_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 123 November 23, 2014 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "The Art of Memory Forensics: Detecting malware and threats in Windows, Linux, and Mac Memory" by Michael Ligh, Andrew Case, Jamie Levy and Aaron Walters o News items from the media - Can China flip the the US power switch to "off"? - Russian-developed code exploits Windows to target Ukrainians - The group "Axiom" show remarkable sophistication in cyberespionage - Creepy new "cookies" reveal your real identity to websites - A bad day for the Dark Web - Encrypt all traffic, recommends the Internet Architecture Board - NSA data center to be up a dry crick? o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: In some ways the Internet seems a safer place than in its tumultuous youth in the 1990s, but we have also seen massive erosions of privacy, and attacks against high value assets are increasing in number and sophistication. This issue of Cipher mentions several news articles about recent attacks, including a dire prediction from the head of the US CyberCommand warning that our power grid could be shut off by foreign actors. We are like a complex molecule whose internal bonds are shortening. In this world of unnerving digital attacks, we need all the tools we can to understand what is transpiring in our computers. Richard Austin has chosen to review a new book that helps analysts find malware that hides in active memory. This is a particularly challenging task, and the book covers the subject in depth. One of the events listed in our calendar is for the GREPSEC workshop for underrepresented groups in computer security research. This invitational, small event is crafted for early stage graduate students who want to know more about research areas related to security. Given the number computer security problems that we face, expanded participation in the field is essential. Applications will be accepted in January. Recently the Internet Architecture Board (IAB) issued a statement recommending that almost all Internet traffic be encrypted in order to fight "pervasive surveillance". Certainly this would hamper some of the attacks against confidentiality that have been revealed in recent years, but I find it disappointing that the statement does not call for stronger measures, particularly for end-to-end encryption. The IAB has long tried to balance operational ease against security, and the result is a hodge-podge of weak recommendations on a protocol-by-protocol basis. The IAB now seeks to "restore the trust users must have in the Internet". This laudable goal requires fundamental changes to the design and deployment of protocols and end user software. We should all strive to participate in this change. Oddly enough, Cipher is not encrypted, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ----------------------------------------- The head of the US Cyber Command makes an astonishing claim about the vulnerability of the nation's power grid. Govt: China could take down U.S. power grid Jamie Crawford CNN.COM November 20, 2014 http://www.cnn.com/2014/11/20/politics/nsa-china-power-grid/index.html?hpt=hp_t2 ----------------------------------------- This report is about an apparent attack using code developed in Russia to steal documents from computers in the Ukraine. The attack was launched from a "malware laced Powerpoint attachment," inspiring Microsoft to issue a patch. Russian hackers exploit Windows to spy on West CNNMoney Jose Pagliery October 14, 2014 http://money.cnn.com/2014/10/14/technology/security/russia-hackers/index.html?hpt=hp_t2 ----------------------------------------- The FBI has warned some companies that a Chinese group "Axiom" is applying sophsiticated resources to spying on US firms. Its hallmark is its "patient" approach to infiltrating and exfiltrating. FBI warns industry of Chinese cyber campaign Ellen Nakashima and Ashkan Soltani The Washington Post October 15, 2014 http://www.washingtonpost.com/world/national-security/fbi-warns-industry-of-chinese-cyber-campaign/2014/10/15/0349a00a-54b0-11e4-ba4b-f6333e2c0453_story.html ------------ Another report on "Axiom" says that their activities include hacking personal management agencies for the purpose of identifying individuals for more intense targeting. Their tookit, "Hikit", has an "advanced playbook". Researchers identify sophisticated Chinese cyberespionage group Ellen Nakashima The Washington Post October 28, 2014 http://www.washingtonpost.com/world/national-security/researchers-identify-sophisticated-chinese-cyberespionage-group/2014/10/27/de30bc9a-5e00-11e4-8b9e-2ccdac31a031_story.html ----------------------------------------- It seems that some wireless carriers are adding extra identifying information to their customer's web requests. The information can be used to tie the web request to the identity of the customer (NB: AT&T has since said they've stopped the practice). Verizon, AT&T tracking their users with "supercookies" Craig Timberg The Washington Post November 3, 2014 http://www.washingtonpost.com/business/technology/verizon-atandt-tracking-their-users-with-super-cookies/2014/11/03/7bbbf382-6395-11e4-bb14-4cfea1e742d5_story.html -------------- Can you escape supercookies? This article says "maybe". How to Block Supercookies: Verizon, AT&T Mobile Tracking Eric Hal Schwartz InTheCapital November 4, 2014 http://inthecapital.streetwise.co/2014/11/04/verizon-att-supercookie-block-tracking/ ----------------------------- AT&T nixes supercookies AT&T Quietly Backs Away From Its Use of Sneaky Super Cookies https://www.techdirt.com/blog/wireless/articles/20141117/13043829173/att-quietly-backs-away-its-use-sneaky-super-cookies.shtml ----------------------------- It was a black day for 400 black market Internet sites when law enforcement agencies shut them down. Though shielded by the anonymous network Tor, the Dark Web found itself transparent to officials. Did government agencies infiltrate Tor? Authorities worldwide strike Internet's black market Craig Timberg and Ellen Nakashima The Washington Post November 7, 2014 http://www.washingtonpost.com/business/technology/2014/11/07/8cac8ef0-66b9-11e4-bb14-4cfea1e742d5_story.html ----------------------------- Can trust be restored to the Internet? The IAB has overseen development of Internet protocols for decades, and they now are moved to recommend that all traffic be encrypted. Internet Architecture Board statement on Internet confidentiality November 14, 2014 