-11/ 9/11: eCrime Researchers Summit, 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA; http://ecrimeresearch.org 11/16/11: TSCloud, 1st IEEE International Workshop on Trust and Security in Cloud Computing, Changsha, China; http://tscloud.org 11/16/11-11/18/11: TrustCom, 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Changsha, China; http://trust.csu.edu.cn/conference/trustcom2011 11/27/11-11/29/11: INTRUST, International Conference on Trusted Systems, Beijing, China; http://www.onets.com.cn/intrust11 11/29/11-12/ 2/11: WIFS, IEEE Workshop on Information Forensics and Security, Foz do Iguaçu, Brazil; http://www.wifs11.org 12/ 5/11-12/ 9/11: ACSAC, 27th Annual Computer Security Applications Conference, Orlando, Florida, USA; http://www.acsac.org/ 12/ 9/11: WPLS, Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA; http://www.comm.utoronto.ca/~akhisti/GlobecomWorkshop/ 12/11/11-12/14/11: WICT-NDF, World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India; http://www.mirlabs.org/wict11/index.php-c=main&a=show&id=34.htm 1/ 3/12- 1/ 5/12: IFIP-DF, 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa; http://www.ifip119.org 1/ 4/12- 1/ 7/12: HICSS-ST, 45th Annual HAWAI'I International Conference on System Sciences, Software Technology Track, Grand Wailea Maui, Hawaii, USA; http://www.hicss.hawaii.edu/hicss_45/apahome45.htm 2/ 5/12- 2/ 8/12: NDSS, Network & Distributed System Security Symposium, San Diego, California, USA; http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml 2/16/12- 2/17/12: ESSoS, 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands; http://distrinet.cs.kuleuven.be/events/essos2012/ 2/27/12- 3/ 2/12: CT-RSA, RSA Conference, Cryptographers' Track, San Francisco, California, USA; http://ctrsa2012.cs.haifa.ac.il/ 2/27/12- 3/ 2/12: FC, 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire; http://fc12.ifca.ai/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E102) ___________________________________________________________________ WPES 2011 10th ACM Workshop on Privacy in the Electronic Society, Held in conjunction with the ACM CCS 2011, Chicago, IL, USA, October 17, 2011. (Submissions due 16 July 2011) http://wpes11.rutgers.edu/ The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to: - anonymity, pseudonymity, and unlinkability - data correlation and leakage attacks - data security and privacy - electronic communication privacy - economics of privacy - information dissemination control - personally identifiable information - privacy-aware access control - privacy and anonymity in the Web - privacy in cloud and grid systems - privacy and confidentiality management - privacy and data mining - privacy in the digital business - privacy in the electronic records - privacy enhancing technologies - privacy in health care and public administration - privacy and human rights - privacy metrics - privacy in mobile systems - privacy in outsourced scenarios - privacy policies - privacy vs. security - privacy in social networks - privacy threats - privacy and virtual identity - public records and personal privacy - user profiling - wireless privacy ------------------------------------------------------------------------- WPLS 2011 Workshop on Physical Layer Security, Held in conjunction with the IEEE Globecom Conference 2011, Houston, Texas, USA, December 9, 2011. (Submissions due 19 July 2011) http://www.comm.utoronto.ca/~akhisti/GlobecomWorkshop/ There has been a growing interest in recent times in using resources at the Physical Layer for designing novel security techniques that compliment existing cryptographic methods. Such solutions often exploit the unique characteristics of wireless channels in defeating both active and passive adversaries. The Physical–Layer Security Workshop aims to bring together researchers working on various aspects of Physical layer security to present their latest research activity. Prospective Authors are encouraged to submit unpublished contributions in physical-layer security including (but not limited to) the following topics: - Code design for wiretap channels - Alignment and structured codes for wiretap channels - Secrecy capacity of multipath, fading, MIMO channels - Effects of channel state information on secure communications - Cooperative secure communications - Secret key agreement and distillation - Secret key capacity of wireless channels - Integration of physical-layer security into wireless systems - Practical and implementation issues - Game theoretic Models for PHY-Security ------------------------------------------------------------------------- eCrime Researchers Summit 2011 6th IEEE eCrime Researchers Summit, Held in conjunction with the 2011 APWG General Meeting, San Diego, CA, USA, November 7-9, 2011. (Submissions due 21 July 2011) http://ecrimeresearch.org eCRS 2011 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to): - Phishing, rogue-AV, pharming, click-fraud, crimeware, extortion and emerging attacks - Technical, legal, political, social and psychological aspects of fraud and fraud prevention - Malware, botnets, ecriminal/phishing gangs and collaboration, or money laundering - Techniques to assess the risks and yields of attacks and the success rates of countermeasures - Delivery techniques, including spam, voice mail and rank manipulation; and countermeasures - Spoofing of different types, and applications to fraud - Techniques to avoid detection, tracking and takedown; and ways to block such techniques - Honeypot design, data mining, and forensic aspects of fraud prevention - Design and evaluation of user interfaces in the context of fraud and network security - Best practices related to digital forensics tools and techniques, investigative procedures, and evidence acquisition, handling and preservation ------------------------------------------------------------------------- Nordsec 2011 16th Nordic Workshop on Secure IT-Systems, Tallinn, Estonia, October 26-28, 2011. (Submissions due 31 July 2011) http://nordsec2011.cyber.ee The conference welcomes contributions in the form of papers, short papers, and posters. Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, and particularly from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Student papers and posters are particularly encouraged. Submissions reporting industrial or governmental experiences are also encouraged and will be given special consideration. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. With the theme "IT Security in Governance", this year's conference will emphasize policies, strategies and technologies related to the security and sustainability of processes executed by heterogeneous organizations, departments or organizational clusters of all sizes. NordSec 2011 also welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas: - Applied cryptography - Commercial security policies and their enforcement - Communication and network security - Computer crime and information warfare - Hardware and smart card applications - Internet and web security - Intrusion detection - Language-based techniques for security - New ideas and paradigms in security - Operating system security - Privacy and anonymity - Security education and training - Security evaluation and measurement - Security management and audit - Security modeling and metrics - Access control and security models - Security protocols - Social engineering and phishing - Security usability - Economics, law and social aspects of security - Software security and malware - Trust and identity management ------------------------------------------------------------------------- INTRUST 2011 International Conference on Trusted Systems, Beijing, China, November 27-29, 2011. (Submissions due 1 August 2011) http://www.onets.com.cn/intrust11 Building on the success of INTRUST 2009 and INTRUST 2010 (both were held in Beijing, P. R. China), this conference focuses on the theory, technologies and applications of trusted systems. It is devoted to all aspects of trusted computing systems, including trusted modules, platforms, networks, services and applications, from their fundamental features and functionalities to design principles, architecture and implementation technologies. The goal of the conference is to bring academic and industrial researchers, designers, and implementers together with end-users of trusted systems, in order to foster the exchange of ideas in this challenging and fruitful area. INTRUST 2011 solicits original papers on any aspect of the theory, advanced development and applications of trusted computing, trustworthy systems and general trust issues in modern computing systems. The conference will have an academic track and an industrial track. This call for papers is for contributions to both of the tracks. Submissions to the academic track should emphasize theoretical and practical research contributions to general trusted system technologies, while submissions to the industrial track may focus on experiences in the implementation and deployment of real-world systems. Topics of relevance include but are not limited to: - Fundamental features and functionalities of trusted systems - Primitives and mechanisms for building a chain of trust - Design principles and architectures of trusted modules and platforms - Implementation technologies for trusted modules and platforms - Cryptographic aspects of trusted systems, including cryptographic algorithms and protocols, and their implementation and application in trusted systems - Scalable safe network operation in trusted systems - Mobile trusted systems, such as trusted mobile platforms, sensor networks, mobile (ad hoc) networks, peer-to-peer networks, Bluetooth, etc. - Storage aspects for trusted systems - Applications of trusted systems, e.g. trusted email, web services and various e-commerce services - Trustworthy infrastructures and services for cloud computing - Trusted intellectual property protection: metering, watermarking, digital rights management and enterprise rights management - Software protection for trusted systems - Hardware security for trusted systems - Authentication and access control for trusted systems - Key, identity and certificate management for trusted systems - Privacy aspects for trusted systems - Attestation aspects for trusted systems, including the measurement and verification of the behaviour of trusted systems - Standards organizations and their contributions to trusted systems, such as TCG, ISO/IEC, IEEE 802.11, etc. - Emerging technologies for trusted systems, such as RFID, memory spots, smart cards, etc. - Trust metrics and robust trust inference in distributed systems - Usability and reliability aspects for trusted systems - Trust modeling, economic analysis and protocol design for rational and malicious adversaries - Virtualisation for trusted systems - Limitations