Electronic CIPHER, Issue 119, March 17, 2014 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 119 March 17, 2014 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "Network Security Through Data Analysis: Building Situational Awareness" by Michael Collins o News: - 2013 Microsoft Research Verified Software Milestone Award - Computer forensics aids a state legislature's investigation o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Calendar of events o Upcoming calls-for-papers * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The registration website for the annual Security and Privacy Symposium is open for business. This year's program has over 40 papers ranging over a multitude of security issues from mobile devices to frankencerts to stylometry and to automated verification and beyond. The conference, long known as "Oakland" because of its permanent location in that city, has become itinerant and is now trying downtown San Jose, California, as a place for the gathering. This month Richard Austin's book review concerns building situational awareness as seen through the lens of network logs. If only this were a standard industry practice, sigh. There are two featured news items from the media this month. One concerns Microsoft's 2013 verified software award. The work that is honored seems to be computer hardware verification, and certainly this is an important underpinning for any verfied software. The second news item is about a report concerning a disgraced state attorney general who had a great deal of bad luck with all his communication devices; despite his litany of loss and damage, computer forensics specialists were able to recover a lot of email. It is interesting to note how practices that used to be the realm of speculative research are now commonplace methods with far-reaching effects. "The dog ate my email", Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin 3/12/2014 ____________________________________________________________________ Network Security Through Data Analysis: Building Situational Awareness by Michael Collins O'Reilly 2014. ISBN ISBN 978-1-449-35790=0 Amazon.com USD 27.74 Table of Contents: http://http://my.safaribooksonline.com/book/networking/security/9781449357894 We are drowning in data logs from our network infrastructure, security devices, servers, etc.. They vomit potentially relevant data in shocking volumes that challenge our ability to merely collect and store it. We suspicion that there is much useful information in there, somewhere, if only we could retrieve it, organize it and present it in a timely, actionable form. And, sad to say, it is becoming too common for post-breach investigations to reveal that the affected organization had information that would have enabled detecting the breach and mitigating its severity if only they realized they had it and could have acted on it in a timely fashion. Collin's new book is a worthwhile contribution to the continuing conversation on how we can profitably make use of the wealth of data available to us in developing that elusive awareness of what is going on around us (situational awareness). Collins organizes his presentation into three logical phases: data, tools and analytics. The "Data" section provides a good walkthrough of the different types of sensors and the logic that governs their placement. He provides sound advice on a critical consideration in sensor placement: determining what a given sensor can "see" (vantage) and how to avoid placing multiple sensors with overlapping vantage into the same data. I was glad to see coverage of NetFlow data as it is commonly overlooked though readily available from many modern networking devices. Chapter 4 ("Data Storage for Analysis: Relational Databases, Big Data and Other Options") was a bit of a disappointment in its coverage of "big data". Collins provides some tantalizing hints but I would have appreciated more detail on what contributions to expect from "big data" technologies. The "Tools" section covers "SiLK" and "R" in addition to more familiar tools. "SiLK" is a tool for working with NetFlow data, while "R" is a full function statistical package. Both are available without cost. SiLK allows the analyst to start working with NetFlow data to develop an appreciation for its value without the necessity for justifying budget, etc., for purchasing one of the commercial packages. And. while many security professionals quickly run for the nearest exit when "statistics" are mentioned, a full-function statistical package is a valuable addition to your toolbox when searching for meaning in data. Collins provides a gentle introduction to R that prepares the way for its more extensive use in the "Analytics" section. I particularly recommend Chapter 7 (Classification and Event Tools) for its discussion of event detection as a problem in binary classification with consideration of "Receiver Operating Characteristic" curves and the base rate fallacy. The words may be long but these are important concepts in understanding why systems such as IDS's so often fail to meet our expectations. With a good grounding in "Data" and "Tools", Collins turns his attention to the real meat of the matter in the "Analytics" section. One of the many advantages in working with a full-function statistical package versus a set of canned vendor displays is the ability to dive into the data and do exploratory data analysis (EDA). Collins provides great coverage of how this works and gained many kudos for covering a pet peeve of mine which is distributional assumptions ("Why did you assume Gaussian? Because it's the normal assumption!"). How many times have we been assured that 68% of packet sizes, etc., fall within one standard deviation of the mean? That would be true if our packet sizes did indeed follow the Gaussian distribution but do we know that? Collins recognizes the problem and covers using quantile-quantile plots to validate that our assumed distribution actually matches the data. Visualization is a powerful component of EDA and Collins provides many topical illustrations of how to productively visualize data when searching to understand its meaning and identify patterns (e.g., what traffic volume is really normal and what is anomalous?). As can be seen from the table of contents, Collins provides wide coverage of the different types of analysis which can be applied to gain insight from the data. His presentation on graph analysis (Chapter 13) highlights an important technique for using the connectedness of nodes as an indicator of their importance in events (e.g., when investigating a malware outbreak, the most connected of infected nodes is a good candidate for "patient 0" and a good starting