https://www.iab.org/2014/11/14/iab-statement-on-internet-confidentiality/ An elaboration on the dangers of traffic surveillance in this "Best Current Practice" document from the IETF: Pervasive Monitoring Is an Attack May, 2014 https://tools.ietf.org/html/rfc7258 ----------------------------- The repository for all the data that NSA collects from the Internet might well be hidden in plain sight in Bluffdale, Utah. The cooling systems for the myriad of storage devices might be shut off if some Utah lawmakers have their way. Shutting off NSA's water gains support in Utah Legislature Nate Carlisle The Salt Lake Tribune November 19, 2014 http://www.sltrib.com/news/1845843-155/bill-roberts-committee-utah-agency-data ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin November 16, 2014 ____________________________________________________________________ The Art of Memory Forensics: Detecting malware and threats in Windows, Linux, and Mac Memory by Michael Ligh, Andrew Case, Jamie Levy and Aaron Walters Wiley 2014. ISBN 978-1-118-82509-9 Table of Contents: http://downloads.artofmemoryforensics.com/AMF_TableOfContents.pdf Book web site: http://www.memoryanalysis.net/#!amf/cmg5 Digital forensics pits criminals, who have a vested interest in concealing their activities, against investigators and incident responders who have an equally pressing interest in ferreting them out. The desire-to-conceal has led to tactics such as memory-only malware (never written to disk) and the infamous root-kits that hide in plain sight. These techniques present challenges to the classical forensic practice of analyzing hard drive images as much valuable information may not leave traces on durable storage. Kernel developers and operating system support engineers know that memory analysis is beneficial, but the learning curve to make effective use of tools for this purpose is a very steep one. That barrier has hindered both incident responders and forensic practitioners from exploiting the wealth of information available in a memory image (the authors point out that one does not really acquire an image of memory from a running system but rather a sample of its constantly changing contents). The Open Source Volatility project produces tools that significantly flatten this learning curve. This book is the documentation for the tools. Written by core developers of Volatility, the book's 800+ pages are organized into four parts: an introduction to memory forensics followed by three sections that focus on the practice of memory forensics on a specific platform (Windows, Linux or Mac). A book on memory forensics faces a significant challenge in "front-loading" the reader with enough knowledge of hardware and system architecture to be able to follow the discussion. The authors take a middle ground in providing a brief introductory review of relevant concepts that will jog the memory of technical professionals without boring the kernel developer to tears. Chapter 4, "Memory Acquisition", is an excellent overview of the process and challenges of acquiring memory. This is highly relevant to forensic practitioners as they must be able to address questions of evidentiary authenticity and integrity in a legal setting. However, I must admit I was surprised to read (p, 76) that "Cache Coherency" was concerned with flags in page table entries rather than assuring a consistent view of memory regardless of multiple, independent caches (c.f., "Cache Coherence in Large-Scale Shared-Memory Multiprocessors: Issues and Comparisons" by Lija - ACM Computing Surveys, September, 1993). The real meat of the book is in the platform-specific sections and they are excellent. Be prepared for a deep dive into system structures and their relevance to forensic tasks such as hunting malware and detecting rootkits. The authors showcase their deep expertise through clear illustrations and well-organized explanations of why particular commands are used and how their output fits into performing the overall analysis task. This sets the book apart from so many others that are basically lists of commands and illustrations of their output. This is very much a learn-by-doing book, and before proceeding further, readers will want to install Volatility (easy-to-follow instructions in Chapter 3) and download the example memory images from the book's website at http://www.memoryanalysis.net/#!amf/cmg5 Chapter 18, "Timelining", is especially important. Digital forensics is usually focused on creating an explanatory narrative based on artifacts and their relationships (some have likened its practice to that of archaeology). A very useful technique in creating such a narrative is the timeline - how events/artifacts relate to one another over time. Using a Gh0st-RAT infection as an example, the authors explain the challenges and process of timelining and its effectiveness in reconstructing an incident. Even though this chapter is in the Windows section, I recommend it regardless of your platform interest. The book is notable for its coverage of memory forensics on the Linux and Mac platforms. As these platforms have increased in market share, their target profile has risen in the estimation of our adversaries. Though these sections are somewhat shorter than the Windows section, their content is sufficient to jumpstart the reader in performing memory forensics on those platforms. This book is an excellent introduction to memory forensics using the Volatility framework and is a recommended read for the incident responder and forensic practitioner. Though the subject is highly technical and may be new to many readers, the authors' well-organized presentation, clear explanations and many examples will repay study by adding a significant new tool to your repertoire. ------------------------------------- It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin (http://cse.spsu.edu/raustin2) fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html New since Cipher E122: Posted November 2014 Department of Informatics, University at Albany - SUNY Albany, NY Assistant Professor in Cyber Security Open until filled http://goo.gl/eU9nj0 -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 11/21/14: DAC-Security Track, Design Automation Conference, San Francisco, CA, USA; https://dac.com/submission-categories/hardware-and-software-security; Submissions are due 11/22/14: PETS, 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA; https://www.petsymposium.org/2015/; Submissions are due 11/23/14-11/27/14: IWSAC 2014 2nd International Workshop