of trusted systems - Security analysis of trusted systems, including formal method proofs, provable security and automated analysis - Security policies for, and management of, trusted systems - Intrusion resilience and revocation aspects for trusted systems - Scalability aspects of trusted systems - Compatibility aspects of trusted systems - Experiences in building real-world trusted systems - Socio-economic aspects of trusted systems ------------------------------------------------------------------------- NDSS 2012 Network & Distributed System Security Symposium, San Diego, California, USA, February 5-8, 2012. (Submissions due 9 August 2011) http://www.isoc.org/isoc/conferences/ndss/12/cfp.shtml The Network and Distributed System Security Symposium fosters information exchange among research scientists and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technology. Overall, we are looking for not only for solid results but also for crazy out of the box ideas. Areas of interest include (but are not limited to): - Network perimeter controls: firewalls, packet filters, application gateways - Network protocol security: routing, naming, network management - Cloud computing security - Security issues in Future Internet architecture and design - Security of web-based applications and services - Anti-malware techniques: detection, analysis, and prevention - Secure future home networks, Internet of Things, body-area networks - Intrusion prevention, detection, and response - Combating cyber-crime: anti-phishing, anti-spam, anti-fraud techniques - Privacy and anonymity technologies - Security for wireless, mobile networks - Security of personal communication systems - Vehicular Ad-hoc Network (VANETs) Security - Security of peer-to-peer and overlay network systems - Electronic commerce security: e.g., payments, notarization, timestamping - Network security policies: implementation deployment, management - Intellectual property protection: protocols, implementations, DRM - Public key infrastructures, key management, certification, and revocation - Security for Emerging Technologies - Special problems and case studies: cost, usability, security vs. efficiency - Collaborative applications: teleconferencing and video-conferencing - Smart Grid Security - Secure Electronic Voting - Security of large-scale critical infrastructures - Trustworthy Computing for network protocols and distributed systems - Network and distributed systems forensics ------------------------------------------------------------------------- WICT-NDF 2011 World Congress on Information and Communication Technologies, Intrusion Detection and Forensics, Mumbai, India, December 11-14, 2011. (Submissions due 15 August 2011) http://www.mirlabs.org/wict11/index.php-c=main&a=show&id=34.htm Authors are invited to submit original papers containing cutting edge research, novel research vision or work-in-progress in any area of intrusion detection and forensics. All accepted papers will be published in the conference proceedings by IEEE. The track will cover a wide range of topics. Topics of interest include but are not limited to: - Host and Network based approaches - Anomaly and specification-based approaches - Lightweight, data mining and soft computing approaches - Hybrid Approaches to information discovery and intrusion detection - Formal Models, Framework and Architectures - Botnets and vulnerabilities - Malware, Worm, Virus and Spyware - Insider attack detection and investigation - High Performance and Real-Time Environments, including large-scale, high data volume/ high-Speed networks. - Highly distributed and heterogeneous environments - Embedded system and small scale environments - Special environments, including wireless, mobile, sensor networks and smart grid - Virtual and Cloud Environments - Social network analysis - Deception systems and honeypots - Incident response and live analysis - Traceback and attribution - Event reconstruction methods and tools - Attacks against IDS, IDS protection and tolerance - Anti-forensics and anti-anti-forensics - Visualization Techniques - Performance evaluation, metrics and benchmarking - Commercial products and their directions - Test Beds and Datasets ------------------------------------------------------------------------- Wiley Security and Communication Networks Journal, Special Issue on Applications of Machine Learning Techniques to Intrusion Detection and Digital Forensics, 2012, (Submission Due 15 August 2011) http://onlinelibrary.wiley.com/doi/10.1002/sec.344/full Editor: Ajith Abraham (Norwegian University of Science and Technology, Norway), Anjali Sardana (Indian Institute of Technology Roorkee, India), ManPyo Hong (Ajou University, South Korea), Irfan Ahmed (Queensland University of Technology, Australia), Rafael Accorsi (University of Freiburg, Germany) The security of computers and their networks is a major concern. As the computing devices become more pervasive and connected (such as from personal computer running a simple desktop application to embedded systems controlling a critical infrastructure), they face versatile and unknown threats ranging from sophisticated malwares, to less prevalent but still serious attacks like Web site defacement, denial of service attacks, financial fraud and network break-ins. They are both critical and costly and required to be detected in-time. Moreover, the detection of intrusions often leads