Commentary and Opinion
Richard Austin's review of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski and Andrew Honig
Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
IEEE Transactions on Information Forensics and Security, Special Issue on Privacy and Trust Management in Cloud and Distributed Systems, June 1, 2013, (Submission Due 31 May 2012)
Editors: Karl Aberer (École Polytechnique Fédérale de Lausanne, Switzerland), Sen-ching Samson Cheung (University of Kentucky, USA), Jayant Haritsa (Indian Institute of Science, India), Bill Horne (Hewlett-Packard Laboratories, USA), Kai Hwang (University of Southern California, USA), and Yan (Lindsay) Sun (University of Rhode Island, USA)
With the increasing drive towards availability of data and services anytime anywhere, privacy risks have significantly increased. Unauthorized disclosure, modification, usage, or uncontrolled access to privacy-sensitive data may result in high human and financial costs. In the distributed computing environments, trust plays a crucial role in mitigating the privacy risk by guaranteeing meaningful interactions, data sharing, and communications. Trust management is a key enabling technology for security and privacy enhancement. While privacy preservation and trust management are already challenging problems, it is imperative to explore how privacy-oriented and trust-oriented approaches can integrate to bring new solutions in safeguarding information sharing and protecting critical cyber-infrastructure. Furthermore, there are questions about whether existing trust models and privacy preserving schemes are robust against attacks. This Call for Papers invites researchers to contribute original articles that cover a broad range of topics related to privacy preservation and trust management in cloud and distributed systems, with a focus on emerging networking contexts such as social media, cloud computing, and power grid systems. Example topics include but are not limited to:
IEEE Network Magazine, Special Issue on Cyber Security of Networked Critical Infrastructures, January 2013, (Submission Due 1 June 2012)
Editors: Saeed Abu-Nimeh (Damballa Inc., USA), Ernest Foo (Queensland University of Technology Australia, Australia), Igor Nai Fovino (Global Cyber Security Center, Italy), Manimaran Govindarasu (Iowa State University, USA), and Tommy Morris (Mississippi State University, USA)
The daily lives of millions of people depend on processing information and material through a network of critical infrastructures. Critical infrastructures include agriculture and food, water, public health, emergency services, government, the defense industrial base, information and telecommunications, energy, transportation and shipping, banking and finance, chemical industry and hazardous materials, post, national monuments and icons, and critical manufacturing. Disruption or disturbance of critical infrastructures can lead to economical and human losses. Additionally, the control network of most critical installations is integrated with broader information and communication systems, including the company business network. Most maintenance services on process control equipment are performed remotely. Further, the cyber security of critical infrastructure systems has come into focus recently as more of these systems are exposed to the Internet. Therefore, Critical Infrastructure Protection (CIP) has become a topic of interest for academics, industries, governments, and researchers in the recent years. A common theme among critical infrastructure is the dependence upon secure cyber systems for command and control. This special issue will focus on network aspects that impact the cyber security of Critical Infrastructure Protection and Resilience. Tutorial based manuscripts which cover recent advances in one or more of the topic areas below are requested. Topics may include (but are not limited to):
Nordsec 2012 17th Nordic Conference in Secure IT Systems, Karlskrona, Sweden, October 31 - November 2, 2012. (Submissions due 4 June 2012)
Since 1996, the NordSec conferences have brought together computer security researchers and practitioners from around the world, particular from the Nordic countries and Northern Europe. The conference focuses on applied IT security and is intended to encourage interaction between academic and industrial research. Contributions should reflect original research, developments, studies and practical experience within all areas of IT security. NordSec 2012 welcomes contributions over a broad range of topics in IT security, including, but not limited to, the following areas:
NSS 2012 6th International Conference on Network and System Security, Wu Yi Shan, Fujian, China, November 21-23, 2012. (Submissions due 15 June 2012)
NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:
HICSS-CSS 2013 46th HAWAII International Conference on System Sciences, Internet and the Digital Economy Track, Cybercrime and Security Strategy Mini-track, Grand Wailea, Maui, Hawaii, USA, January 7 - 10, 2013. (Submissions due 15 June 2012)
We invite you to submit a paper for mini-track "Cybercrime and Security Strategy" scheduled for the 46th Hawaii International Conference on System Sciences (HICSS). The diffusion of computer technologies worldwide has resulted in an unprecedented global expansion of computer-based criminal activity. There appears to be a need for research into cybercrime activities, and their causes. At the same time, it has become imperative to effectively protect information assets. The endeavor of this mini-track is to also enhance understanding about the issues associated with information security strategy. Few topics of interest include (but not limited to):
