Commentary and Opinion
Richard Austin's review of The Future of Violence: Robots and Germs, Hackers and Drones. Confronting a new age of threat by Benjamin Wittes and Gabriella Blum
Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
New since Cipher E125:
Posted Apr 2015
Department of Computer Science, TU Darmstadt
Two Ph.D. Scholarships in Software Security:
- Dynamic Enforcement of Mobile Software Security
- Timing-Side-Channel Detection and Mitigation
The positions are available immediately but a later start is also possible. We will consider applications until the positions are filled. website
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E125 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
DPM 2015 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria, September 21-22, 2015. (Submission Due 1 June 2015)
Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop.
WPES 2015 Workshop on Privacy-Preserving Information Retrieval, Held in conjunction with the ACM SIGIR conference, Santiago de Chile, August 13, 2015. (Submission Due 5 June 2015)
We look forward to your ideas and solutions to the cross-discipline research on privacy and information retrieval. The submissions should be about not limited to the following research areas:
WISCS 2015 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, 12, 2015. (Submission Due 8 June 2015)
Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data that minimizes false positives? The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to:
WPES 2015 Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 12, 2015. (Submission Due 10 June 2015)
The increased power and interconnectivity of computer systems available today create the ability to store and process large amounts of data, resulting in networked information accessible from anywhere at any time. It is becoming easier to collect, exchange, access, process, and link information. This global scenario has inevitably resulted in an increasing degree of awareness with respect to privacy. Privacy issues have been the subject of public debates, and the need for privacy-aware policies, regulations, and techniques has been widely recognized. The goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.
CCSW 2015 ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. (Submission Due 12 June 2015)
The CCSW workshop brings together researchers and practitioners in all security and privacy aspects of cloud-centric and outsourced computing, including:
SafeConfig 2015 8th Workshop on Automated Decision Making for Active Cyber Defense, Collocated with ACM CCS 2015, Denver, Colorado, USA, October 12, 2015. (Submission Due 12 June 2015)
The high growth of cyber connectivity significantly increases the potential and sophistication of cyber-attacks. The new capabilities based on active cyber defense (ACD) are required to offer automated, intelligently-driven, agile, and resilient cyber defense. Both accurate "sense-making" based security analytics of the system artifacts (e.g., traces, configurations, logs, incident reports, alarms and network traffic), and provably-effective "decision-making" based on robust reasoning are required to enable ACD for cyber security and resiliency. Cyber security requires automated and scalable analytics in order to normalize, model, integrate, and analyze large and complex data to make correct decisions on time about security measures against threats. The automated decision making goals is to determine and improve the security and resiliency of cyber systems and services. As the current technology moves toward 'smart' cyber-physical infrastructures as well as open networking platforms (e.g., software defined networking and virtual/cloud computing), the need for large-scale security analytics and automation for decision making significantly increases. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a distinct forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems.
CPS-SPC 2015 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. (Submission Due 12 June 2015)
Cyber-physical systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed by a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications - in areas such as medical devices, automotive, and smart infrastructure - and increasing the role that the information infrastructure plays in existing control systems - such as in the process control industry or the power grid. Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control and to the people who depend on it. In particular, the protection of our critical infrastructures that rely on CPS, such as the electric power transmission and distribution, industrial control systems, oil and natural gas systems, water and waste-water treatment plants, healthcare devices, and transportation networks play a fundamental and large-scale role in our society - and their disruption can have a significant impact to individuals, and nations at large. Similarly, because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore in addition to security, CPS systems must be designed with privacy considerations. To address some of these issues, we invite original research papers on the security and/or privacy of cyber-physical systems. We seek submissions from multiple interdisciplinary backgrounds representative of CPS, including but not limited to the following:
FPS 2015 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France, October 26-28, 2015. (Submission Due 14 June 2015)
This conference, the 8th in an annual series, provides a forum for researchers world-wide working in security, privacy, trustworthy data systems and related areas. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers. The main topics, but not limited to, include:
CANS 2015 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh, December 8-12, 2015. (Submission Due 19 June 2015)
Papers offering novel research contributions are solicited. The conference focus is on original, high-quality, unpublished research and implementation results. Especially encouraged are submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Also of particular interest this year are papers on network security, from modeling, measurement, engineering, and attack perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics of Interest:
WISA 2015 16th International Workshop on Information Security Applications, Jeju Island, Korea, August 20-22, 2015. (Submission Due 20 June 2015)
The primary focus of WISA 2015 is on systems and network security, and the secondary focus is on all other technical and practical aspects of security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to:
IWDW 2015 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan, October 7-10, 2015. (Submission Due 20 June 2015)
The 14th IWDW, International Workshop on Digital-forensics and Watermarking (IWDW 2015) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. The topics include, but are not limited to:
C&TC 2015 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 26-28, 2015. (Submission Due 23 June 2015)
Current and future software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations. Today software covers a very wide range of application domains as well as technology and research issues. This has found realization through Cloud Computing. Vital element in such networked information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, presenting theoretical and practical approaches to cloud trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud and trust bringing together experts from the two communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud. Papers from practitioners who encounter trust, security, privacy and risk management problems and seek understanding are also welcome.