on Security Assurance in the Cloud, Held in conjunction with the 10th International Conference on Signal Image Technology & Internet Based Systems (SITIS 2014), Marrakech, Morocco; http://sesar.di.unimi.it/IWSAC2014 12/ 2/14: NDSS-USEC, NDSS Workshop on Usable Security, San Diego, California, USA; http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers; Submissions are due 12/ 7/14: SPA, International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2015, San Antonio, TX, USA; http://capex.cs.uh.edu/?q=secanalysis2015; Submissions are due 12/ 8/14-12/ 9/14: SKM, International Conference on Secure Knowledge Management, BITS Pilani, Dubai; http://www.bits-dubai.ac.ae/skm2014/index.html 12/ 9/14: PPREW, 4th Program Protection and Reverse Engineering Workshop, Co-Located with the Annual Computer Security Applications Conference (ACSAC 2014), New Orleans, LA, USA; http://www.pprew.org 12/12/14: International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks; http://www.hindawi.com/journals/ijdsn/si/125478/cfp/; Submissions are due 12/14/14: ISPEC, 11th International Conference on Information Security Practice and Experience, Beijing, China; http://icsd.i2r.a-star.edu.sg/ispec2015/; Submissions are due 12/28/14: CPSS, 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore; http://icsd.i2r.a-star.edu.sg/cpss15; Submissions are due 1/ 7/15: IoTPTS, Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore; https://sites.google.com/site/iotpts/; Submissions are due 1/12/15: W2SP, Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://ieee-security.org/TC/SPW2015/W2SP/cfp.html; Submissions are due 1/16/15: ACNS, 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA; http://acns2015.cs.columbia.edu/; Submissions are due 1/19/15- 1/21/15: CS2, 2nd Workshop on Cryptography and Security in Computing Systems, Co-located with HiPEAC 2015 Conference, Amsterdam, The Netherlands; http://www.cs2.deib.polimi.it 1/20/15: GenoPri, 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://www.genopri.org/; Submissions are due 1/23/15: IWPE, 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://ieee-security.org/TC/SPW2015/IWPE/; Submissions are due 1/26/15- 1/28/15: IFIP119-DF, 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, USA; http://www.ifip119.org 1/27/15- 1/30/15: ACSW-AISC, Australasian Information Security Conference, Held as part of Australasian Computer Science Week, Sydney, Australia; http://homepages.ecs.vuw.ac.nz/Users/Ian/ACSW_AISC2015 1/30/15: WEARABLE-S&P, 1st Workshop on Wearable Security and Privacy, Held in conjunction with Financial Crypto (FC 2015), Isla Verde, Puerto Rico; http://sensible.berkeley.edu/WEARABLE-S&P15/ 1/30/15: CAV, 27th International Conference on Computer Aided Verification, San Francisco, California, USA; http://i-cav.org/2015/; Submissions are due 2/ 8/15: NDSS-USEC, NDSS Workshop on Usable Security, San Diego, California, USA; http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers 2/ 9/15- 2/11/15: ICISSP, 1st International Conference on Information Systems Security and Privacy, ESEO, Angers, Loire Valley, France; http://www.icissp.org/ 2/10/15: WiSec, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA; http://www.sigsac.org/wisec/WiSec2015/; Submissions are due 2/15/15: PETS, 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA; https://www.petsymposium.org/2015/; Submissions are due 2/16/15: LangSec, 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://spw15.langsec.org/index.html; Submissions are due 2/16/15: USENIX-Security, 24th USENIX Security Symposium, Washington, D.C., USA; https://www.usenix.org/conference/usenixsecurity15; Submissions are due 2/17/15: RFIDSec, 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA; http://rfidsec2015.iaik.tugraz.at/; Submissions are due 3/ 2/15- 3/ 4/15: CODASPY, 5th ACM Conference on Data and Application Security and Privacy, San Antonio, Texas, USA; http://www.codaspy.org/ 3/ 2/15- 3/ 4/15: SPA, International Workshop on Security and Privacy Analytics Co-located with ACM CODASPY 2015, San Antonio, TX, USA; http://capex.cs.uh.edu/?q=secanalysis2015 3/ 3/15: SECRYPT, 12th International Conference on Security and Cryptography, Colmar, Alsace, France; http://www.secrypt.icete.org; Submissions are due 3/ 4/15- 3/ 6/15: ESSoS, 6th International Symposium on Engineering Secure Software and Systems, Milan, Italy; https://distrinet.cs.kuleuven.be/events/essos/2015/calls-papers.html 4/14/15: IoTPTS, Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore; https://sites.google.com/site/iotpts/ 4/14/15: CPSS, 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore; http://icsd.i2r.a-star.edu.sg/cpss15 4/14/15- 4/16/15: HST, 14th annual IEEE Symposium on Technologies for Homeland Security, Boston, Massachusetts, USA; http://ieee-hst.org/ 4/14/15- 4/17/15: ASIACCS, 10th ACM Symposium on Information, Computer and Communications Security, Singapore; http://icsd.i2r.a-star.edu.sg/asiaccs15 5/ 5/15- 5/ 7/15: HOST, IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC Metro Area, USA; http://www.hostsymposium.org 5/ 5/15- 5/ 8/15: ISPEC, 11th International Conference on Information Security Practice and Experience, Beijing, China; http://icsd.i2r.a-star.edu.sg/ispec2015/ 5/16/15- 5/17/15 GREPSEC, Second Workshop for Underrepresented Groups in Computer Security Research applications to be accepted January http://www.ieee-security.org/grepsec 5/18/15- 5/20/15: S&P, 36th IEEE Symposium on Security and Privacy, San Jose, CA, USA; http://www.ieee-security.org/TC/SP2015/ 5/21/15: W2SP, Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://ieee-security.org/TC/SPW2015/W2SP/cfp.html 5/21/15: GenoPri, 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://www.genopri.org/ 5/21/15: IWPE, 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://ieee-security.org/TC/SPW2015/IWPE/ 5/21/15: LangSec, 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA; http://spw15.langsec.org/index.html 6/ 2/15- 6/ 5/15: ACNS, 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA; http://acns2015.cs.columbia.edu/ 6/ 7/15- 6/11/15: DAC-Security Track, Design Automation Conference, San Francisco, CA, USA; https://dac.com/submission-categories/hardware-and-software-security 6/22/15- 6/26/15: WiSec, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA; http://www.sigsac.org/wisec/WiSec2015/ 6/22/15- 6/23/15: RFIDSec, 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA; http://rfidsec2015.iaik.tugraz.at/ 6/30/15- 7/ 2/15: PETS, 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA; https://www.petsymposium.org/2015/ 