_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 126 May 30, 2015 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Richard Austin Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Richard Austin's review of "The Future of Violence: Robots and Germs, Hackers and Drones. Confronting a new age of threat" by Benjamin Wittes and Gabriella Blum o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Items from the News o US Will Sanction "Harmers" Outside Its Borders o Data Breach Laws: State vs. Federal o New Targets o The Passenger Pilot o Iran Moving Ahead on the Cyberattack Curve o Oracle Does Java Evil? o The Feds, Private Companies, Cyberthreats, and Privacy o Watering Holes, ransomware, and the generally sad state of computer security o Poison Apple? o Your DHS Wants YOU! o Putin Checks Obama's Schedule o Cyberthreat, cyberattack, cyberwar, a strategy o The end of "unfettered data collection"? o Congressman with CS degree calls FBI encryption plan "stupid" o Now you can know, is B2 Multics secure? o The next step, combining data breaches * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: At the recent Symposium on Security and Privacy, the IEEE Computer Society's Technical Committee on Security and Privacy (the organization that sponsors this newsletter), selected Sean Peisert as the incoming Vice Chair of the committee. The symposium's General Chair for 2016 is Michael Locasto, and the Program Chairs are Vitaly Shmatikov and Ulfar Erlingsson This month our fearless book reviewer, Richard Austin, tackles a book about violence in the digital era. This is a book with more than just technology. It approaches the philosophical questions of where violence comes from and how it will be interpreted in our technological future. The news continues to inspire with an unending feast of attacks and malware of many species. The articles about a passenger accessing the flight controls on an airliner seemed hardly credible, but apparently there is no "air gap" between the internal networks. But the firewall, that's fully verified, right? In a totally retro turn, the security report from an early secure operating system, B2 Multics, has finally been released to the public. In 1986, many of us expected fully secure OS's by this time. We were so much younger then. Keep your router dry, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Richard Austin 5/20/2015 ____________________________________________________________________ The Future of Violence: Robots and Germs, Hackers and Drones. Confronting a new age of threat by Benjamin Wittes and Gabriella Blum Basic Books 2015. ISBN 978-0-465-08974-1 It's a truism that we live in a very dangerous world, but how different are these dangers from those that have faced us in the past? Are they really all that different? Do they just affect the involved parties, or do they have broader implications that rise to the level of national policy and even the fundamental relationship between individuals and society? Wittes and Blum assert that the disruptive technologies mentioned in the title pose fundamental questions because they enable mass empowerment. That is, the capability to cause widespread mayhem is no longer concentrated within the sphere of nations. We have all seen how individuals, small groups and nation states can use cyber means to create inconvenience; this potentially could cause damage of a crisis order. Our widespread dependence on accessible information technology make this possible. For example, production of malware does not require significant investment in supporting infrastructure or access to easily controlled tools or technologies: the basic tools of software development are sufficient to the task. Damaging attacks can be launched from anywhere on the planet, and their sources can be notoriously difficult to identify (the oft cited "attribution problem"). What is now true of the cyber realm is, in the authors' estimation, becoming true of both biotechnology and drones. As noted earlier, matching mass empowerment is mass vulnerability. We are all vulnerable, as the frequency of identity theft graphically illustrates. Our dependence on technology for everything from communications, to commerce, to even the operation of aircraft makes us vulnerable to attack. Traditionally, defense has been the exclusive purview of nations. Some even assert that defense is the fundamental reason why we organize ourselves into societies. With the infrastructures that support communications commerce, etc., largely in private hands, what role can the state play in effectively defending those infrastructures? And, if the state can no longer