Conference and Workshop Announcements
Commentary and Opinion
Richard Austin's review of Reverse Deception: Organized Cyber Threat Counter-Exploitation by S. Bodmer, M. Kilger, G. Carpenter and J. Jones
Listing of academic positions available by
New since Cipher E112:
Posted Mar 2013
University of Versailles-St-Quentin-en-Yvelines
PRiSM Laboratory - "Cryptology and Information Security" group
Assistant Professor position
Deadline for applications: March 28, 2013
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E112 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
SECRYPT 2013 10th International Conference on Security and Cryptography, Reykjavik, Iceland, July 29-31, 2013. (Submissions due 18 March 2013)
SECRYPT is an annual international conference covering research in information and communication security. The 10th International Conference on Security and Cryptography (SECRYPT 2013) will be held in Reykjavik, Iceland. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. The conference topics include, but are not limited to:
MWSN 2013 IEEE International Workshop on Security and Privacy of Mobile, Wireless and Sensor Networks, New Orleans, LA, USA, June 23, 2013. (Submissions due 22 March 2013)
To cope with the rapid increase in mobile users and the increasing demand for mobile, wireless and sensor networks (MWSNs), it is becoming imperative to provide the necessary security protocols and privacy guarantees to users of MWSNs. In turn, these specific demands in security and privacy require new methodologies that are specifically designed to cope with the strict requirements of the networks. In general, the real-world performance of MWSNs crucially depends on the selected protocols, and their suitability and efficiency for the layers of the implementation. A satisfactory security design and protocol are therefore crucial for the performance of MWSNs. It is a great challenge to achieve efficient and robust realizations of such highly dynamic and secure MWSNs. Moreover, the study of security and privacy in the context of MWSNs provides insights into problems and solutions that are orthogonal to programming languages, programming paradigms, computer hardware, and other aspects of the implementation. The objective for this workshop is to address those topics, which we believe will play an important role in current and future research on and education of MWSNs.
ECTCM 2013 1st International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with ARES 2013, University Regensburg, Germany, September 2-6, 2013. (Submissions due 30 March 2013)
The First International Workshop on Emerging Cyberthreats and Countermeasures aims at bringing together researchers and practitioners working in different areas related to cybersecurity. After organizing three informal workshops on Early Warning Systems in IT in the past three years, we strongly believe that the next step is to give the workshop a more formal structure in context of an internationally acclaimed scientific conference. The focus of this year's workshop is on IT Early Warning, Malware Detection and Analysis, Targeted Attacks, Cryptanalysis, and Privacy Protection. Contributions demonstrating both current weaknesses and threats as well as new countermeasures are welcome.
International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks, July 2013, (Submission Due 1 April 2013)
Editors: S. Khan (Kohat University of Science and Technology, Pakistan),
Jaime Lloret (Polytechnic University of Valencia, Spain),
and Jonathan Loo (Middlesex University, UK)
Wireless sensor networks are gaining significant interest from academia and industry. Wireless sensor networks are multihop, self-organizing, self-healing, and distributed in nature. These characteristics also increase vulnerability and expose sensor networks to various kinds of security attacks. Advance security mechanisms and intrusion detection systems (IDSs) can play an important role in detecting and preventing security attacks. This special issue aims to gather recent advances in the area of security aspect of wireless sensor networks. It welcomes research and review articles that focus on the challenges and the state-of-the-art solutions. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Potential topics include, but are not limited to:
CSAW 2013 Cloud Security Auditing Workshop, Held in conjunction with the IEEE 9th World Congress on Services, Santa Clara, CA, USA, June 27 - July 2, 2013. (Submissions due 1 April 2013)
