|
|
Conference and Workshop Announcements
Commentary and Opinion
Richard Austin's review of Data-Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs and Bob Rudis
No new NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Cynthia Irvine
Recent postings:
Cipher
calls-for-papers
and
calendar
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E119
(the calls-for-papers and the calendar announcements may differ
slightly in content or time of update):
SAC 2014 Conference on Selected Areas in Cryptography, Concordia University, Montreal, Quebec, Canada, August 14-15, 2014. (Submission Due 28 May 2014)
Authors are encouraged to submit original papers related to the following themes for the SAC 2014 conference. Note that the first three are traditional SAC areas and the fourth topic is intended to be the special focus for this year's conference:
IEEE Transactions on Information Forensics and Security, Special Issue on Biometric Spoofing and Countermeasures, April 2015, (Submission Due 1 June 2014)
Editor: Nicholas Evans (EURECOM, France),
Sébastien Marcel (Idiap Research Institute, Switzerland),
Arun Ross (Michigan State University, USA),
and Stan Z. Li (Chinese Academy of Sciences, China)
While biometrics technology has revolutionized approaches to person
authentication and has evolved to play a critical role in personal,
national and global security, the potential for the technology to be
fooled or 'spoofed' is widely acknowledged. Efforts to study such threats
and to develop countermeasures are now well underway resulting in some
promising solutions. While progress with respect to each biometric modality
has attained varying degrees of maturity, there are some notable shortcomings
in research methodologies. Current spoofing studies focus on specific, known
attacks. Existing countermeasures designed to detect and deflect such attacks
are often based on unrealistic a priori knowledge and typically learned using
training data produced using exactly the same spoofing method that is to be
detected. Current countermeasures thus have questionable application in
practical scenarios where the nature of the attack can never be known.
This special issue will focus on the latest research on the topic of
biometric spoofing and countermeasures, with a particular emphasis on
novel methodologies and generalized spoofing countermeasures that have
the potential to protect biometric systems against varying or previously
unseen attacks. The aim is to further the state-of-the-art in this field,
to stimulate interactions between the biometrics and information forensic
communities, to encourage the development of reliable methodologies in
spoofing and countermeasure assessment and solutions, and to promote the
development of generalized countermeasures. Papers on biometric
obfuscation (e.g., fingerprint or face alteration) and relevant
countermeasures will also be considered in the special issue. Novel
contributions related to both traditional biometric modalities such as
face, iris, fingerprint, and voice, and other modalities such as
vasculature and electrophysiological signals will be considered. The
focus includes, but is not limited to, the following topics related
to spoofing and anti-spoofing countermeasures in biometrics:
M2MSec 2014 International Workshop on Security and Privacy in Machine-to-Machine Communications, Held in conjunction with IEEE Conference on Communications and Network Security (CNS 2014), San Francisco, CA, USA, October 29, 2014. (Submission Due 1 June 2014)
The First International Workshop on Security and Privacy in Machine-to-Machine Communications (M2MSec'14) aims to foster innovative research and discuss about security and privacy challenges, solutions, implementations, and standardization in emerging M2M communication systems. Papers from academic researchers, industry practitioners, and government institutions offering novel research contributions in all theoretical and practical aspects of security and privacy in M2M communications are solicited for submission to M2MSec'14. The scope of this workshop covers all aspects of security and privacy in M2M communications and particular topics of interest include, but are not limited to:
LightSEC 2014 3rd International Workshop on Lightweight Cryptography for Security & Privacy, Istanbul, Turkey, September 1-2, 2014. (Submission Due 1 June 2014)
LightSEC 2014 promotes and initiates novel research on the security & privacy issues for applications that can be termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. As such applications are becoming ubiquitous, providing an immense value to society, they are also affecting a greater portion of the public & leading to a plethora of economical & security and privacy related concerns. Topics of interest include:
SIN 2014 7th International Conference on the Security of Information and Networks, Glasgow, UK, September 9-11, 2014. (Submission Due 2 June 2014)
The 7th International Conference on Security of Information and Networks (SIN 2014) provides an international forum for presentation of research and applications of security in information and networks. SIN 2014 features contributed as well as invited papers, special sessions, workshops, and tutorials on theory and practice. Its drive is to convene a high quality, well-attended, and up-to-date conference on scientific and technical issues of security in information, networks, and systems. Topics of interest include (but are not limited to):
eCrime 2014 9th Symposium on Electronic Crime Research, Held in conjunction with the 2014 APWG General Meeting, Birmingham, Alabama, USA, September 23-25, 2014. (Submission Due 6 June 2014)
The eCrime Symposium consists of two full days which bring together academic researchers, security practitioners, and law enforcement to discuss all aspects of electronic crime and ways to combat it. Topics of interest include (but are not limited to):
TrustED 2014 4th International Workshop on Trustworthy Embedded Devices, Co-located with the ACM Conference on Computer & Communications Security (CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 6 June 2014)
TrustED considers selected security and privacy aspects of cyber physical systems and their environments. We aim to bring together experts from academia, research institutions, industry, and government to discuss problems, challenges, and recent scientific and technological advances in this field. In particular, we strongly encourage industry participation and submissions. The workshop topics include, but are not limited to:
SLSS 2014 International Workshop on System Level Security of Smartphones, Held in conjunction with SecureComm 2014, Beijing, China, September 23, 2014. (Submission Due 6 June 2014)
This workshop will discuss various aspects of system level security of smartphones, and stitch together the aspects into holistic and deep understandings. Some specific aspects include system metadata abuse, .so level rootkits in Android, finer-grained protection domains, cross-layer vulnerability analysis, and context-aware access control. Through the workshop, some new vulnerabilities and attack on Android/IOS systems could be revealed, and some security design principles of next generation smartphone Operating Systems could be identified. The workshop will be more discussion oriented than regular workshops, it will include a few selected presentations, each with a 15 minutes speech and 45 minutes discussion. Research contributions are solicited in all aspects related to system level security of smartphones, including but not limited to:
CANS 2014 13th International Conference on Cryptology and Network Security, Aldemar Royal Mare Resort, Heraklion Crete, Greece, October 22-24, 2014. (Submission Due 10 June 2014)
Papers offering novel research contributions are solicited for submission to the 13rd International Conference on Cryptology and Network Security (CANS-2014). The focus is on original, high quality, unpublished research and implementation experiences. We encourage submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics include (but not limited to):
STM 2014 10th International Workshop on Security and Trust Management, Held in conjunction with ESORICS 2014, Wroclaw, Poland, September 10-11, 2014. (Submission Due 13 June 2014)
The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICTs. Topics of interest include, but are not limited to:
ProvSec 2014 8th International Conference on Provable Security, Hong Kong, October 9-10, 2014. (Submission Due 20 June 2014)
Provable security is an important research area in modern cryptography. Cryptographic primitives or protocols without a rigorous proof cannot be regarded as secure in practice. In fact, there are many schemes that were originally thought as secure but eventually broken, which clearly indicates the need of formal security assurance. With provable security, we are confident in using cryptographic schemes and protocols in various real-world applications. Meanwhile, schemes with provable security sometimes give only theoretical feasibility rather than a practical construction, and correctness of the proofs may be difficult to verify. ProvSec conference thus provides a platform for researchers, scholars and practitioners to exchange new ideas for solving these problems in the provable security area. All aspects of provable security for cryptographic primitives or protocols, include but are not limited to the following areas:
ISC 2014 17th Information Security Conference, Hong Kong, October 12-14, 2014. (Submission Due 25 June 2014)
The Information Security Conference (ISC), which started as a workshop (ISW) in 1997, is one of the first conferences bringing together computer security and cryptographers. It has been held in 5 different continents. Its proceedings are published by Springer. Potential topics to be addressed by submissions include, but are not limited to:
LASER 2014 2014 Workshop on Learning from Authoritative Security Experiment Results, Arlington, Virginia, USA, October 15-16, 2014. (Submission Due 30 June 2014)
The LASER workshop invites papers that strive to exemplify the practice of science in cyber security. The goal of this series of workshops, now in its third year, is to address the practice of good science. We encourage participants who want to help others improve their practice and participants who want to improve their own practice. LASER seeks to foster a dramatic change in the paradigm of cyber security research and experimentation. Participants will find LASER to be a constructive and highly interactive venue featuring informal paper presentations and extended discussions. LASER welcomes papers that are:
Elsevier Information Systems, Special Issue on Information Integrity in Smart Grid Systems, 2014, (Submission Due 1 July 2014)
Editor: Al-Sakib Khan Pathan (International Islamic University Malaysia, Malaysia),
Zubair Muhammad Fadlullah (Tohoku University, Japan),
Mostafa M. Fouda (Benha University, Egypt),
Muhammad Mostafa Monowar (King AbdulAziz University, Saudi Arabia),
and Philip Korn (AT&T Labs Research, USA)
The smart grid is an electronically controlled electrical grid that connects
power generation, transmission, distribution, and consumers using information
and communication technology. One of the key characteristics of the smart
grid is its support for bi-directional information flow between the consumer
of electricity and the utility provider. A critical twist on the current
electrical grid system, this kind of two-way interaction would allow
electricity to be generated in real-time based on consumer demands and
power requests. While the system would allow users to get more control
over electricity use and supply, many security issues are raised to
ensure information privacy of the users as well as authorization procedures
for electricity use. Security loopholes in the system could, in fact,
aggravate the electricity supply system instead of improving it. The
quality of the information from billing and accounting is also a major
concern. With this Special Issue, we open the door to encourage researchers
to discuss issues related to information integrity and security services
in the smart grid, particularly from the communication point of view to
construct energy, control, and information processing systems for the
smart grid. Any topic related to information integrity and security
services in the smart grid, particularly from the communications and
data management point of view, is to be considered. The topics include
but are not limited to:
ACM Transactions on Embedded Computing Systems, Special Issue on Embedded Platforms for Cryptography in the Coming Decade, First Quarter 2015, (Submission Due 1 July 2014)