7/18/15- 7/24/15: CAV, 27th International Conference on Computer Aided Verification, San Francisco, California, USA; http://i-cav.org/2015/ 7/20/15- 7/22/15: SECRYPT, 12th International Conference on Security and Cryptography, Colmar, Alsace, France; http://www.secrypt.icete.org 8/12/15- 8/14/15: USENIX-Security, 24th USENIX Security Symposium, Washington, D.C., USA; https://www.usenix.org/conference/usenixsecurity15 ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E122) ___________________________________________________________________ DAC-Security Track 2015 Design Automation Conference, San Francisco, CA, USA, June 7-11, 2015. (Submission Due 21 November 2014) https://dac.com/submission-categories/hardware-and-software-security Security primitives and protocols are typically built upon the notion of a "secret" key or code stored in a protected place. A common presumption in software, data, and systems security is that as long as the secret is in the hardware, their method is invulnerable to attacks and exploits. However this is not true. These systems are vulnerable to a variety of hardware-centric attacks: side channel analysis, reverse engineering, IP piracy, hardware Trojans and counterfeiting. Furthermore, a host of hardware-based threats are emerging due to the globalization of Integrated Circuit (IC) and embedded system design. Consequently, designers and users of ICs, Intellectual Property (IP) and embedded systems are beginning to re-assess their trust in these systems. Overall, there is an urgent need to create, analyze, evaluate, and improve the hardware base of the contemporary security solutions. The Security Track at DAC seeks to highlight and celebrate the emergence of security and trust as an important dimension of Hardware and Embedded Systems Design (side-by-side with power, performance, and reliability). ------------------------------------------------------------------------- PETS 2015 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA, June 30 - July 2, 2015. (Submission Due 22 November 2014 or 15 February 2015) https://www.petsymposium.org/2015/ The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy and anonymity experts from around the world to discuss recent advances and new perspectives. PETS addresses the design and realization of privacy services for the Internet and other data systems and communication networks. Papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions in a number of both well-established and some emerging privacy-related topics. *** New starting this year ***: Papers will undergo a journal-style reviewing process and be published in the Proceedings on Privacy Enhancing Technologies (PoPETs). PoPETs, a scholarly journal for timely research papers on privacy, has been established as a way to improve reviewing and publication quality while retaining the highly successful PETS community event. PoPETs will be published by De Gruyter Open (http://degruyteropen.com/), the world's second largest publisher of Open Access academic content, and part of the De Gruyter group (http://www.degruyter.com/), which has over 260 years of publishing history. Authors can submit papers to one of several submission deadlines during the year. Papers are provided with major/minor revision decisions on a predictable schedule, where we endeavor to assign the same reviewers to major revisions. Authors can address the concerns of reviewers in their revision and rebut reviewer comments before a final decision on acceptance is made. Papers accepted for publication by May 15th will be presented at that year's symposium. Note that accepted papers must be presented at PETS. Suggested topics include but are not restricted to: - Behavioural targeting - Building and deploying privacy-enhancing systems - Crowdsourcing for privacy - Cryptographic tools for privacy - Data protection technologies - Differential privacy - Economics of privacy and game-theoretical approaches to privacy - Forensics and privacy - Human factors, usability and user-centered design for PETs - Information leakage, data correlation and generic attacks to privacy - Interdisciplinary research connecting privacy to economics, law, ethnography, psychology, medicine, biotechnology - Location and mobility privacy - Measuring and quantifying privacy - Obfuscation-based privacy - Policy languages and tools for privacy - Privacy and human rights - Privacy in ubiquitous computing and mobile devices - Privacy in cloud and big-data applications - Privacy in social networks and microblogging systems - Privacy-enhanced access control, authentication, and identity management - Profiling and data mining - Reliability, robustness, and abuse prevention in privacy systems - Surveillance - Systems for anonymous communications and censorship resistance - Traffic analysis - Transparency enhancing tools ------------------------------------------------------------------------- NDSS-USEC 2015 NDSS Workshop on Usable Security, San Diego, California, USA, February 8, 2015. (Submission Due 2 December 2014) http://www.internetsociety.org/events/ndss-symposium-2015/usec-workshop-call-papers The Workshop on Usable Security invites submissions on all aspects of human factors and usability in the context of security and privacy. USEC 2015 aims to bring together researchers already engaged in this interdisciplinary effort with other computer science researchers in areas such as visualization, artificial intelligence and theoretical computer science as well as researchers from other domains such as economics or psychology. We particularly encourage collaborative research from authors in multiple fields. Topics include, but are not limited to: - Evaluation of usability issues of existing security and privacy models or technology - Design and evaluation of new security and privacy models or technology - Impact of organizational policy or procurement decisions - Lessons learned from designing, deploying, managing or evaluating security and privacy technologies - Foundations of usable security and privacy - Methodology for usable security and privacy research - Ethical, psychological, sociological and economic aspects of security and privacy technologies ------------------------------------------------------------------------- SPA 2015 International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2015, San Antonio, TX, USA, March 2-4, 2015. (Submission Due 7 December 2014) http://capex.cs.uh.edu/?q=secanalysis2015 Increasingly, sophisticated