Security concerns are a major impediment to the widespread adoption of cloud services. Cloud services often deal with sensitive information and operations. Thus, cloud service providers must provision services to rapidly identify security threats for increased information assurance. In addition, when a threat is identified or an attack is detected, incident reporting should be timely and precise to allow cloud tenants and users to respond appropriately. Detection and reporting require meta-information to be captured across the cloud in order to audit and monitor it for potential threats that may lead to attacks and to discern when and where an attack has already occurred. Capturing security relevant information and auditing the results to determine the existence of security threats in the cloud is challenging for multiple reasons. Cloud tenants rely on the cloud for diverse tasks and have services and data that may require isolation or be provisioned for composition with other services in cloud applications. Organizations may not have the logging capabilities in place for their services or may not be predisposed to share the information. Cloud management services are needed to log relevant events at their endpoints, including user interactions and interactions within the cloud federation. Consistent formats for capturing events and generating logs to be hosted within the cloud are not specified as part of current service level agreements (SLAs). Near real-time analysis is needed for prediction of potential threats in order to respond quickly to prevent an attack. Centralized analysis of information captured may present too much overhead for timely alerts and incident reporting. But distributed analysis must guarantee that the partial information it uses is sufficient to determine a threat. All analyses must consider the configuration of the cloud and its tenant services and resources. The goal of this one day workshop is to bring together researchers and practitioners to explore and assess varied and viable technologies for capturing security relevant events throughout the cloud and performing monitoring and analyses on the captured information to detect, prevent, and mitigate security threats. List of topics include:
RFIDSEC 2013 9th Workshop on RFID Security, Graz, Austria, July 9-11, 2013. (Submissions due 2 April 2013)
RFIDsec is the premier workshop devoted to security and privacy in Radio Frequency Identification (RFID) with participants throughout the world. RFIDsec brings together researchers from academia and industry for topics of importance to improving the security and privacy of RFID, NFC, contactless technologies, and the Internet of Things. RFIDsec bridges the gap between cryptographic researchers and RFID developers through invited talks and contributed presentations. Topics of the workshop include but are not limited to:
FCS 2013 Workshop on Foundations of Computer Security, Tulane University, New Orleans, Louisiana, USA, June 29, 2013. (Submissions due 10 April 2013)
The aim of the workshop FCS'13 is to provide a forum for continued activity in different areas of computer security, bringing computer security researchers in closer contact with the LICS community and giving LICS attendees an opportunity to talk to experts in computer security, on the one hand, and contribute to bridging the gap between logical methods and computer security foundations, on the other. We are interested both in new results in theories of computer security and also in more exploratory presentations that examine open questions and raise fundamental concerns about existing theories, as well as in new results on developing and applying automated reasoning techniques and tools for the formal specification and analysis of security protocols. We thus solicit submissions of papers both on mature work and on work in progress. Possible topics include, but are not limited to:
CMS 2013 14th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security, Magdeburg, Germany, September 25-26, 2013. (Submissions due 15 April 2013)
The conference provides a forum for engineers and scientists in information security. Both state-of-the-art issues and practical experiences as well as new trends in these areas will be once more the focus of interest just like at preceding conferences. The conference will address in particular security and privacy issues in mobile contexts, web services (including social networking) and ubiquitous environments. We solicit papers describing original ideas and research results on topics that include, but are not limited to: applied cryptography, biometrics, forensics, secure documents and archives, multimedia systems security, digital watermarking, distributed DRM policies, attack resistant rndering engines, adaptive anomaly detection, censorship resistance, risk management, mobility and security/privacy, mobile identities, privacy enhanced identity management, security/privacy policies and preferences, social networks security/privacy, security/privacy in geo-localized applications, security/privacy in VoIP`, security policies (including usage control), web services security, economics of network and information security (NIS), SOA security, ubiquitous and ambient computing security, cloud computing security/privacy, wireless and ad hoc network security, RFID tags and (multimedia) sensor nodes security, security technology effectiveness, incentivizing security.