place to determine how the malcode got into your environment). This book is an excellent introduction to the cornucopia of techniques that can be profitably applied in searching for understanding in the vast array of data our infrastructures produce. Collins introduces the techniques through solid examples and clearly explains what the techniques do, their limitations and how an analyst would actually use them in practice. If I had a criticism of the book, it would be that it is too short! However, the chapters include a good set of references that will guide further study. Definitely a recommended read for the technical security professional. Special thanks to the kindly reader who suggested this book for review. ------------------------------------------ It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin (http://cse.spsu.edu/raustin2) fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ==================================================================== News Briefs ==================================================================== Press release from Microsoft Research: We are delighted to announce that the recipient of the 2013 Microsoft Research Verified Software Milestone Award is Roope Kaivola from Intel Corporation (Oregon, USA), for the Intel Core i7 verification project. While formal methods were applied within a number of areas of the Core i7 project, the award is being given in recognition for Kaivola's role as intellectual leader of the core execution cluster as well as his leadership of the verification team. The formal presentation of the Award will be made to Roope at POPL 2014 (http://popl.mpi-sws.org/2014/), which takes place in San Diego - January 22-24. "Microsoft Research is delighted to celebrate the advances made in verified software with the Intel Core i7 Project. It is a real milestone when formal verification is used as the primary validation and coverage driven testing was entirely dropped. We salute Roope Kaivola and his team for some twenty person years of verification work, one of the most ambitious formal verification efforts in the hardware industry to date." Dr. Judith Bishop, Principal Research Director, Computer Science, Microsoft Research, Redmond The full award citation is provided along with further details of the award process at the Verified Software Initiative website, i.e. https://sites.google.com/site/verifiedsoftwareinitiative/ ------------------------------------------------------- Computer forensics helps state legislators conduct an investigation. The state of Utah investigated its former attorney general and acquired data from several devices. http://utahpolicy.com/index.php/features/today-at-utah-policy/2016-house-wraps-up-swallow-investigation -------------------------------------------------------- News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- New since Cipher E118: Posted Mar 2014 Lancaster University, UK (Security Research Centre) Lancaster, UK Senior Lecturer (Associate Professor in North American System) in Security Deadline for applications: 30 May, 2014 https://hr-jobs.lancs.ac.uk/Vacancy.aspx?ref=A900 --------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 3/21/14: CNS, 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA; http://ieee-cns.org; Submissions are due 3/24/14: PST, 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada; http://pst2014.ryerson.ca; Submissions are due 3/24/14: SESOC, 6th International Workshop on Security and Social Networking, Held in conjunction with PerCom 2014, Budapest, Hungary; http://www.sesoc.org 3/24/14- 3/28/14: SAC-SEC, 29th ACM Symposium on Applied Computing, Computer Security track, Gyeongju, Korea; http://www.dmi.unict.it/~giamp/sac/cfp2014.php 3/28/14: SHPCS, 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy; http://hpcs2014.cisedu.info/; Submissions are due 3/29/14: SPE, 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA; http://sesar.dti.unimi.it/SPE2014/; Submissions are due 3/31/14: ECTCM, 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland; http://www.ectcm.net/; Submissions are due 4/ 1/14: RAID, 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden; http://www.raid2014.eu/cfp.html; Submissions are due 4/ 1/14: SecATM, International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland; http://www.secatm.org; Submissions are due 4/ 2/14: ESORICS, 19th European Symposium on Research in Computer Security, Wroclaw, Poland; http://esorics2014.pwr.wroc.pl/index.html; Submissions are due 4/ 7/14- 4/11/14: POST, 3rd Conference on Principles of Security and Trust, Grenoble, France; http://www.etaps.org/2014/post-2014 4/ 8/14- 4/ 9/14: HotSoS, Symposium and Bootcamp on the Science of Security, Raleigh, North Carolina, USA; http://www.csc2.ncsu.edu/conferences/hotsos 4/11/14: NSPW, New Security Paradigms Workshop, Victoria, British Columbia, Canada; http://www.nspw.org/2014/cfp; Submissions are due 4/14/14: LISA, 28th Large Installation System Administration Conference, Seattle, WA, USA; https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf; Submissions are due 4/14/14- 4/15/14: COSADE, 5th International Workshop on Constructive Side-Channel Analysis and Secure Design, Paris, France; http://www.cosade.org 4/20/14: PLAS, 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden; http://researcher.ibm.com/researcher/view_project.php?id=5237; Submissions are due 4/24/14: OSDI, 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA; https://www.usenix.org/conference/osdi14/call-for-papers; Submissions are due 5/ 1/14: IEEE Security & Privacy magazine, Special issue on Key Trends in Cryptography; http://www.computer.org/portal/web/computingnow/spcfp1; Submissions are due 5/ 2/14: TGC, 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy; http://www.cs.le.ac.uk/events/tgc2014/; Submissions are due 5/ 6/14: NordSec, 19th Nordic Conference on Secure IT Systems, Tromso/, Norway; http://site.uit.no/nordsec2014/; Submissions are due 5/ 7/14: ACC, IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK; http://sesar.dti.unimi.it/ACC2014; Submissions are due 5/16/14: ACM-CCS, 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA; http://www.sigsac.org/ccs/CCS2014/; Submissions are due 5/17/14- 5/18/14: IWCC, International Workshop on Cyber Crime, Held in conjunction with the IEEE CS Security & Privacy Workshops (SPW 2014), Fairmont Hotel, San Jose, CA, USA; http://stegano.net/IWCC2014/ 5/17/14: MOST, Mobile Security Technologies Workshop, An event of the IEEE Computer Society's Security and Privacy Workshops (SPW 2014), Co-located with the 34th IEEE Symposium on Security and Privacy (IEEE S&P 2014), San Jose, CA, USA; http://mostconf.org/2014/cfp.html 5/18/14- 5/21/14: SP, 