techniques from machine learning, data mining, statistics and natural language processing are being applied to challenges in security and privacy fields. However, experts from these areas have no medium where they can meet and exchange ideas so that strong collaborations can emerge, and cross-fertilization of these areas can occur. Moreover, current courses and curricula in security do not sufficiently emphasize background in these areas and students in security and privacy are not emerging with deep knowledge of these topics. Hence, we propose a workshop that will address the research and development efforts in which analytical techniques from machine learning, data mining, natural language processing and statistics are applied to solve security and privacy challenges ("security analytics"). Submissions of papers related to methodology, design, techniques and new directions for security and privacy that make significant use of machine learning, data mining, statistics or natural language processing are welcome. Furthermore, submissions on educational topics and systems in the field of security analytics are also highly encouraged. The workshop will focus on, but not limited to, the following areas: - Natural Language Processing for security/privacy - Data Mining techniques for security/privacy - Machine learning for security/privacy - Statistics for security/privacy - Inference Control - Privacy-preserving data mining - Security of machine learning - Security of data mining - Security of natural language processing - Case studies - Educational topics and courses ------------------------------------------------------------------------- International Journal of Distributed Sensor Networks, Special Issue on Intrusion Detection and Security Mechanisms for Wireless Sensor Networks, May 2015, (Submission Due 12 December 2014) http://www.hindawi.com/journals/ijdsn/si/125478/cfp/ Editor: S. Khan (Kohat University of Science and Technology, Pakistan), Jaime Lloret Mauri (Polytechnic University of Valencia, Spain), and Sandra Sendra (Universidade da Beira Interior, Covilh, Portugal) Wireless sensor networks are gaining significant interest from academia and industry. Wireless sensor networks are multihop, self-organizing, self-healing, and distributed in nature. These characteristics also increase vulnerability and expose sensor networks to various kinds of security attacks. Advanced security mechanisms and intrusion detection systems (IDSs) can play an important role in detecting and preventing security attacks. This special issue aims to gather recent advances in the area of security aspect of wireless sensor networks. Research and review articles that focus on the challenges and the state-of-the-art solutions are welcomed. The papers will be peer reviewed and will be selected on the basis of their quality and relevance to the topic of this special issue. Potential topics include, but are not limited to: - Intrusion detection systems - Secure neighbor discovery, localization, and mobility - Security architectures, deployments, and solutions - Denial of service attacks and countermeasures - Intrusion prevention techniques - Adaptive defense systems - Trust establishment and privacy - Confidentiality, integrity, and availability assurance - Authentication and access control - Secure routing protocols - Cryptography, encryption algorithms, and key management schemes - Experimental validation and experiences with testbed and/or deployment ------------------------------------------------------------------------- ISPEC 2015 11th International Conference on Information Security Practice and Experience, Beijing, China, May 5-8, 2014. (Submission Due 14 December 2014) http://icsd.i2r.a-star.edu.sg/ispec2015/ ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Conference Topics include: - Access control - Network security - Applied cryptography - Privacy and anonymity - Availability, resilience, and usability - Risk evaluation and security certification - Big data and Cloud security - Security for cyber-physical systems - Cryptanalysis - Security of smart cards and RFID systems - Embedded system security - Security policy - Database security - Security protocols - Digital Forensics - Security systems - Digital rights management - Smart Grid Security - Information security in vertical applications - Smartphone Security - Intrusion detection - Trust model and management - Multimedia security - Trusted computing ------------------------------------------------------------------------- CPSS 2015 1st Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2015, Singapore, April 14, 2015. (Submission Due 28 December 2014) http://icsd.i2r.a-star.edu.sg/cpss15 Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to: - Adaptive attack mitigation for CPS - Authentication and access control for CPS - Availability, recovery and auditing for CPS - Data security and privacy for CPS - Embedded systems security - EV charging system security - Intrusion detection for CPS - Key management in CPS - Legacy CPS system protection - Lightweight crypto and security - SCADA security - Security of industrial control systems - Smart grid security - Threat modeling for CPS - Urban transportation system security - Vulnerability analysis for CPS - Wireless sensor network security ------------------------------------------------------------------------- IoTPTS 2015 Workshop on IoT Privacy, Trust, and Security, Held in conjunction with ASIACCS 2015, Singapore, April 14, 2015. (Submission Due 7 January 2015) https://sites.google.com/site/iotpts/ The Internet of Things (IoT) is the next great technology frontier. At a basic level, IoT refers simply to networked devices, but the IoT vision is a complex ecosystem that ranges from cloud backend services and big-data analytics to home, public, industrial, and wearable sensor devices and appliances. Architectures for these systems are in the formative stages, and now is the time to ensure privacy, trust, and security are designed into these systems from the beginning. We encourage submissions on all aspects of IoT privacy, trust, and security. Topic of interest include (but are not limited) to the following areas: - Privacy and IoT data - Privacy attacks for IoT - Trust management and device discoverability for IoT - Usability of privacy and security systems in IoT - User risk perceptions and modeling for IoT - Policy Management and enforcement for IoT - Authentication and access control for users for IoT - Cryptography for IoT - Attack detection and remediation for IoT - Security architectures for IoT systems and applications ------------------------------------------------------------------------- W2SP 2015 Web 2.0 Security and Privacy Workshop, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 12 January 2015) http://ieee-security.org/TC/SPW2015/W2SP/cfp.html W2SP brings together researchers, practitioners, web programmers, policy makers, and others interested in the latest understanding and advances in the security and privacy of the web, browsers, cloud, mobile and their eco-system. We have had eight years of successful W2SP workshops. The scope of W2SP 2015 includes, but is not limited to: - Analysis of Web, Cloud and Mobile Vulnerabilities - Forensic Analysis of Web, Cloud and Mobile Systems - Security Analysis of Web, Cloud and Mobile Systems - Advances in Penetration Testing - Advances in (SQL/code) Injection Attacks - Trustworthy Cloud-based, Web and Mobile services - Privacy and Reputation in Web (e.g. Social Networks), Cloud, Mobile Systems - Security and Privacy as a Service - Usable Security and Privacy - Security and Privacy Solutions for the Web, Cloud and Mobile - Identity Management, Pseudonymity and Anonymity - Security/Privacy Web Services/Feeds/Mashups - Provenance and Governance - Security and Privacy Policy Management for the Web, Cloud and Mobile - Next-Generation Web/Mobile Browser Technology - Security/Privacy Extensions and Plug-ins - Online Privacy and Security frameworks - Advertisement and Affiliate fraud - Studies on Understanding Web/Cloud/Mobile Security and Privacy - Technical Solutions for Security and Privacy legislation - Solutions for connecting the Business, Legal, Technical and Social aspects on Web/Cloud/Mobile Security and Privacy - Technologies merging Economics with Security/Privacy - Innovative Security/Privacy Solutions for Industry Verticals - Formal methods in Security ------------------------------------------------------------------------- ACNS 2015 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA, June 2-5, 2015. (Submission Due 16 January 2015) http://acns2015.cs.columbia.edu/ The 13th International Conference on Applied Cryptography and Network Security (ACNS 2015) seeks submissions presenting novel research on all technical aspects of applied cryptography, network and computer security, and privacy. This includes submissions on traditional cryptography and security areas (e.g., symmetric or public key cryptography, network security, privacy and anonymity), emerging areas (e.g., security and privacy for big data, outsourced computation, or digital currency), and new paradigms or non-traditional perspectives. Submissions may focus on new visions, definitions, security and privacy metrics, provably secure protocols, impossibility results, attacks, industrial challenges, case studies, experimental reports related to implementation and deployment of real-world systems or policies, or any other original research advancing the state of the art. ------------------------------------------------------------------------- GenoPri 2015 2nd International Workshop on Genome Privacy and Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 20 January 2015) http://www.genopri.org/ Over the past several decades, genome sequencing technologies have evolved from slow and expensive systems that were limited in access to a select few scientists and forensics investigators to high-throughput, relatively low-cost tools that are available to consumers. A consequence of such technical progress is that genomics has become one of the next major challenges for privacy and security because (1) genetic diseases can be unveiled, (2) the propensity to develop specific diseases (such as Alzheimer's) can be revealed, (3) a volunteer, accepting to have his genomic code made public, can leak substantial information about his ethnic heritage and the genomic data of his relatives (possibly against their will), and (4) complex privacy issues can arise if DNA analysis is used for criminal investigations and medical purposes. As genomics is increasingly integrated into healthcare and "recreational" services (e.g., ancestry testing), the risk of DNA data leakage is serious for both individuals and their relatives. Failure to adequately protect such information could lead to a serious backlash, impeding genomic research, that could affect the well-being of our society as a whole. This prompts the need for research and innovation in all aspects of genome privacy and security, as suggested by the non-exhaustive list of topics below: - Privacy-preserving analysis of and computation on genomic data - Security and privacy metrics for the leakage of genomic data - Cross-layer attacks to genome privacy - Access control for genomic data - Differentiated access rights for medical professionals - Quantification of genome privacy - De-anonymization attacks against genomic databases - Efficient cryptographic techniques for enhancing security/privacy of genomic data - Privacy enhancing technologies for genomic data - Implications of synthetic DNA for privacy - Applications of differential privacy to the protection of genomic data - Storage and long-term safety of genomic data - Secure sharing of genomic data between different entities - Trust in genomic research and applications - Social and economic issues for genome privacy and security - Ethical and legal issues in genomics - Studies of policy efforts in genomics - User studies and perceptions - Social and economic issues for genome privacy - Studies of issues and challenges with informed consent - Privacy issues in transcriptomics and proteomics - Systematization-of-knowledge of genome privacy and security research ------------------------------------------------------------------------- IWPE 2015 1st International Workshop on Privacy Engineering, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 23 January 2015) http://ieee-security.org/TC/SPW2015/IWPE/ Ongoing news reports regarding global surveillance programs, massive personal data breaches in corporate databases, and notorious examples of personal tragedies due to privacy violations have intensified societal demands for privacy-friendly systems. In response, current legislative and standardization processes worldwide aim to strengthen individual's privacy by introducing legal and organizational frameworks that personal data collectors and processors must follow. However, in practice, these initiatives alone are not enough to guarantee that