SeCIHD 2013 3rd IFIP International Workshop on Security and Cognitive Informatics for Homeland Defense, Held in conjunction with the 8th ARES Conference (ARES 2013), Regensburg, Germany, September 2-6, 2013. (Submissions due 15 April 2013)
In the last years significant work has been undertaken by Governments and local agencies with respect to the protection of critical infrastructures and public-private sector coordination in the event of a cyber-attack. Threats to cities and their social infrastructures, e.g. from crime, and terrorism, endanger human life directly and indirectly. Resilience of critical infrastructures is gaining importance as a core concept to cope with such threats. In general, this means strengthening social infrastructures to prevent or mitigate such threats and to consistently deliver the intended services in a trustworthy and "normal" way even in changing situations. Information and communication infrastructure (ICT) is a primary part of the social infrastructure and therefore one of the central objects of these attacks. As a consequence, effective response capabilities must be properly organized and closely coordinated because, at the time of a cyber-attack, it is not possible to immediately determine whether the attacker is a script kiddie, an insider, a rogue actor (organized crime, terrorist organization, or radical), or a nation state. Unlike traditional Defense categories (i.e., land, air, and sea), the capabilities required to respond to an attack on critical infrastructures will necessarily involve infrastructure owned and operated by both the public and the private sector. Exercising for effective digital systems security becomes thus a crucial task in order to strengthen the resilience of IT systems against arising threats. Advanced information technologies that are able to analyze and interpret complex patterns or situations and take the proper decisions in terms on countermeasures the basic building blocks of the above solutions. In this context, it is worth noting research that combines security and defense aspects with achievements in designing advanced systems for the acquisition and sophisticated semantic analysis of complex image patterns and group behaviors. Such systems use cognitive models of semantic interpretation and can be applied to develop e.g., algorithms and protocols used for the security of computer systems themselves, but also to ensure the confidentiality and security of communication networks. Thus, the aim of this workshop is collecting and discussing new ideas and solutions that can be used to develop globally understood safe solutions connected with activities to strengthen national defense capability. The workshop topics include (but are not limited to):
TGC 2013 8th International Symposium on Trustworthy Global Computing, Buenos Aires, Argentina, August 30-31, 2013. (Submissions due 15 April 2013)
The Symposium on Trustworthy Global Computing is an international annual venue dedicated to safe and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms and protocols for designing open-ended, large-scaled applications and for reasoning about their behaviour and properties in a rigorous way. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to):
PRISMS 2013 International Conference on Privacy and Security in Mobile Systems, Atlantic City, NJ, USA, June 24-27, 2013. (Submissions due 29 April 2013)
PRISMS is the successor of MobiSec (International Conference on Security and Privacy in Mobile Information and Communication Systems). The conference under a new name (PRISMS) is organized this year with the co-sponsorship of IEEE. Its focus is the convergence of information and communication technology in mobile scenarios. This convergence is realised in intelligent mobile devices, accompanied by the advent of next-generation communication networks. Privacy and security aspects need to be covered at all layers of mobile networks, from mobile devices, to privacy respecting credentials and mobile identity management, up to machine-to-machine communications. In particular, mobile devices such as Smartphones and Internet Tablets have been very successful in commercialization. However, their security mechanisms are not always able to deal with the growing trend of information-stealing attacks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. Mobility and trust in networking go hand in hand for future generations of users, who need privacy and security at all layers of technology. In addition, the introduction of new data collection practices and data-flows (e.g. sensing data) from the mobile device makes it more difficult to understand the new security and privacy threats introduced. PRISMS strives to bring together the leading-edge of academia and industry in mobile systems security, as well as practitioners, standards developers and policymakers. Contributions may range from architecture designs and implementations to cryptographic solutions for mobile and resource-constrained devices.
ICICS 2013 15th International Conference on Information and Communications Security, Beijing, China, November 20-22, 2013. (Submissions due 6 May 2013)
The 2013 International Conference on Information and Communications Security will be the 15th event in the ICICS conference series, started in 1997, that brings together individuals involved in multiple disciplines of Information and Communications Security in order to foster exchange of ideas. Original papers on all aspects of Information and Communications Security are solicited for submission to ICICS 2013. Areas of interest include, but are not limited to:
SeTTIT 2013 Workshop on Security Tools and Techniques for Internet of Things, Co-located with the BODYNETS 2013 conference, Boston, Massachusetts, USA, September 30 - October 2, 2013. (Submissions due 6 May 2013)
E-health systems have the objective to continuously monitor the state of patients in order to increase knowledge and understanding of their physical status. Being a system of systems, the Internet of Things (IoT) has to master the challenge of integrating heterogeneous systems across technology boundaries. Timely delivery of observation data is a key aspect to identifying potential diseases and anomalies. IoT systems are vulnerable to attacks since communication is mostly wireless and thus vulnerable to eavesdropping, things are usually unattended and thus vulnerable to physical attacks, and most IoT elements are short on both the energy and computing resources necessary for the implementation of complex security-supporting schemes. Among the plethora of applications that can benefit from the IoT, the workshop will have a particular focus on security aspects in eHealth and in the broad-sense of well-being. Security aspects in other application domains of the IoT are also of interest. The workshop will address security issues that are particular to the context of using IoT for eHealth including threat modeling, risk assessment, privacy, access control, and fault-tolerance. Theoretical, modeling, implementation, and experimentation issues will be discussed to build an accurate general view on the security of medical BANs. One of the major challenges that will be underlined by the workshop participants is the combination of different security models needed for the sub-networks of the IoT (e.g., BAN, PAN, LAN, MANET) with consideration of the severe computational, storage, and energy limitations of the elementary smart nodes. We encourage contributions describing innovative work addressing the use of information and communication technologies in medical applications. Topics of interest include, but are not limited to:
CCS 2013 20th ACM Conference on Computer and Communications Security, Berlin, Germany, November 4-8, 2013. (Submissions due 8 May 2013)
Securecomm seeks high-quality research contributions in the form of well-developed The ACM Conference on Computer and Communications Security (CCS) is the flagship annual conference of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results. It provides an environment to conduct intellectual discussions. From its inception, CCS has established itself as a high standard research conference in its area.