SPC 2015 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy, September 30, 2015. (Submission Due 3 July 2015)
The workshop seeks submissions from academia, industry, and government presenting novel research, as well as experimental studies, on all theoretical and practical aspects of security, privacy, and data protection in cloud scenarios. Topics of interest include, but are not limited to:
SPiCy 2015 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy, September 30, 2015. (Submission Due 3 July 2015)
In the modern age Cybermatics is differentiating itself by designing the physical and social places into the cyber space to accomplish the union of three spaces: (i) Physical Cyberworld, (ii) Social Cyberworld, and (iii) Thinking Cyberworld. In the cyber space, everywhere cyber-nodes are significantly independent from the space-time limitations that exist in the physical space. Along with the development of intelligent systems, Cybermatics has brought a wide area of open issues during the cyber interaction, physical perception, social correlation, and cognitive thinking. Currently, Cybermatics is still in its initial stage, and it is expected that Cybermatics will lead industrialization and IT applications to a new level and will significantly change the way of producing, living, and even thinking of the mankind. Cybermatics will transform how we interact with and control the physical world around us, just in the same way as the Internet transformed how we interact and communicate with one another and revolutionized how and where we access information. Cyber-physical systems are subject to threats stemming from increasing dependence on computer and communication technologies. Cyber security threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, public safety, and health at risk. This workshop aims to represent an opportunity for cyber security researchers, practitioners, policy makers, and users to exchange ideas, research findings, techniques and tools, raise awareness, and share experiences related to all practical and theoretical aspects of Cybermatics security issues. Capturing security and privacy requirements in the early stages of system development is essential for creating sufficient public confidence in order to facilitate the adoption of novel systems of Cybermatics such as cyber-physical-social (CPS) systems, cyber-physical-social-thinking (CPST) systems, and cyber-physical-thinking (CPT) systems. However, security and privacy requirements are often not handled properly due to their wide variety of facets and aspects which make them difficult to formulate. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and as well as practical aspects of Cybermatics.
ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 29 July 2015)
The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to:
Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia). This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to:
IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 10 September 2015)
Editors: Abhishek Parakh (University of Nebraska, Omaha, USA)
and Zhiwei Wang (Nanjing University of Posts and Telecommunications, P.R. China).
Mobile devices, such as smart tags, smart pads, tablets, PDAs, smart phones and wireless sensors, have become pervasive and attract significant interest from academia, industry, and standard organizations. With the latest cloud computing technology, those mobile devices will play a more and more important role in computing and communication. When those devices become pervasive, security become critical components for the acceptance of applications build based on those devices. Moreover, several favorable characteristics of mobile devices, including portability, mobility and sensitivity, further increase the challenges of security in these systems. However due to rapid development and applications, security in mobile systems involves different challenges. This special issue aims to bring together works of technologists and researchers who share an interest in the area of security in mobile systems, and to explore new venues of collaboration. Its main purpose is to promote discussions about research and relevant activities in the models and designs of secure, privacy-preserving, trusted architectures, security protocols, cryptographic algorithms, services and applications, as well as to analyse cyber threat in mobile systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We seek papers that address theoretical, experimental research, and works-in-progress for security-related issues in the context of mobile systems. Suitable topics include the following in relation to security:
Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics. (Submission Due 30 September 2015)
Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia),
Lior Rokach (Ben-Gurion University of the Negev Beer-Sheva, Israel),
and Claudio Bettini (University of Milan, Italy)
This special issue will focus on cutting edge research from both academia and industry on the topic of mobile security, privacy and forensics, with a particular emphasis on novel techniques to secure user data and/or obtain evidential data from mobile devices in crimes that make use of sophisticated and secure technologies. Topics of interest include:
PQCrypto 2016 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan, February 24-26, 2016. (Submission Due 7 October 2015)
The aim of PQCrypto is to serve as a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers. The conference will be preceded by a winter school on February 22-23, 2016. Original research papers on all technical aspects of cryptographic research related to post-quantum cryptography are solicited. The topics include (but are not restricted to):
ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submission Due 30 November 2015)
Editors: Elisa Bertino (Purdue University, USA),
Kim-Kwang Raymond Choo (University of South Australia, Australia),
Dimitrios Georgakopoulos (RMIT University, Australia),
and Surya Nepal (CSIRO, Australia).
The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to:
The Technical Committee on Security and Privacy
Staying in touch....
Changing your email address? Please send updates to email@example.com
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP||TC publications available online|
|TC Publications for sale||Cipher past issues archive|