organizations and software developers will be able to identify and adopt appropriate privacy engineering techniques in their daily practices. Even if so, it is difficult to systematically evaluate whether the systems they develop using such techniques comply with legal frameworks, provide necessary technical assurances, and fulfill users' privacy requirements. It is evident that research is needed in developing techniques that can aid the translation of legal and normative concepts, as well as user expectations into systems requirements. Furthermore, methods that can support organizations and engineers in developing (socio-)technical systems that address these requirements is of increasing value to respond to the existing societal challenges associated with privacy. While there is a consensus on the benefits of an engineering approach to privacy, concrete proposals for processes, models, methodologies, techniques and tools that support engineers and organizations in this endeavor are few and in need of immediate attention. To cover this gap, the topics of the International Workshop on Privacy Engineering (IWPE'15) focus on all the aspects surrounding privacy engineering, ranging from its theoretical foundations, engineering approaches, and support infrastructures, to its practical application in projects of different scale. IWPE'15 welcomes papers that focus on novel solutions on the recent developments in the general area of privacy engineering. Topics of interests include, but are not limited to: - Integration of law and policy compliance into the development process - Privacy impact assessment - Privacy risk management models - Privacy breach recovery Methods - Technical standards, heuristics and best practices for privacy engineering - Privacy engineering in technical standards - Privacy requirements elicitation and analysis methods - User privacy and data protection requirements - Management of privacy requirements with other system requirements - Privacy requirements operationalization - Privacy engineering strategies and design patterns - Privacy architectures - Privacy engineering and databases - Privacy engineering in the context of interaction design and usability - Privacy testing and evaluation methods - Validation and verification of privacy requirements - Engineering Privacy Enhancing Technologies - Models and approaches for the verification of privacy properties - Tools supporting privacy engineering - Teaching and training privacy engineering - Adaptations of privacy engineering into specific software development processes - Pilots and real-world applications - Privacy engineering and accountability - Organizational, legal, political and economic aspects of privacy engineering ------------------------------------------------------------------------- CAV 2015 27th International Conference on Computer Aided Verification, San Francisco, California, USA, July 18-24 2015. (Submission Due 30 January 2015) http://i-cav.org/2015/ CAV 2015 is the 27th in a series dedicated to the advancement of the theory and practice of computer-aided formal analysis methods for hardware and software systems. CAV considers it vital to continue spurring advances in hardware and software verification while expanding to new domains such as biological systems and computer security. The conference covers the spectrum from theoretical results to concrete applications, with an emphasis on practical verification tools and the algorithms and techniques that are needed for their implementation. The proceedings of the conference will be published in the Springer LNCS series. A selection of papers will be invited to a special issue of Formal Methods in System Design and the Journal of the ACM. Topics of interest include but are not limited to: - Algorithms and tools for verifying models and implementations - Hardware verification techniques - Deductive, compositional, and abstraction techniques for verification - Program analysis and software verification - Verification methods for parallel and concurrent hardware/software systems - Testing and run-time analysis based on verification technology - Applications and case studies in verification - Decision procedures and solvers for verification - Mathematical and logical foundations of practical verification tools - Verification in industrial practice - Algorithms and tools for system synthesis - Hybrid systems and embedded systems verification - Verification techniques for security - Formal models and methods for biological systems ------------------------------------------------------------------------- WiSec 2015 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA, June 22-26, 2015. (Submission Due 10 February 2015) http://www.sigsac.org/wisec/WiSec2015/ ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the security and privacy of mobile software platforms, usable security and privacy, biometrics, cryptography, and the increasingly diverse range of mobile or wireless applications such as Internet of Things, and Cyber-Physical Systems. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to: - Mobile malware and platform security - Security & Privacy for Smart Devices (e.g., Smartphones) - Wireless and mobile privacy and anonymity - Secure localization and location privacy - Cellular network fraud and security - Jamming attacks and defenses - Key extraction, agreement, or distribution - Theoretical foundations, cryptographic primitives, and formal methods - NFC and smart payment applications - Security and privacy for mobile sensing systems - Wireless or mobile security and privacy in health, automotive, avionics, or smart grid applications - Self-tracking/Quantified Self Security and Privacy - Physical Tracking Security and Privacy - Usable Mobile Security and Privacy - Economics of Mobile Security and Privacy - Bring Your Own Device (BYOD) Security ------------------------------------------------------------------------- LangSec 2015 2nd Workshop on Language-Theoretic Security, Held in conjunction with IEEE Symposium on Security and Privacy (SP 2015), San Jose, CA, USA, May 21, 2015. (Submission Due 16 February 2015) http://spw15.langsec.org/index.html LangSec workshop solicits contributions related to the growing area of language-theoretic security. LangSec offers a coherent explanation for the "science of insecurity" as more than an ad hoc collection of software mistakes or design flaws. This explanation is predicated on the connection between fundamental computability principles and the continued