GameSec 2012 3rd Conference on Decision and Game Theory for Security, Budapest, Hungary, November 5-6, 2012. (Submissions due 22 June 2012)
The conference will explore security as a multifaceted economic problem by considering the complexities of the underlying technical infrastructure, and human and social factors. Securing resources involves decision making on multiple levels and multiple time scales, given the limited resources available to both malicious attackers and administrators defending networked systems. The GameSec conference aims to bring together researchers who are working on the theoretical foundations and behavioral aspects of enhancing security capabilities in a principled manner. Previous GameSec contributions included analytic models based on game, information, communication, optimization, decision, and control theories that were applied to diverse security topics. In addition, we welcome research that highlights the connection between economic incentives and real world security, reputation, trust and privacy problems. The conference is soliciting full and short papers on all economic aspects of security and privacy. Submitted papers will be evaluated based on their significance, originality, technical quality, and exposition. They should clearly establish the research contribution, their relevance to security and privacy, and their relation to prior research. General theoretic contributions are welcome if they discuss potential scenarios of application in the areas of security and privacy.
WIFS 2012 IEEE International Workshop on Information Forensics and Security, Tenerife, Spain, December 2-5, 2012. (Submissions due 24 June 2012)
The IEEE International Workshop on Information Forensics and Security (WIFS) is the primary annual event organized by the IEEE's Information Forensics and Security Technical Committee (IEEE IFS TC). Being the main annual event organized by IEEE IFS TC, the scope of WIFS is broader than other more specific conferences, and it represents the most prominent venue for researchers to exchange ideas and identify potential areas of collaboration. Focusing on these targets, the conference will feature three keynote speakers, up to four tutorials, a track of lecture and poster sessions.
NPSec 2012 7th Workshop on Secure Network Protocols, Austin, Texas, USA, October 30, 2012. (Submissions due 2 July 2012)
NPSec focuses on two general areas. The first focus is on the development and analysis of secure or hardened protocols for the operation (establishment and maintenance) of network infrastructure, including such targets as secure multidomain, ad hoc, sensor or overlay networks, or other related target areas. This can include new protocols, enhancements to existing protocols, protocol analysis, and new attacks on existing protocols. The second focus is on employing such secure network protocols to create or enhance network applications. Examples include collaborative firewalls, incentive strategies for multiparty networks, and deployment strategies to enable secure applications. Papers of special merit might be considered for fast track publication in the Computer Communications journal.
SAEPOG 2012 Secure Autonomous Electric Power Grids Workshop, Co-located with the Sixth IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO 2012), Lyon, France, September 10, 2012. (Submissions due 4 July 2012)
Electric energy grids worldwide are becoming smarter and more adaptive to efficiently bring power from a wide variety of production technologies to a broad consumer base. With this increase in complexity and adaptivity we see an ever-increasing demand for predictable power availability and cost-optimizing control of power consumption (and local generation where available) among consumers. "Security" in the grid has many dimensions, from protecting national resources against human adversaries to simply guaranteeing the availability of power to customers. This workshop is concerned with creating autonomous electric power grids that are secure in all senses of the word.
Traditional power management models rely heavily on a centralized authority to dispatch generation and curtail load without any means for consumers to affect the decision process. The increasing dependence on renewable sources of energy invalidates the currently prevailing paradigm "supply follows demand" for energy management, since power generation from wind or solar panels is not controllable and only partially predictable. The resulting new paradigm "demand follows supply" inherently depends on the discovery and exploitation of demand flexibility which implies the necessity of a decentralized energy information system with distributed system intelligence for power management and control. Obviously, distributed control also implies potential security concerns for the system and those who rely on it.
This situation calls for power generation, storage, and distribution systems that are "aware" of the supply and demand situation and can adapt the load automatically, quickly, and stably. This workshop, will examine how autonomous self-adaptive and self-organizing systems may be designed for energy management and control in the future smart grid ranging from national or international high-voltage transportation systems to low-voltage local distribution systems. We will also consider smart combination with other networks like natural gas or thermal grids. We will discuss how existing systems can be made more autonomic (e.g., self-*) and how the designers of new systems can ensure that these systems deliver power within design constraints reliably.