SECURECOMM 2013 9th International ICST Conference on Security and Privacy in Communication Networks, Sydney, Australia, September 25-27, 2013. (Submissions due 10 May 2013)
Securecomm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated. Topics of interest include, but are not limited to, the following:
IWSEC 2013 8th International Workshop on Security, Okinawaken Shichouson Jichikaikan, Japan, November 18-20, 2013. (Submissions due 13 May 2013)
Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2013. Topics of interest for IWSEC 2013 include but are not limited to:
SOUPS-RISK 2013 Workshop on Risk Perception in IT Security and Privacy, Newcastle, UK, July 24-26, 2013. (Submissions due 30 May 2013)
This workshop is an opportunity to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Willingness to perform actions for security purposes is strongly determined by the costs and perceived benefit to the individual. When end-users' perceptions of risk are not aligned with organization or system, there is a mismatch in perceived benefit, leading to poor user acceptance of the technology. For example, organizations face complex decisions when pushing valuable information across the network to mobile devices, web clients, automobiles and other embedded systems. This may impose burdensome security decisions on employees and clients due to the risks of devices being lost or stolen, shoulder surfing, eavesdropping, etc. Effective risk communication can provide a shared understanding of the need for, and benefits of secure approaches and practices. While risk perception has been studied in non-IT contexts, how well people perceive and react to IT risk is less well understood. How systems measure IT risk, how it is best communicated to users, and how to best align these often misaligned perspectives is poorly understood. Risk taking decisions (policies) are increasingly being pushed out to users who are frequently ill prepared to make complex technical security decisions based on limited information about the consequences of their actions. In other risk domains we know that non-experts think and respond to risk very differently than experts. Non-experts often rely on affect, and may be unduly influenced by the perceived degree of damage that will be caused. Experts, and risk evaluation systems, use statistical reasoning to assess risk. The purpose of this workshop is to bring together researchers and practitioners to share experiences, concerns and ideas about how to address the gap between user perception of IT risks and security / organizational requirements for security and privacy. Topics of interest include:
SIN 2013 6th International Conference on Security of Information and Networks, Aksaray, Turkey, November 26-28, 2013. (Submissions due 30 June 2013)
The 6th International Conference on Security of Information and Networks (SIN 2013) provides an international forum for presentation of research and applications of security in information and networks. Papers addressing all aspects of security in information and networks are being sought. Researchers and industrial practitioners working on the following and related subjects are especially encouraged: Development and realization of cryptographic solutions, security schemes, new algorithms; critical analysis of existing approaches; secure information systems, especially distributed control and processing applications, and security in networks; interoperability, service levels and quality issues in such systems; information assurance, security, and public policy; detection and prevention of cybercrimes such as fraud and phishing; next generation network architectures, protocols, systems and applications; industrial experiences and challenges of the above.
RFIDsec-Asia 2013 Workshop on RFID and IoT Security, Guangzhou, China, November 27, 2013. (Submissions due 1 July 2013)
The workshop series of RFIDsec Asia, the Asia branch of RFIDsec, aims to provide researchers, enterprises and governments a platform to investigate, discuss and propose new solutions on security and privacy issues of RFID/IoT (Internet of Things) technologies and applications. Papers with original research in theory and practical system design concerning RFID/IoT security are solicited. Topics of interest include, but are not limited to, the following:
VizSec 2013 10th International Symposium on Visualization for Cyber Security, Atlanta GA, USA, October 14, 2013. (Submissions due 8 July 2013)
The 10th International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec will provide an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP||TC publications available online|
|TC Publications for sale||Cipher past issues archive|