35th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2014/cfp.html 6/ 1/14: IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures; http://www.signalprocessingsociety.org/uploads/email/biometric_spoofing.html; Submissions are due 6/ 2/14- 6/ 4/14: IFIP-SEC, 29th IFIP TC-11 SEC 2014 International Conference ICT Systems Security and Privacy Protection, Marrakech, Morocco; http://www.ensa.ac.ma/sec2014/ 6/10/14: CANS, 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece; http://www.ics.forth.gr/cans2014; Submissions are due 6/23/14- 6/24/14: WEIS, 13th Annual Workshop on the Economics of Information Security, Pennsylvania State University, PA, USA; http://weis2014.econinfosec.org/ 6/23/14- 6/25/14: WISTP, 8th Workshop in Information Security Theory and Practice, Heraklion, Greece; http://www.wistp.org/ 6/25/14- 6/27/14: SACMAT, 19th ACM Symposium on Access Control Models and Technologies, London, Ontario, Canada; http://www.sacmat.org 6/27/14- 7/ 2/14: SPE, 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA; http://sesar.dti.unimi.it/SPE2014/ 6/30/14- 7/ 3/14: DASec, 1st International Workshop on Big Data Analytics for Security, Held in conjunction with ICDCS 2014, Madrid, Spain; http://www.dis.uniroma1.it/~dasec/ 7/ 1/14: Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems; http://www.journals.elsevier.com/information-systems/call-for-papers/special-issue-on-information-integrity-in-smart-grid-systems/; Submissions are due 7/ 1/14: ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade; http://acmtecs.acm.org/special-issues/14/embcrypt2014.html; Submissions are due 7/ 9/14- 7/11/14: SOUPS, Symposium On Usable Privacy and Security, In-cooperation with USENIX, Menlo Park, CA, USA; http://cups.cs.cmu.edu/soups/ 7/10/14- 7/11/14: DIMVA, 11th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Royal Holloway London, Egham, UK; http://www.dimva.org/dimva2014 7/16/14- 7/18/14: PETS, 14th Privacy Enhancing Technologies Symposium, Amsterdam, Netherlands; http://petsymposium.org/ 7/19/14- 7/22/14: CSF, 27th IEEE Computer Security Foundations Symposium, Vienna University of Technology, Vienna, Austria; http://csf2014.di.univr.it/ 7/21/14- 7/23/14: RFIDSec, 10th Workshop on RFID Security, Co-located with ACM WiSec 2014, Oxford, United Kingdom; http://rfidsec2014.cis.uab.edu/ 7/21/14- 7/25/14: WiSec, 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Oxford, United Kingdom; http://www.sigsac.org/wisec/WiSec2014/ 7/21/14- 7/25/14: SHPCS, 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy; http://hpcs2014.cisedu.info/ 7/23/14- 7/24/14: PST, 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada; http://pst2014.ryerson.ca 7/29/14: PLAS, 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden; http://researcher.ibm.com/researcher/view_project.php?id=5237 9/ 6/14- 9/ 6/14: TGC, 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy; http://www.cs.le.ac.uk/events/tgc2014/ 9/ 7/14- 9/11/14: ESORICS, 19th European Symposium on Research in Computer Security, Wroclaw, Poland; http://esorics2014.pwr.wroc.pl/index.html 9/ 8/14: ACC, IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK; http://sesar.dti.unimi.it/ACC2014 9/ 8/14- 9/12/14: ECTCM, 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland; http://www.ectcm.net/ 9/ 9/14- 9/12/14: SecATM, International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland; http://www.secatm.org 9/15/14- 9/18/14: NSPW, New Security Paradigms Workshop, Victoria, British Columbia, Canada; http://www.nspw.org/2014/cfp 9/24/14- 9/26/14: RAID, 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden; http://www.raid2014.eu/cfp.html 10/ 6/14-10/ 8/14: OSDI, 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA; https://www.usenix.org/conference/osdi14/call-for-papers 10/15/14-10/17/14: NordSec, 19th Nordic Conference on Secure IT Systems, Tromso/, Norway; http://site.uit.no/nordsec2014/ 10/22/14-10/24/14: CANS, 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece; http://www.ics.forth.gr/cans2014 10/29/14-10/31/14: CNS, 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA; http://ieee-cns.org 11/ 3/14-11/ 7/14: ACM-CCS, 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA; http://www.sigsac.org/ccs/CCS2014/ 11/ 9/14-11/14/14: LISA, 28th Large Installation System Administration Conference, Seattle, WA, USA; https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E87) ___________________________________________________________________ CNS 2014 2nd IEEE Conference on Communications and Network Security, San Francisco, CA, USA, October 29-31, 2014. (Submission Due 21 March 2014) http://ieee-cns.org IEEE Conference on Communications and Network Security (CNS) is a new conference series in IEEE Communications Society (ComSoc) core conference portfolio and the only ComSoc conference focusing solely on cyber security. IEEE CNS is a spin-off of IEEE INFOCOM, the premier ComSoc conference on networking. The goal of CNS is to provide an outstanding forum for cyber security researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to all practical and theoretical aspects of communications and network security. Building on the success of last year's inaugural conference, IEEE CNS 2014 seeks original high-quality technical papers from academia, government, and industry. Topics of interest encompass all practical and theoretical aspects of communications and network security, all the way from the physical layer to the various network layers to the variety of applications reliant on a secure communication substrate. Submissions with main contribution in other areas, such as information security, software security, system security, or applied cryptography, will also be considered if a clear connection to secure communications/networking is demonstrated. ------------------------------------------------------------------------ PST 2014 12th Annual Conference on Privacy, Security and Trust, Toronto, Canada, July 23-24, 2014. (Submission Due March 24, 2014) http://pst2014.ryerson.ca PST2014 provides a forum for researchers world-wide to unveil their latest work in privacy, security and trust and to show how this research can be used to enable innovation. PST2014 topics include, but are NOT limited to, the following: - Privacy Preserving / Enhancing Technologies - Critical Infrastructure Protection - Network and Wireless Security - Operating Systems Security - Intrusion Detection Technologies - Secure Software Development and Architecture - PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce - Network Enabled Operations - Digital forensics - Information Filtering, Data Mining and Knowledge from Data - National Security and Public Safety - Cryptographic techniques for privacy preservation - Security Metrics - Recommendation, Reputation and Delivery Technologies - Continuous Authentication - Trust Technologies, Technologies for Building Trust in e-Business Strategy - Observations of PST in Practice, Society, Policy and Legislation - Digital Rights Management - Identity and Trust management - PST and Cloud Computing - Human Computer Interaction and PST - Implications of, and Technologies for, Lawful Surveillance - Biometrics, National ID Cards, Identity Theft - PST and Web Services / SOA - Privacy, Traceability, and Anonymity - Trust and Reputation in Self-Organizing Environments - Anonymity and Privacy vs. Accountability - Access Control and Capability Delegation - Representations and Formalizations of Trust in Electronic and Physical Social Systems ------------------------------------------------------------------------- SHPCS 2014 9th Workshop on Security and High Performance Computing Systems, Held in conjunction with the International Conference on High Performance Computing & Simulation (HPCS 2014), Bologna, Italy, July 21 - July 25, 2014. (Submission Due 28 March 2014) http://hpcs2014.cisedu.info/ Providing high performance computing and security is a challenging task. Internet, operating systems and distributed environments currently suffer from poor security support and cannot resist common attacks. Adding security measures typically degrade performance. This workshop addresses relationships between security and high performance computing systems in three directions. First, it considers how to add security properties (authentication, confidentiality, integrity, non-repudiation, access control) to high performance computing systems and how they can be formally verified both at design-time (formal verification) and at run-time (run-time verification). In this case, safety properties can also be addressed, such as availability and fault tolerance for high performance computing systems. Second, it covers how to use high performance computing systems to solve security problems. For instance, a grid computation can break an encryption code, a cluster can support high performance intrusion detection or a distributed formal verification system. More generally, this topic addresses every efficient use of a high performance computing systems to improve security. Third, it investigates the tradeoffs between maintaining high performance and achieving security in computing systems and solutions to balance the two objectives. In all these directions, various formal analyses, as well as performance analyses or monitoring techniques can be conducted to show the efficiency of a security infrastructure. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of computer and network security, as well as case studies and implementation experiences. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. ------------------------------------------------------------------------- SPE 2014 4th International Workshop on Security and Privacy Engineering, Co-located with IEEE SERVICES 2014, Anchorage, Alaska, USA, June 27 - July 2, 2014. (Submission Due 29 March 2014) http://sesar.dti.unimi.it/SPE2014/ Built upon the success of spectrum of conferences within the IEEE World Congress on Services, the Security and Privacy Engineering (SPE 2014) workshop is a unique place to exchange ideas of engineering secure systems in the context of service computing, cloud computing, and big data analytics. The emphasis on engineering in security and privacy of services differentiates the workshop from other traditional prestigious security and privacy workshops, symposiums, and conferences. The practicality and value realization are examined by practitioners from leading industries as well as scientists from academia. In line with the engineering spirit, we solicit original papers on building secure service systems that can be applied to government procurement, digital medical records, cloud environments, social networking for business purposes, multimedia application, mobile commerce, education, and the like. Potential contributions could cover, but are not limited to, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the status of current Security and Privacy (S&P) in a specific area. Papers from practitioners who encounter security and privacy problems and seek understanding are also welcome. ------------------------------------------------------------------------- ECTCM 2014 2nd International Workshop on Emerging Cyberthreats and Countermeasures, Co-located with International Conference on Availability, Reliability and Security (ARES 2014), Fribourg, Switzerland, September 8-12, 2014. (Submission Due 31 March 2014) http://www.ectcm.net/ ECTCM aims at bringing together researchers and practitioners working in different areas related to cybersecurity. All unveilings regarding massive worldwide online surveillance in the past year led to a somewhat changed cyber world. We want to contribute to the current discussions about all technical aspects of this problem. Therefore this years' workshop focuses on new Targeted Attacks, Malware and all aspects of Privacy. Contributions demonstrating current weaknesses and threats as well as new countermeasures are warmly welcome. ------------------------------------------------------------------------- RAID 2014 17th International Symposium on Research in Attacks, Intrusions and Defenses, Gothenburg, Sweden, September 24-26, 2014. (Submission Due 1 April 2014) http://www.raid2014.eu/cfp.html The 17th International Symposium on Research in Attacks, Intrusions and Defenses aims at bringing together leading researchers and practitioners from academia, government, and industry to discuss novel research contributions related to any area of computer and information security. As in previous years, all topics related to intrusion detection and prevention are within scope. In addition, topics of interest also include but are not limited to: - Intrusion detection and prevention - Malware and botnet analysis, detection, and mitigation - Smartphone and other embedded systems security - Network & active defenses - Web application security - New attacks against computers and networks - Insider attack detection - Formal models, analysis, and standards - Deception systems and honeypots - Vulnerability analysis - Secure software development - Machine learning for security - Computer security visualization techniques - Network exfiltration - Online money laundering and underground economy - Hardware vulnerabilities - Binary analysis and reverse engineering - Digital forensics - Security and privacy ------------------------------------------------------------------------- SecATM 2014 International Workshop on Security in Air