The important management challenge is to create dependable, decentralized control and collaboration of the many stakeholders like transportation system operators, distribution system operators and demand-side managers. This is a highly complex system whose complexity is not determined merely by its size. Future power grids are loosely integrated cyber-physical-human systems that combine traditional power control with smart information, communication, and technology, etc. The daunting security and management challenges that arise from these interdependent couplings will require much research for many years to come.
RFIDsec-Asia 2012 Workshop on RFID and IoT Security, Taipei, Taiwan, November 8-9, 2012. (Submissions due 9 July 2012)
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers, enterprises and governments a platform to investigate, discuss and propose new solutions on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications. Papers with original research in theory and practical system design concerning RFID/IoT security are solicited. Topics of the workshop include but are not limited to:
ICISS 2012 8th International Conference on Information Systems Security, Guwahati, India, December 15-19, 2012. (Submissions due 13 July 2012)
The conference series ICISS provides a forum for disseminating latest research results in information and systems security. Submissions are encouraged from academia, industry and government addressing theoretical and practical problems in information and systems security and related areas. Research community and academics are invited to submit theoretical and application oriented full and short papers making a significant research contribution on Information Systems Security. Papers with original research and unpublished work are to be submitted. Topics of interest include (but not limited to):
IEEE Internet Computing, Track Articles on Computer Crime, 2012, (Submission will be accepted for this track from 15 July 2011 to 15 July 2012)
Editors: Nasir Memon (New York University, USA) and Oliver Spatscheck (AT&T, USA)
As the Internet has grown and extended its reach into every part of people's lives, it shouldn't be surprising that criminals have seized the opportunity to expand their activities into this new realm. This has been fostered in particular by the fact that the Internet was designed as an open and trusting environment. Unfortunately many of these architectural choices are fundamental to the Internet's success and current architecture and are therefore hard to overcome. Computer crime ranges from rather simple crimes such as theft of intellectual property or computer and network resources to complex cooperate espionage or even cyber terrorism. This special track for Internet Computing seeks original articles that cover computer crime as it relates to the Internet. Appropriate topics include:
CCSW 2012 ACM Cloud Computing Security Workshop, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. (Submissions due 16 July 2012)
Notwithstanding the latest buzzword (grid, cloud, utility computing, SaaS, etc.), large-scale computing and cloud-like infrastructures are here to stay. How exactly they will look like tomorrow is still for the markets to decide, yet one thing is certain: clouds bring with them new untested deployment and associated adversarial models and vulnerabilities. It is essential that our community becomes involved at this early stage. The CCSW workshop aims to bring together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
STC 2012 7th ACM Workshop on Scalable Trusted Computing, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. (Submissions due 16 July 2012)
Built on the continuous success of ACM STC 2006-2011, this workshop focuses on fundamental technologies of trusted and high assurance computing and its applications in large-scale systems with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues. The workshop solicits two types of original papers: full papers and short/work-in-progress/position-papers. A paper submitted to this workshop must not be in parallel submission to any other journal, magazine, conference or workshop with proceedings. Topics of interests include but not limited to:
AISec 2012 5th ACM Workshop on Artificial Intelligence and Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 19, 2012. (Submissions due 16 July 2012)
The applications of artificial intelligence, machine learning, and data mining for security and privacy problems continue to grow. One recent trend is the growth of Big Data Analytics and the establishment of Security Information and Event Management systems built to obtain security intelligence and situational awareness. With the advent of cloud computing, every advantage the cloud offers, such as large-scale machine learning and data-driven abuse detection, is being leveraged to improve security. We invite original research papers describing the use of AI or machine learning in security and privacy problems. We also invite position and open problem papers discussing the role of AI or machine learning in security and privacy. Submitted papers of these types may not substantially overlap papers that have been published previously or that are simultaneously submitted to a journal or conference/workshop proceedings. Finally we welcome a new systematization of knowledge category of papers this year, which should distill the AI or machine learning contributions of a previously published series of security papers. Topics of interest include, but are not limited to:
BADGERS 2012 ACM Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Held in conjunction with ACM CCS 2012, Sheraton Raleigh Hotel, Raleigh, NC, USA, October 15, 2012. (Submissions due 16 July 2012)