Editor: Patrick Schaumont (Virginia Tech, USA),
Máire O'Neill (Queen's University Belfast, UK),
and Tim Güneysu (Ruhr University Bochum, Germany)
Cryptography has made great strides in capability and variety over the
past few years, enabling a broad range of new applications and extending
the reach of security deep into the embedded world. A few examples include
lightweight primitives that provide information security for a fraction of
the energy and cost of traditional primitives; lattice-based crypto-engines
that provide an alternative to public-key operations in a post-quantum-computing
world; cryptographic sponges that can be configured as universal crypto-kernels;
anonymous signatures that support electronic cash in portable, compact form
factors; and homomorphic primitives and zero-knowledge proofs that allow
privacy-friendly interaction of devices with the all-knowing cloud. These
novel forms of cryptography will drive the embedded information infrastructure,
and they will become a necessity to mix and merge our virtual life with our
real life in a trustworthy and scalable manner. However, this is not your
father's cryptography, and its efficient implementation needs new research
efforts. It is based on different mathematical structures, novel transformations
and data organizations, and in many cases its computational complexity is
significantly higher than that of traditional cryptographic operations.
For several primitives, such as for post-quantum cryptography and homomorphic
computing, the optimal implementation strategies are still an open area of
research. Furthermore, threats against these novel forms of cryptography,
such as side-channel analysis or fault injection, are unexplored. This
special issue of ACM Transactions on Embedded Computing Systems solicits
state-of-the-art research results and surveys in embedded system
engineering for these novel cryptographic primitives. The issue will cover
both hardware and software implementations for performance-optimized,
resource-constrained, energy-efficient platforms. Of special interest
are implementations that demonstrate novel applications for cryptographic
primitives. A few examples of topics of interest for the special issue
include:
MTD 2014 1st ACM Workshop on Moving Target Defense, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 1 July 2014)
The static nature of current computing systems has made them easy to attack and harder to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on the attacker by making systems dynamic and harder to predict. With a constantly changing system and its ever adapting attack surface, the attacker will have to deal with a great deal of uncertainty just like defenders do today. The ultimate goal is to level the cybersecurity playing field for defenders versus attackers. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving-target defense, and to have productive discussion and constructive debate on this topic. We solicit submissions on original research in the broad area of MTD, with possible topics such as those listed below. Since this is still a research area in a nascent stage, the list should only be used as a reference. We welcome all works that fall under the broad scope of moving target defense, including research that shows negative results. Topics include:
WISCS 2014 1st ACM Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 21st ACM Conference on Computer and Communications Security (ACM-CCS 2014), Scottsdale, Arizona, USA, November 3, 2014. (Submission Due 1 July 2014)
Sharing of security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach the automated sharing of observed security indicators (such as IP addresses, domain names etc.) provide valuable, actionable information to others. Through analyzing shared data it seems possible to get much better insights into emerging attacks. Sharing higher level intelligence about campaigns, threat actors and mitigations is also of great interest. Both in the US and the EU there are major efforts underway to strengthen information sharing. Yet there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data without getting overwhelmed by false positives? The first Workshop on Information Sharing and Collaborative Security (WISCS 2014) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to:
SKM 2014 International Conference on Secure Knowledge Management, BITS Pilani, Dubai, December 8-9, 2014. (Submission Due 10 July 2014)
The conference on Secure Knowledge Management will bring together researchers and practitioners from academia, industry and government to raise the awareness and share recent advances in knowledge management. The conference will provide a venue to discuss and develop the next set of challenges in knowledge management that needs to be tackled by the community. Topics of interest include, but are not limited to:
HST 2015 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA, April 14-16, 2015. (Submission Due 15 July 2014)
This symposium brings together innovators from leading academic, industry, business, Homeland Security Centers of Excellence, and government programs to provide a forum to discuss ideas, concepts, and experimental results. This year's event will once again showcase selected technical paper and posters highlighting emerging technologies in the areas of:
VizSec 2014 11th Visualization for Cyber Security, Paris, France, November 10, 2014. (Submission Due 1 August 2014)
The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations. We encourage the submission of papers on technologies and methods that promise to improve cyber security practices, including, but not limited to:
ACSW-AISC 2015 Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia, January 27-30, 2015. (Submission Due 18 August 2014)
AISC aims at promoting research on all aspects of information security and increasing communication between academic and industrial researchers working in this area. We seek submissions from academic and industrial researchers on all theoretical and practical aspects of information security. Suggested topics include, but are not restricted to: access control; anonymity and pseudonymity; cryptography and cryptographic protocols; database security; identity management and identity theft; intrusion detection and prevention; malicious software; network security; privacy enhancing technologies; and trust and risk.