to the forensic investigation requiring the acquisition of massive volume of data and their analysis. The manual effort to deal with the problems is costly and time consuming and thus, brings the need of machine learning techniques that are often used to efficiently and reliably perform this labour intensive work. In this special issue, we plan to present the cutting edge research focusing on intrusion detection and digital forensics with the application of machine learning techniques. The Journal is soliciting submissions based on an open call for papers covering areas that are included but not limited to the following: - Detection of known or unknown exploitable vulnerabilities - Detection of known or unknown attacks - Deception systems and honeypots - Smart phone and Digital Forensics - Network and host intrusion detection - Anomaly and specification-based approaches - Application security - Spam, botnets, viruses, malwares - Web security - Log analysis - Forensic analysis of large datasets - Online forensic analysis - Forensic analysis of social networks - 3D forensic scene model generation and analysis - Network forensics - Data acquisition ------------------------------------------------------------------------- International Journal of Information Security, Special Issue on SCADA and Control System Security, 2012, (Submission Due 21 August 2011) http://springerlink.com/content/c228708131853np8/fulltext.pdf Editor: Irfan Ahmed (Queensland University of Technology, Australia), Martin Naedele (ABB Corporate Research, Switzerland), Charles Palmer (Dartmouth College, USA), Ryoichi Sasaki (Tokyo Denki University, Japan), Bradley Schatz (Queensland University of Technology, Australia), and Andrew West (Invensys Operations Management, Australia) Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as manufacturing production lines, water treatment, fuel production and electricity distribution. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, the now famous Stuxnet (which is a Windows-specific computer worm containing a rootkit and four zero-day attacks) was specifically written to attack SCADA systems that alone caused multi-million dollars damages in 2010. The critical requirement for high availability in SCADA and industrial control systems, along with the use of bespoke, resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. Thus, research focusing on devising security solutions that are applicable in the control systems context is imperative, as evidenced by the increased focus on the problem by governments worldwide. This Special Issue aims to present the latest developments, trends and research solutions addressing security of the computers and networks used in SCADA and other industrial control systems. The topics of interest include but not limited to, intrusion detection and prevention, malware, vulnerability analysis of control systems protocols, digital forensics, application security and performance impact of security methods and tools in control systems. This list is not exhaustive and other relevant topics will be considered. ------------------------------------------------------------------------- CT-RSA 2012 RSA Conference, Cryptographers' Track, San Francisco, California, USA, February 27-March 2, 2012. (Submissions due 29 August 2011) http://ctrsa2012.cs.haifa.ac.il/ The RSA Conference is the largest annual information security event, with hundreds of vendors and thousands of attendees. Among the 20 tracks of the RSA conference, the Cryptographers' Track stands out, offering a glimpse of academic research in the field of cryptography. The Cryptographers' Track was founded in 2001, and it has since established its presence in the cryptographic community. To support the academic exchange, RSA conference offers a special academic discount for registration, as well as a waiver for the speakers presenting their papers that were accepted to CT-RSA 2012. Original research papers pertaining to all aspects of cryptography are solicited. Submissions may present applications, techniques, theory, and practical experience on topics including, but not limited to: - Public-key encryption - Symmetric-key encryption - Cryptanalysis - Digital signatures - Hash functions - Cryptographic protocols - Tamper-resistance - Efficient implementations - Elliptic-curve cryptography - Lattice-based cryptography - Quantum cryptography - Formal security models - Network security - Hardware security - E-commerce ------------------------------------------------------------------------- IFIP-DF 2012 8th Annual IFIP WG 11.9 International Conference on Digital Forensics, University of Pretoria, Pretoria, South Africa, January 3-5, 2012. (Submissions due 15 September 2011) http://www.ifip119.org The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately sixty participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume - the eighth in the series entitled Research Advances in Digital Forensics in the summer of 2012. Revised and/or extended versions of selected papers from the conference will be published in special issues of one or more international journals. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to: - Theories, techniques and tools for extracting, analyzing and preserving digital evidence - Network and cloud forensics - Embedded device forensics - Digital forensic processes and workflow models - Digital forensic case studies - Legal, ethical and policy issues related to digital forensics ------------------------------------------------------------------------- FC 2012 16th Financial Cryptography and Data Security, Divi Flamingo Beach Resort, Bonaire, February 27 - March 2, 2012. (Submissions due 15 September 2011) http://fc12.ifca.ai/ Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary works are particularly encouraged. The topics include: - Anonymity and Privacy - Auctions and Audits - Authentication and Identification - Backup Authentication - Biometrics - Certification and Authorization - Cloud Computing Security - Commercial Cryptographic Applications - Contracts and Transactions - Data Outsourcing Security - Digital Cash and Payment Systems - Digital Incentive and Loyalty Systems - Digital Rights Management - Fraud Detection - Game Theoretic Approaches to Security - Identity Theft - Information Security - Infrastructure Design Legal and Regulatory Issues - Management and Operations - Microfinance and Micropayments - Mobile Internet Device Security - Monitoring - Phishing and Social Engineering - Privacy-enhancing Systems - Reputation Systems - RFID-Based and Contactless Payment Systems - Risk Assessment and Management - Secure Banking and Financial Web Services - Secure Tokens and Hardware - Securing Emerging Computational Paradigms - Security and Risk Perceptions and Judgments - Security Economics - Smartcards - Spam - Trust Management - Underground-Market Economics - Usability - Virtual Economies - Voting Systems ------------------------------------------------------------------------- ESSoS 2012 4th International Symposium on Engineering Secure Software and Systems, Eindhoven, The Netherlands, February 16 - 17, 2012. (Submissions due 18 September 2011) http://distrinet.cs.kuleuven.be/events/essos2012/ Trustworthy, secure software is a core ingredient of the modern world. Unfortunately, the Internet is too. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to): - scalable techniques for threat modeling and analysis of vulnerabilities - specification and management of security requirements and policies - security architecture and design for software and systems - model checking for security - specification formalisms for security artifacts - verification techniques for security properties - systematic support for security best practices - security testing - security assurance cases - programming paradigms, models and DLS's for security - program rewriting techniques - processes for the development of secure software and systems - security-oriented software reconfiguration and evolution - security measurement - automated development - trade-off between security and other non-functional requirements - support for assurance, certification and accreditation ------------------------------------------------------------------------- Elsevier Computers & Electrical Engineering, Special Issue on Recent Advances in Security and Privacy in Distributed Communications, September 2012, (Submission Due 30 September 2011) http://www.elsevierscitech.com/cfp/CEE-SI-Recent-Advances-Security-Privacy.pdf Editor: Gregorio Martinez (University of Murcia, Spain), Felix Gomez Marmol (NEC Laboratories Europe, Germany), and Jose M. Alcaraz Calero (Hewlett-Packard Laboratories, United Kingdom) Security services need to be considered as part of most communication proposals being discussed nowadays in distributed communication environments. Additionally, in the last few years, privacy has been gaining interest from both the designers and the customers of security solutions, thus being considered now as a key aspect for them. For a good security and/or privacy design, one needs to be informed of the latest advances in this field, this being the main objective of this special issue. This special issue is intended to report the most recent research works related to security and privacy, particularly in the following fields: - Anonymity - Authentication - Authorization and access control - Critical Infrastructure Protection (CIP) - Data integrity and protection - Identity Management - Intrusion detection and prevention - End-to-end security solutions - Privacy enhancing technologies - Risk analysis and management - Security policies - Threats and vulnerabilities - Trust and reputation management in distributed scenarios ------------------------------------------------------------------------- IEEE Systems Journal, Special Issue on Security and Privacy in Complex Systems, 2012, (Submission Due 1 October 2011) http://isj.engineering.utsa.edu/special.php?issue=spc Editor: Sushil Jajodia (George Mason University, USA) and Pierangela Samarati (Universita` degli Studi di Milano, Italy) Today's information society relies on a globally interconnected infrastructure composed of diverse and widely distributed systems. It is of utmost importance to ensure proper protection to such complex systems, or systems-of-systems, to ensure security, privacy, and availability of the infrastructure as well as of resources and information it provides and manages. The problem is far from trivial, due to the criticality and the social impact of the applications and services relying on this global infrastructure, as well as the complexity given by the co-existence and co-operation of, possibly heterogeneous, component systems. The goal of this special issue is to collect high-quality contributions on security and privacy in