The BADGERS workshop is concerned with the use of Big Data for security and is intended to report on initiatives for Internet-scale security-related data collection and analysis. It will provide an environment to describe existing real-world, large-scale datasets, and to share with the security community the return on experiences acquired by analyzing such collected data. Furthermore, novel approaches to collect and study such data sets are welcome. Main topics of interest:
NDSS 2013 20th Annual Network and Distributed System Security Symposium, Catamaran Resort Hotel and Spa San Diego, California, USA, February 24-27, 2013. (Submissions due 1 August 2012)
The Network and Distributed System Security Symposium fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available network and distributed systems security technologies. Special emphasis will be made to accept papers in the core theme of network and distributed systems security. Consequently, papers that cover networking protocols and distributed systems algorithms are especially invited to be submitted. Moreover, practical papers in these areas are also very welcome. Submissions are solicited in, but not limited to, the following areas:
eCrime-Summit 2012 7th IEEE eCrime Researchers Summit, Held in conjunction with the 2012 APWG General Meeting, Las Croabas, Puerto Rico, October 23-24, 2012. (Submissions due 3 August 2012)
eCRS 2012 will bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it, Topics of interests include (but are not limited to):
ESSoS 2013 5th International Symposium on Engineering Secure Software and Systems, Paris, France, February 27 - March 1, 2013. (Submissions due 30 September 2012)
Trustworthy, secure software is a core ingredient of the modern world. Hostile, networked environments, like the Internet, can allow vulnerabilities in software to be exploited from anywhere. To address this, high-quality security building blocks (e.g., cryptographic components) are necessary, but insufficient. Indeed, the construction of secure software is challenging because of the complexity of modern applications, the growing sophistication of security requirements, the multitude of available software technologies and the progress of attack vectors. Clearly, a strong need exists for engineering techniques that scale well and that demonstrably improve the software's security properties. The goal of this symposium is to bring together researchers and practitioners to advance the states of the art and practice in secure software engineering. Being one of the few conference-level events dedicated to this topic, it explicitly aims to bridge the software engineering and security engineering communities, and promote cross-fertilization. The Symposium seeks submissions on subjects related to its goals. This includes a diversity of topics including (but not limited to):
IEEE Network Magazine, Special Issue on Security in Cognitive Radio Networks, May 2013, (Submission Due 1 October 2012)
Editors: Kui Ren (Illinois Institute of Technology, USA), Haojin Zhu (Shanghai Jiao Tong University, USA), Zhu Han (University of Houston, USA), and Radha Poovendran (University of Washington, USA)
Cognitive radio (CR) is an emerging advanced radio technology in wireless access, with many promising benefits including dynamic spectrum sharing, robust cross-layer adaptation, and collaborative networking. Based on a software-defined radio (SDR), cognitive radios are fully programmable and can sense their environment and dynamically adapt their transmission frequencies, power levels, modulation schemes, and networking protocols for improving network and application performance. It is anticipated that cognitive radio technology will be the next wave of innovation in information and communications technologies. Although the recent years have seen major and remarkable developments in the field of cognitive networking technologies, the security aspects of cognitive radio networks have attracted less attention so far. Due to the particular characteristics of the CR system, entirely new classes of security threats and challenges are introduced such as licensed user emulation, selfish misbehaviors and unauthorized use of spectrum bands. These new types of attacks take the advantage the inherent characteristics of CR, and could severely disrupt the basic functionalities of CR systems. Therefore, for achieving successful deployment of CR technologies in practice, there is a critical need for new security designs and implementations to make CR networks secure and robust against these new attacks. Topics of interest include, but are not limited to:
FC 2013 17th International Conference on Financial Cryptography and Data Security, Bankoku Shinryokan, Busena Terrace Beach Resort, Okinawa, Japan, April 1-5, 2013. (Submissions due 13 October 2012)
Financial Cryptography and Data Security is a major international forum for research, advanced development, education, exploration, and debate regarding information assurance, with a specific focus on commercial contexts. The conference covers all aspects of securing transactions and systems. Original works focusing on both fundamental and applied real-world deployments on all aspects surrounding commerce security are solicited. Submissions need not be exclusively concerned with cryptography. Systems security and inter-disciplinary efforts are particularly encouraged. Topics include:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TC||TC publications available online|
|TC Publications for sale||Cipher past issues archive|