Traffic Management and other Critical Infrastructures, Held in conjunction with ARES 2014, University of Fribourg, Switzerland, September 9-12, 2014. (Submission Due 1 April 2014) http://www.secatm.org Global air traffic management (ATM) is evolving from siloed, local, proprietary systems to interconnected wide-area information systems. There is rapid development, as demonstrated by the US NextGen and the European Single European Sky ATM Research programme. Increased automation and interconnection also translates into increased security risks, and this workshop will focus on security of next-generation air traffic management systems and similar critical information infrastructures. Throughout the recent years the understanding was developed that the security. Suggested topics include, but are not limited to the following in ATM and related critical infrastructures: - Security Policy - Risk assessment - Security management - Security validation - Best practices - Secure middleware solutions - Experience reports - Challenges of security assessment in a safety-oriented environment ------------------------------------------------------------------------- ESORICS 2014 19th European Symposium on Research in Computer Security, Wroclaw, Poland, September 7-11, 2014. (Submission Due 2 April 2014) http://esorics2014.pwr.wroc.pl/index.html ESORICS (European Symposium on Research in Computer Security) is the premier European research conference in computer security. ESORICS started in 1990 and has been held in several European countries, attracting an international audience from both the academic and industrial communities. ESORICS 2014, the 19th symposium in the series, will be held in Poland at the Institute of Mathematics and Computer Science, Wroclaw University of Technology. Papers offering novel research contributions in all aspects of computer security are solicited for submission to ESORICS 2014. The primary focus is on original, high quality, unpublished research, but submissions describing implementation experiences and industrial research and development are also encouraged. All topics related to security, privacy and trust in computer systems and networks are of interest and in scope. Purely theoretical papers, e.g. in cryptography, must be explicit about the relevance of the theory to the security of IT systems. ------------------------------------------------------------------------- NSPW 2014 New Security Paradigms Workshop, Victoria, British Columbia, Canada, September 15-18, 2014. (Submission Due 11 April 2014) http://www.nspw.org/2014/cfp The New Security Paradigms Workshop (NSPW) invites papers that address the current limitations of information security. By encouraging participants to think “outside the box” and giving them an opportunity to interact with open-minded peers, NSPW seeks to foster paradigm shifts in the field of information security. NSPW is a highly interactive venue, with informal paper presentations, lively, extended discussions, shared activities, and group meals, all in the spectacular setting of Victoria, British Columbia, Canada. Most of the papers accepted to NSPW push the boundaries of science and engineering beyond what would be considered mainstream in more traditional security conferences. We are particularly interested in perspectives that augment traditional computer security, both from other areas of computer science and other sciences that study adversarial relationships such as biology, economics, and the social sciences. ------------------------------------------------------------------------- LISA 2014 28th Large Installation System Administration Conference, Seattle, WA, USA, November 9–14, 2014. (Submission Due 14 April 2014) https://www.usenix.org/sites/default/files/lisa14cfp_102813.pdf USENIX's Large Installation System Administration (LISA) conference - now in its 28th year - is the premier meeting place for professionals who make computing work across a variety of industries. If you're an IT operations professional, site-reliability engineer, system administrator, architect, software engineer, researcher, or otherwise involved in ensuring that IT services are effectively delivered to others - this is your conference, and we'd love to have you here. At LISA, systems theory meets operational practice. This is the best environment for you to talk about what you've been working on with other professionals—both in industry and in academia. Giving a presentation at LISA is the path to real-world impact by highlighting your team's or project's achievements. We are actively soliciting talks in areas such as cloud computing, creating a positive ops culture, software-defined networking, large-scale computing, distributed systems, security, analytics, visualization, and IT management methods - but we will consider exciting, engaging talks on any topic relevant to LISA attendees. ------------------------------------------------------------------------- PLAS 2014 9th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, Uppsala, Sweden, July 29, 2014. (Submission Due 20 April 2014) http://researcher.ibm.com/researcher/view_project.php?id=5237 PLAS aims to provide a forum for exploring and evaluating ideas on the use of programming language and program analysis techniques to improve the security of software systems. Strongly encouraged are proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and important problems. The scope of PLAS includes, but is not limited to: - Compiler-based security mechanisms or runtime-based security mechanisms such as inline reference monitors - Program analysis techniques for discovering security vulnerabilities - Automated introduction and/or verification of security enforcement mechanisms - Language-based verification of security properties in software, including verification of cryptographic protocols - Specifying and enforcing security policies for information flow and access control - Model-driven approaches to security - Security concerns for web programming languages - Language design for security in new domains such as cloud computing and embedded platforms - Applications, case studies, and implementations of these techniques ------------------------------------------------------------------------- OSDI 2014 11th USENIX Symposium on Operating Systems Design and Implementation, Broomfield, CO, USA, October 6–8, 2014. (Submission Due 24 April 2014) https://www.usenix.org/conference/osdi14/call-for-papers The 11th USENIX Symposium on Operating Systems Design and Implementation seeks to present innovative, exciting research in computer systems. OSDI brings together professionals from academic and industrial backgrounds in what has become a premier forum for