assure its people of adequate protection and defense, is the concept of the state as we know it outmoded? How can the state and its constituents cooperate to assure basic defense and protection? Wittes and Blum tackle these complex issues and their implications in a lucid, well-reasoned presentation with many insights from history. Of particular note is their discussion of the background (Chapter 5) for Benjamin Franklin's oft cited quote "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty or Safety" which reveals Franklin's thought to be much more nuanced than the typical presentation of a zero-sum tradeoff between liberty and safety. While avoiding the temptation to proscribe solutions, they map options for actions by the private and public sectors. While some options are, to put it mildly, controversial, a core insight is that the solutions to these issues will require close cooperation between both the public and private sector with a healthy reasoned debate regarding difficult choices (What role can regulation play? Should the state be able to conscript experts from the private sector? How do you balance the surveillance needed for effective situational awareness with concepts such as privacy and due process? ...). While I've talked most about the issues in the cyber realm, the book is notable for linking the issues across all the disruptive technologies mentioned in the title. This is an important book because it lays out the broad implications of the current state of exigence in a clear and readable manner. I do not agree with many of the authors' proposals, but the dialog must be had, and the authors deserve much credit for mapping the domain of discourse in such a comprehensive fashion. Buy this book. Read this book. Think about its content. And most importantly, talk about the issues it raises with people from all sides of the political spectrum. As the authors make so abundantly clear, we are all vulnerable, but we are all also critical players in the solution. ---------------- It has been said "Be careful, for writing books is endless, and much study wears you out" so Richard Austin (http://cse.spsu.edu/raustin2) fearlessly samples the wares of the publishing houses and opines as to which might most profitably occupy your scarce reading time. He welcomes your thoughts and comments via raustin at ieee dot org ____________________________________________________________________ ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html New since Cipher E125: Posted Apr 2015 Department of Computer Science, TU Darmstadt Darmstadt, Germany Two Ph.D. Scholarships in Software Security: - Dynamic Enforcement of Mobile Software Security - Timing-Side-Channel Detection and Mitigation The positions are available immediately but a later start is also possible. We will consider applications until the positions are filled. See http://www.mais.informatik.tu-darmstadt.de/Positions.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ------------------ US Will Sanction "Harmers" Outside Its Borders Summary: The US now has a program to impose sanctions on individuals who are outside the country and harm it through cyberattacks. The "harms" are: attacking critical infrastructure such as a power grid; disrupting major computer networks; stealing intellectual property or trade secrets; or benefiting from the stolen secrets and property. Full story: The Washington Post By Ellen Nakashima April 1, 2015 U.S. establishes sanctions program to combat cyberattacks, cyberspying http://www.washingtonpost.com/world/national-security/us-to-establish-sanctions-program-to-combat-cyberattacks-cyberspying/2015/03/31/7f563474-d7dc-11e4-ba28-f2a685dc7f89_story.html?tid=hpModule_9d3add6c-8a79-11e2-98d9-3012c1cd8d1e&hpid=z10 The executive order: http://apps.washingtonpost.com/g/documents/world/executive-order-obama-establishes-sanctions-program-to-combat-cyberattacks-cyberspying/1502/ ------------------ Data Breach Laws: State vs. Federal Summary: A proposed national standard for consumer protection after a data breach might result in weakening existing state provisions. Further, a transfer of enforcement responsibility from the Federal Communications Commission to the Federal Trade Commission might remove some communication companies from the protections. The Washington Post By Andrea Peterson April 15, 2015 Why this national data breach notification bill has privacy advocates worried Full story: http://www.washingtonpost.com/blogs/the-switch/wp/2015/04/15/why-this-national-data-breach-notification-bill-has-privacy-advocates-worried/?tid=hpModule_88854bf0-8691-11e2-9d71-f0feafdd1394&hpid=z12 ------------- New