complex systems and systems-of-systems. We solicit submissions from academia, industry, and government presenting novel and original research on all theoretical and practical aspects of security and privacy in complex systems. The focus of the special issue spans security and privacy theory, technology, methodology, and applications in complex systems. Submitted papers should therefore explicitly address issues in the complex system scenario. Topics of interest include, but are not limited, to the ones listed below provided that they are treated with specific focus on the complex system scenario: - access control - anonymity - applied cryptography - authentication - biometric security and privacy - cyber warfare and security - complex systems security - computer forensics - critical infrastructure protection - data and application security - data protection - data/system integrity - dependability, reliability, and availability - formal methods for security and privacy - human factors in security and privacy - identity management - insider threats - intrusion detection and prevention - knowledge extraction/representation for security - legal and ethical issues - middleware security - network security - operating systems security and privacy - protection from cyberhacking - security engineering - secure environments and applications - secure interoperability - security and privacy metrics - security and privacy policies - security and privacy in cloud computing - security and privacy in ad hoc networks - security and privacy in e-services - security and privacy in grid computing - security and privacy in mobile systems - security and privacy in monitoring systems - security and privacy in industrial systems - security and privacy in pervasive/ubiquitous computing - security and privacy in sensor networks - security and privacy in smart grid and distributed generation systems - security and privacy in social applications and networks - security and privacy in wireless sensor networks - security architectures - security management in complex scenarios - social implications of security and privacy - surveillance systems - threats, vulnerabilities, and risk management - transportation systems - trust management - usable security for complex systems - verification and validation of complex systems - web service security ------------------------------------------------------------------------- ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at http://www.computer.org/TCsignup/index.htm ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ IEEE Security and Privacy Symposium The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium (through 2011) is $15, plus shipping and handling. The 2010 hardcopy proceedings are available at $20 each. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium (through 2009) is $10, plus shipping and handling. The 2009 hardcopy proceedings are not available. The DVD with all technical papers from all years of the SP Symposium and the CSF Symposium is $5, plus shipping and handling. The 2008 hardcopy proceedings are $10 plus shipping and handling; the 29 year CD is $5.00, plus shipping and handling. The 2007 proceedings are available in hardcopy for $10.00, the 28 year CD is $5.00, plus shipping and handling. The 2006 Symposium proceedings and 11-year CD are sold out. The 2005, 2004, and 2003 Symposium proceedings are available for $10 plus shipping and handling. Shipping is $5.00/volume within the US, overseas surface mail is $8/volume, and overseas airmail is $14/volume, based on an order of 3 volumes or less. The shipping charge for a CD is $3 per CD (no charge if included with a hard copy order). Send a check made out to the IEEE Symposium on Security and Privacy to the 2011 treasurer (below) with the order description, including shipping method and shipping address. Robin Sommer Treasurer, IEEE Symposium Security and Privacy 2011 International Computer Science Institute Center for Internet Research 1947 Center St., Suite 600 Berkeley, CA 94704 USA oakland11-treasurer@ieee-security.org IEEE CS Press You may order some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm Computer Security Foundations Symposium Copies of the proceedings of the Computer Security Foundations Workshop (now Symposium) are available for $10 each. Copies of proceedings are available starting with year 10 (1997). Photocopy versions of year 1 are also $10. Contact Jonathan Herzog if interested in purchase. Jonathan Herzog jherzog@alum.mit.edu ____________________________________________________________________________ TC Officer Roster ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Hilarie Orman Ulf Lindqvist Purple Streak, Inc. SRI 500 S. Maple Dr. Menlo Park, CA Woodland Hills, UT 84653 (650)859-2351 (voice) ieee-chair@purplestreak.com ulf.lindqvist@sri.com Vice Chair: Security and Privacy Symposium, 2011 Chair: Sven Dietrich Deborah Frincke Department of Computer Science Pacific Northwest National Laboratory Stevens Institute of Technology deborah.frincke@pnl.gov +1 201 216 8078 spock AT cs.stevens.edu Treasurer: Newsletter Editor: Terry Benzel Hilarie Orman USC Information Sciences Intnl Purple Streak, Inc. 4676 Admiralty Way, Suite 1001 500 S. Maple Dr. Los Angeles, CA 90292 Woodland Hills, UT 84653 (310) 822-1511 (voice) cipher-editor@ieee-security.org tbenzel @isi.edu ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year