BDSP 2014 1st IEEE International Workshop on Big Data Security and Privacy, Washington DC, USA, October 27-30, 2014. (Submission Due 30 August 2014)
Big Data is characterized by the integration of a significant amount of data, of varying modalities or types, at a pace that cannot be handled by traditional data management systems. This has sparked innovation in the collection, processing and storage of this data. The analytic systems built to leverage Big Data have yielded (and hold even greater promise to uncover) remarkable insights that enable a host of new applications that were not thought possible prior to the era of Big Data. However, with this capacity to contribute to and benefit the greater good comes the responsibility to protect the subjects referenced in the data sets. In this context, the old adage is correct - "With great power, comes great responsibility". Ultimately, the data subjects own the data and they stand to suffer most significantly from the data's compromise. Thus, there needs to be advances in techniques for 1) ingesting Big Data in a secure and privacy-preserving, 2) performing Big Data analysis in a secure environment and in a privacy-preserving manner, and 3) storing and enforcing retention policy securely (and in private modes) for Big Data systems. If these solutions are not in place, then the willingness of people to contribute their data to be included in a Big Data system decreases. Additionally, Big Data professionals need to perform risk analyses, as they relate to security and privacy, to get a realistic view of the safety of the landscape. There is a lot of work to be done in this emerging field. This workshop is a venue for researchers and practitioners to come together and tackle them in a supportive and stimulating environment.
IEEE Transactions on Emerging Topics in Computing, Emerging topics in Cyber Security, 2015, (Submission Due 1 September 2014)
Editor: Giorgio Di Natale (LIRMM, France)
and Stefano Zanero (Politecnico di Milano, Italy)
Cyber Security is a topic which is getting a very high level of attention from researchers,
decision makers, policy makers and from the general public. The value of digital
information is growing dramatically. Physical systems coupled with computing
devices (so-called cyber-physical systems) carry out functions that are fundamental
for our society. Protecting these emerging critical digital infrastructures is an
increasingly relevant objective from a military and political point of view. For
this reason, the IEEE Transactions on Emerging Topics in Computing (TETC) seek
original manuscripts for a Special Issue on Emerging Topics in Cyber Security,
scheduled to appear in the first issue of 2015. TETC is the newest Transactions
of the IEEE Computer Society, and it uses an Open Access model exclusively.
Papers may present advances in the theory, design, implementation, analysis,
verification, or empirical evaluation and measurement of cyber security
systems, to deal with emerging computing technologies and applications.
Given the the peculiar nature of TETC, we are seeking in particular papers
that are more "far-reaching" than is usual for journal submissions, as long
as they show promise for opening up new areas of study, or questioning
long-held beliefs and tenets of the cybersecurity field.
IEEE Transactions on Dependable and Secure Computing, Special Issue on Cyber Crime, 2015, (Submission Due 1 October 2014)
Editor: Wojciech Mazurczyk (Warsaw University of Technology, Poland),
Thomas J. Holt (School of Criminal Justice, Michigan State University, USA)
and Krzysztof Szczypiorski (Warsaw University of Technology, Poland)
Cyber crimes reflect the evolution of criminal practices that have adapted to
the world of information and communication technologies. Cybercriminality has
become a curse of the modern world with the potential to affect every one
nationally and/or internationally. Individuals, companies, governments and
institutions may become victims as well as (involuntary) helpers of cyber
criminals. The inability to provide cyber-security can potentially have a
tremendous socio-economic impact on global enterprises as well as individuals.
The aim of this special issue is to bring together the research
accomplishments provided by the researchers from academia and the industry.
The other goal is to show the latest research results in the field of cyber
crime. Prospective authors will be encouraged to submit related distinguished
research papers on the subject of both: theoretical approaches and practical
case reviews. Topics of interest include, but are not limited to:
Staying in touch....
Changing your email address? Please send updates to cipher@ieee-security.org
IEEE Computer Society's Technical Committee on Security and Privacy
TC home page | TC Officers | |
How to join the TCSP | TC publications available online | |
TC Publications for sale | Cipher past issues archive | |
IEEE Computer Society | Cipher Privacy Policy |