discussing the design, implementation, and implications of systems software. The OSDI Symposium emphasizes innovative research as well as quantified or insightful experiences in systems design and implementation. OSDI takes a broad view of the systems area and solicits contributions from many fields of systems practice, including, but not limited to, operating systems, file and storage systems, distributed systems, cloud computing, mobile systems, secure and reliable systems, embedded systems, virtualization, networking as it relates to operating systems, management and troubleshooting of complex systems. We also welcome work that explores the interface to related areas such as computer architecture, networking, programming languages, and databases. We particularly encourage contributions containing highly original ideas, new approaches, and/or groundbreaking results. ------------------------------------------------------------------------- IEEE Security & Privacy, Special issue on Key Trends in Cryptography, January/February 2015, (Submission Due 1 May 2014) http://www.computer.org/portal/web/computingnow/spcfp1 Editor: Hilarie Orman (purplestreak.com, USA) and Charles Pfleeger (pfleeger.com, USA) Cryptography has advanced from an arcane craft to a mathematical discipline with established principles, widely-accepted standards, and daily use in Internet and many other computer applications. Yet its actual utility and future are clouded topics that hit at two widely separated poles: the limits of computation and the role of government. Articles for this special issue of IEEE Security & Privacy magazine will cover recent research trends in cryptology and their implications for emerging computing techniques (such as cloud computing), collaboration between researchers and governments in defining cryptographic standards, how physics and mathematics shape and limit cryptology, and how cryptology implements privacy and security in an interconnected world. Potential articles for this issue might address: - Is cryptology an ongoing research area? What are the remaining challenges that have not been solved by public key systems and the AES cipher? - What new cryptographic methods are on the horizon? How could techniques such as homomorphic encryption affect computers and applications? What synergies do new methods have with emerging technologies such as cloud computing, digital commerce, tablets and cellphones, personal health and safety systems, etc.? - What are the known or potential failures of cryptology? Are mathematical advances eroding the fundamental "hard problems" such as discrete logarithms or factoring? How can one be sure that a system employing cryptographic techniques is implemented securely? Is it better to use specialized hardware instead of software? Should cryptographic software be open source? How will advances in computing hardware, such as graphics processors, affect the use of cryptography? - Is quantum key distribution a realistic method for day-to-day applications? Is quantum computing a serious threat to the strength of cryptography? Do quantum principles have wider application to cryptology? When are these technologies likely to move from research to proof-of-concept to widespread use? - As more and more small devices contain general purpose computers and wireless communication, should they also employ cryptography? What physical constraints such as size, power demand, ruggedness or heat dissipation affect the ability to integrate cryptography in all devices? If device-based cryptography is readily available, will it be used? Will it be used appropriately? - Is there such a thing as "user-friendly cryptography"? How much of the arcane side of cryptography can be shielded from the user without weakening its impact? Do users care whether they employ cryptography or at what strength? Do users worry about traffic interception by criminals, businesses, or governments? - How and why does the U.S. government develop standards for cryptography? What standards are being developed now? How have the Snowden disclosures affected that process? Are there non-governmental approaches to developing these standards? - What are the scientific and political limits to actual secrecy and privacy? Malware, man-the-middle attacks, hardware Trojans, collusion by businesses and governments – in this environment, what protection is available to end users? ------------------------------------------------------------------------- TGC 2014 9th Symposium on Trustworthy Global Computing, Co-located with Concur 2014, Rome, Italy, September 5-6, 2014. (Submission Due 2 May 2014) http://www.cs.le.ac.uk/events/tgc2014/ The Symposium on Trustworthy Global Computing is an international annual venue dedicated to secure and reliable computation in the so-called global computers, i.e., those computational abstractions emerging in large-scale infrastructures such as service-oriented architectures, autonomic systems, and cloud computing. The TGC series focuses on providing frameworks, tools, algorithms, and protocols for rigorously designing, verifying, and implementing open-ended, large-scaled applications. The related models of computation incorporate code and data mobility over distributed networks that connect heterogeneous devices and have dynamically changing topologies. We solicit papers in all areas of global computing, including (but not limited to): - languages, semantic models, and abstractions - security, trust, and reliability - privacy and information flow policies - algorithms and protocols - resource management - model checking, theorem proving, and static analysis - tool support ------------------------------------------------------------------------- NordSec 2014 19th Nordic Conference on Secure IT Systems, Tromso/, Norway, October 15-17, 2014. (Submission Due 6 May 2014) http://site.uit.no/nordsec2014/ NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers and encourage interaction between academia and industry. In 2014 the conference has special focus on Security and Privacy for Cloud Computing and Big Data. Contributions within, but not limited to, the following areas are welcome: - Applied cryptography - Communication and network security - Internet and web-security - Operating system security - Software security - Language-based techniques for security - Security protocols - Access control and security models - Privacy and privacy-enhancing technologies - Trust and reputation management - Security evaluation and measurements - Commercial security policies and enforcement - Computer crime and information warfare - Social engineering and phishing - Intrusion detection - Security management and audit - New ideas and paradigms