existence of software flaws. LangSec posits that the only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language and treating the respective input-handling routines as a recognizer for that language. The LangSec approach to system design is primarily concerned with achieving practical assurance: development that is rooted in fundamentally sound computability theory, but is expressed as efficient and practical systems components. One major objective of the workshop is to develop and share this viewpoint with attendees and the broader systems security community to help establish a foundation for research based on LangSec principles. The overall goal of the workshop is to bring more clarity and focus to two complementary areas: (1) practical software assurance and (2) vulnerability analysis (identification, characterization, and exploit development). The LangSec community views these activities as related and highly structured engineering disciplines and seeks to provide a forum to explore and develop this relationship. ------------------------------------------------------------------------- USENIX-Security 2015 24th USENIX Security Symposium, Washington, D.C., USA, August 12-14, 2015. (Submission Due 16 February 2015) https://www.usenix.org/conference/usenixsecurity15 The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to: - Systems security - Cryptographic implementation analysis and construction, applied cryptography - Programming language security - Web security - Hardware security - Network security - Privacy-enhancing technologies, anonymity - Human-computer interaction, security, and privacy - Social issues and security - Security analysis - Security measurement studies ------------------------------------------------------------------------- RFIDSec 2015 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA, June 22-23, 2015. (Submission Due 17 February 2015) http://rfidsec2015.iaik.tugraz.at/ The RFIDSec workshop is the premier international venue on the latest technological advances in security and privacy in Radio Frequency Identification (RFID). The 11th edition of RFIDSec continues the effort to broaden the scope towards solutions for security and privacy in related constrained environments: Internet of Things, NFC devices, Wireless Tags, and more. Attendees from academia, industry and government can network with a broad range of international experts. The workshop will include both invited and contributed talks. We invite researchers to submit their latest results in Security and Privacy for RFID as well as for associated technologies. Topics of interest include: - Implementations of cryptography and protocols with constrained resources in terms of energy, power, computation resources and memory footprint - Lightweight cryptography and cryptographic protocols - Efficient and secure processor architectures for constrained environments - Tamper and reverse-engineering resistant designs for constrained platforms - Side-channel and fault attacks as well as countermeasures - Novel implementations of cryptography to support privacy and untraceability - Cross-layer engineering of constrained secure implementations within secure systems - Novel technologies and applications such as NFC, IC anti-counterfeiting, and Internet of Things - Design issues related to scalability, large-scale deployment and management of secure tags ------------------------------------------------------------------------- SECRYPT 2015 12th International Conference on Security and Cryptography, Colmar, Alsace, France, July 20 - 22, 2015. (Submission Due 3 March 2015) http://www.secrypt.icete.org SECRYPT is an annual international conference covering research in information and communication security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. Papers describing the application of security technology, the implementation of systems, and lessons learned are also encouraged. Papers describing new methods or technologies, advanced prototypes, systems, tools and techniques and general survey papers indicating future directions are also encouraged. Topics of interest include: - Access Control - Applied Cryptography - Biometrics Security and Privacy - Critical Infrastructure Protection - Data Integrity - Data Protection - Database Security and Privacy - Digital Forensics - Digital Rights Management - Ethical and Legal Implications of Security and Privacy - Formal Methods for Security - Human Factors and Human Behavior Recognition Techniques - Identification, Authentication and Non-repudiation - Identity Management - Information Hiding - Information Systems Auditing - Insider Threats and Countermeasures - Intellectual Property Protection - Intrusion Detection & Prevention - Management of Computing Security - Network Security - Organizational Security Policies - Peer-to-Peer Security - Personal Data Protection for Information Systems - Privacy - Privacy Enhancing Technologies - Reliability and Dependability - Risk Assessment - Secure Software Development Methodologies - Security and Privacy for Big Data - Security and privacy in Complex Systems - Security and Privacy in Crowdsourcing - Security and Privacy in IT Outsourcing - Security and Privacy in Location-based Services - Security and Privacy in Mobile Systems - Security and Privacy in Pervasive/Ubiquitous Computing - Security and Privacy in Smart Grids - Security and Privacy in Social Networks - Security and Privacy in the Cloud - Security and Privacy in Web Services - Security and Privacy Policies - Security Area Control - Security Deployment - Security Engineering - Security in Distributed Systems - Security Information Systems Architecture - Security Management - Security Metrics and Measurement - Security Protocols - Security requirements - Security Verification and Validation - Sensor and Mobile Ad Hoc Network Security - Service and Systems Design and QoS Network Security - Software Security - Trust management and Reputation Systems - Ubiquitous Computing Security - Wireless Network Security ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Patrick McDaniel Greg Shannon Computer Science and Engineering CERT Pennsylvania State University oakland14-chair@ieee-security.org 360 A IST Building University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2015 Chair: TC Awards Chair: Sean Peisert Hilarie Orman UC Davis and Purple Streak, Inc. Lawrence Berkeley National Laboratory 500 S. Maple Dr. oakland15-chair@ieee-security.org Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year