in security - Usable security and privacy ------------------------------------------------------------------------- ACC 2014 IEEE International Workshop on Autonomic Cloud Cybersecurity, Held in conjunction with the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), London, UK, September 8, 2014. (Submission Due 7 May 2014) http://sesar.dti.unimi.it/ACC2014 Cloud computing services offer cost effective, scalable, and reliable outsourced platforms. Cloud adoption is becoming rapidly ubiquitous; therefore, private and sensitive data is being moved into the cloud. This move is introducing new security and privacy challenges, which should be diligently addressed in order to avoid severe security repercussions. The focus of this workshop is to offer a discussion forum about autonomous cybersecurity systems, which offer viable and well-suited solutions for cloud threat prediction, detection, mitigation, and prevention. The workshop is part of the IEEE International Conference on Cloud and Autonomic Computing (CAC 2014), and is collocated with The 8th IEEE Self-Adaptive and Self-Organizing System Conference and The 14th IEEE Peer-to-Peer Computing Conference. We are soliciting original and unpublished results of ongoing research projects, emerging trends, uses cases, and implementation experiences in autonomous cloud cybersecurity systems and solutions. The topics covered include, but are not limited to: - Self-protection techniques of computing systems, networks and applications - Performance evaluation and metrics of self-protection algorithms - Metrics to characterize and quantify the cybersecurity algorithms (confidentiality, integrity, and availability of autonomic systems) - Anomaly behavior analysis and discovery of autonomic systems and services - Data mining, stochastic analysis and prediction of autonomic systems and applications - Datasets and benchmarks to compare and evaluate different self-protection techniques - Autonomic prediction of cyber crime - Cloud cryptographic systems - Autonomous cyber threat mitigation methods - Cloud security protocols - Automated cloud security analysis - Cloud cybersecurity tools ------------------------------------------------------------------------- ACM-CCS 2014 21st ACM Conference on Computer and Communications Security, The Scottsdale Plaza Resort, Scottsdale, Arizona, USA, November 3-7, 2014. (Submission Due 16 May 2014) http://www.sigsac.org/ccs/CCS2014/ The conference seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of computer and communications security. Papers should be related to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the relevance of the results to secure systems. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Further concrete instructions and submissions rules and regulations will be published in the Call for Papers which will be accessible via the conference web page. ------------------------------------------------------------------------- IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures, April 2015, (Submission Due 1 June 2014) http://www.signalprocessingsociety.org/uploads/email/biometric_spoofing.html Editor: Nicholas Evans (EURECOM, France), Sébastien Marcel (Idiap Research Institute, Switzerland), Arun Ross (Michigan State University, USA), and Stan Z. Li (Chinese Academy of Sciences, China) While biometrics technology has revolutionized approaches to person authentication and has evolved to play a critical role in personal, national and global security, the potential for the technology to be fooled or 'spoofed' is widely acknowledged. Efforts to study such threats and to develop countermeasures are now well underway resulting in some promising solutions. While progress with respect to each biometric modality has attained varying degrees of maturity, there are some notable shortcomings in research methodologies. Current spoofing studies focus on specific, known attacks. Existing countermeasures designed to detect and deflect such attacks are often based on unrealistic a priori knowledge and typically learned using training data produced using exactly the same spoofing method that is to be detected. Current countermeasures thus have questionable application in practical scenarios where the nature of the attack can never be known. This special issue will focus on the latest research on the topic of biometric spoofing and countermeasures, with a particular emphasis on novel methodologies and generalized spoofing countermeasures that have the potential to protect biometric systems against varying or previously unseen attacks. The aim is to further the state-of-the-art in this field, to stimulate interactions between the biometrics and information forensic communities, to encourage the development of reliable methodologies in spoofing and countermeasure assessment and solutions, and to promote the development of generalized countermeasures. Papers on biometric obfuscation (e.g., fingerprint or face alteration) and relevant countermeasures will also be considered in the special issue. Novel contributions related to both traditional biometric modalities such as face, iris, fingerprint, and voice, and other modalities such as vasculature and electrophysiological signals will be considered. The focus includes, but is not limited to, the following topics related to spoofing and anti-spoofing countermeasures in biometrics: - vulnerability analysis with an emphasis on previously unconsidered spoofing attacks; - theoretical models for attack vectors; - advanced machine learning and pattern recognition algorithms for anti-spoofing; - information theoretic approaches to quantify spoofing vulnerability; - spoofing and anti-spoofing in mobile devices; - generalized countermeasures; - challenge-response countermeasures; - sensor-based solutions to spoof attacks; - biometric obfuscation schemes; - information forensic approaches to spoofing detection; - new evaluation protocols, datasets, and performance metrics; - reproducible research (public databases, open source software and experimental setups). ------------------------------------------------------------------------- CANS 2014 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014. (Submission Due 10 June 2014) http://www.ics.forth.gr/cans2014 Papers offering novel research contributions are solicited for submission to the 13rd International Conference on Cryptology and Network Security (CANS-2014). The focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics include (but not limited to): - Access Control for Networks Mobile Code Security - Anonymity & Pseudonymity Multicast Security - Attacks & Malicious Code Network Security - Authentication, Identification Peer-to-Peer Security - Block & Stream Ciphers Public Key Cryptography - Cloud Security Security Modeling - Cryptographic Algorithms Security Architectures - Cryptographic Protocols Security in Location Services - Denial of Service Protection Security in Social Networks - Embedded Platform Security Sensor Network Security - Hash Functions Spam & SPIT Protection - Identity & Trust Management Spyware Analysis and Detection - (Future) Internet Security Virtual Private Networks - Key Management Wireless and Mobile Security ------------------------------------------------------------------------- Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems, 2014, (Submission Due 1 July 2014) http://www.journals.elsevier.com/information-systems/call-for-papers/ special-issue-on-information-integrity-in-smart-grid-systems/ Editor: Al-Sakib Khan Pathan (International Islamic University Malaysia, Malaysia), Zubair Muhammad Fadlullah (Tohoku University, Japan), Mostafa M. Fouda (Benha University, Egypt), Muhammad Mostafa Monowar (King AbdulAziz University, Saudi Arabia), and Philip Korn (AT&T Labs Research, USA) The smart grid is an electronically controlled electrical grid that connects power generation, transmission, distribution, and consumers using information and communication technology. One of the key characteristics of the smart grid is its support for bi-directional information flow between the consumer of electricity and the utility provider. A critical twist on the current electrical grid system, this kind of two-way interaction would allow electricity to be generated in real-time based on consumer demands and power requests. While the system would allow users to get more control over electricity use and supply, many security issues are raised to ensure information privacy of the users as well as authorization procedures for electricity use. Security loopholes in the system could, in fact, aggravate the electricity supply system instead of improving it. The quality of the information from billing and accounting is also a major concern. With this Special Issue, we open the door to encourage researchers to discuss issues related to information integrity and security services in the smart grid, particularly from the communication point of view to construct energy, control, and information processing systems for the smart grid. Any topic related to information integrity and security services in the smart grid, particularly from the communications and data management point of view, is to be considered. The topics include but are not limited to: - Data quality in the smart grid - Secure smart metering - Secure Advanced Metering Infrastructure (AMI) communication and management - Privacy protection in smart grid - Smart grid security database architecture and models - Security services for smart grid - User authentication, access control for smart grid - Hardware design for information protection in smart grid - Simulation and performance analysis of smart grid security operations ------------------------------------------------------------------------- ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade, First Quarter 2015, (Submission Due 1 July 2014) http://acmtecs.acm.org/special-issues/14/embcrypt2014.html Editor: Patrick Schaumont (Virginia Tech, USA), Máire O'Neill (Queen's University Belfast, UK), and Tim Güneysu (Ruhr University Bochum, Germany) Cryptography has made great strides in capability and variety over the past few years, enabling a broad range of new applications and extending the reach of security deep into the embedded world. A few examples include lightweight primitives that provide information security for a fraction of the energy and cost of traditional primitives; lattice-based crypto-engines that provide an alternative to public-key operations in a post-quantum-computing world; cryptographic sponges that can be configured as universal crypto-kernels; anonymous signatures that support electronic cash in portable, compact form factors; and homomorphic primitives and zero-knowledge proofs that allow privacy-friendly interaction of devices with the all-knowing cloud. These novel forms of cryptography will drive the embedded information infrastructure, and they will become a necessity to mix and merge our virtual life with our real life in a trustworthy and scalable manner. However, this is not your father's cryptography, and its efficient implementation needs new research efforts. It is based on different mathematical structures, novel transformations and data organizations, and in many cases its computational complexity is significantly higher than that of traditional cryptographic operations. For several primitives, such as for post-quantum cryptography and homomorphic computing, the optimal implementation strategies are still an open area of research. Furthermore, threats against these novel forms of cryptography, such as side-channel analysis or fault injection, are unexplored. This special issue of ACM Transactions on Embedded Computing Systems solicits state-of-the-art research results and surveys in embedded system engineering for these novel cryptographic primitives. The issue will cover both hardware and software implementations for performance-optimized, resource-constrained, energy-efficient platforms. Of special interest are implementations that demonstrate novel applications for cryptographic primitives. A few examples of topics of interest for the special issue include: - Post-quantum Primitives for Constrained Platforms (RFID, microcontroller) - Lattice-based Cryptography in Embedded Platforms - Embedded Implementations that interact with the Homomorphic Cloud - Custom-instruction Extensions and Hardware Primitives for Post-quantum Cryptography - Performance Comparisons and Benchmarks for Multi-party Computation - Privacy-friendly Cryptography in Embedded Platforms - Privacy-friendly Car Electronics and Public-transport Infrastructure - Implementations of Electronic Cash - Implementations of Electronic Passports - Hardware Acceleration of Privacy-friendly Cryptographic Primitives - Implementations of Unified Cryptographic Primitives (eg Authenticated Encryption) - Implementations of Leakage-resilient Cryptography ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Patrick McDaniel Symposium Chair Emeritus: Computer Science and Engineering Robin Sommer Pennsylvania State University http://www.icir.org/robin 360 A IST Building University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2014 Chair: TC Awards Chair: Greg Shannon Hilarie Orman CERT Purple Streak, Inc. oakland14-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor @ ieee-security.org ________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year