Targets Summary: The security firm Symantec says that its incident response center has seen a shift from banks to health care systems as victims during 2014. The Privacy Rights Clearinghouse, however, says that universities are also becoming attractive targets for data breaches. Associated Press Apr 14, 2015 Hackers keep trying new targets in search of easy data Full story: http://www.nytimes.com/aponline/2015/04/14/technology/ap-us-tec-threat-report.html ------------- The Passenger Pilot Summary: Modern aircraft rely on firewalls to separate the passenger wifi network from the flight operations network, but there may be vulnerabilities. There is a report of a bug that allow privileged access from the passenger network to satellite communications equipment, and there is also a claim of being able to issue flight control commands from the passenger compartment. [This makes the "PalmPilot" a rather prescient product]. FoxNews.com Apr 15, 2015 GAO reports warns hackers could bring down plane using passenger Wi-Fi Full story: http://www.foxnews.com/tech/2015/04/15/gao-reports-warns-hackers-could-bring-down-plane-using-passenger-wi-fi/?intcmp=latestnews Fox News Apr 17, 2015 Security expert pulled off flight by FBI after exposing airline tech vulnerabilities Full story: http://www.foxnews.com/us/2015/04/17/security-expert-pulled-off-flight-by-fbi-after-exposing-airline-tech/ ------------- Iran Moving Ahead on the Cyberattack Curve Summary: A Norwegian cybersecurity firm says that the Las Vegas Sands casino had its gaming computers disabled by a cyberattack orchestrated by Iran. The incident may have been retaliation for remarks by the casino's owner. New York Times April 15, 2015 By David E. Sanger and Nicole Perlroth Iran Is Raising Sophistication and Frequency of Cyberattacks, Study Says Full story: http://www.nytimes.com/2015/04/16/world/middleeast/iran-is-raising-sophistication-and-frequency-of-cyberattacks-study-says.html ------------- Oracle Does Java Evil? Summary: Oracle provides Java software that has installation options for third party-party software. Unwary users lament the results of taking the default installation. The "Ask.com" toolbar, for example, is reportedly very difficult to remove. This feature was reported for Windows in 2013, but as of this year it was added to the Java installation for the Apple MACOS. Los Angeles Times Apr 17, 2015 David Lazarus Ask.com can hijack your computer using Java updates Full story: http://www.latimes.com/business/la-fi-lazarus-20150417-column.html The Ed Bott Report By Ed Bott January 22, 2013 A close look at how Oracle installs deceptive software with Java updates Full story: http://www.zdnet.com/article/a-close-look-at-how-oracle-installs-deceptive-software-with-java-updates/ ------------- The Feds, Private Companies, Cyberthreats, and Privacy Summary: Almost everyone wants to stop cyberattacks, and the federal government has for years sought access to information from private companies about how cyber criminals have attacked them. The feds may have their way if the House and Senate agree on a bill that "pushes" private companies to share data and receive liability protection if they have scrubbed the data to protect customer identities. NYTimes.com Apr 22, 2015 By Jennifer Steinhauer Computer Attacks Spur Congress to Act on Cybersecurity Bill Years in the Making Full story: http://www.nytimes.com/2015/04/23/us/politics/computer-attacks-spur-congress-to-act-on-cybersecurity-bill-years-in-making.html?_r=0 NYTimes.com Apr 22, 2015 By Jennifer Steinhauer House Passes Cybersecurity Bill After Companies Fall Victim to Data Breaches Full story: http://www.nytimes.com/2015/04/23/us/politics/computer-attacks-spur-congress-to-act-on-cybersecurity-bill-years-in-making.html?mabReward=A7&action=click&pgtype=Homepage®ion=CColumn&module=Recommendation&WT.nav=RecEngine&src=rechp ------------- Watering Holes, ransomware, and the generally sad state of computer security Summary: Symantec reports that 2014 was another banner year for malware. Overall, cyberattacks increased by 40%, according to their report center. This included 80% of all "large companies" in the US. San Jose Mercury News Pete Carey April 23, 2015 Symantec: Hacker attacks up 40 percent in 2014, Apr 23, 2015 Full story: http://www.mercurynews.com/business/ci_27968313/hacker-attacks-up-40-percent-2014-symantec-says ------------- Poison Apple? Summary: An Israeli company reports the ability to crash iOS devices by manipulating wifi network SSL certificates. Bloomberg News Cornelius Rahn April 23, 2015 Apple software bug lets hackers crash iPhones, researchers say Full story: http://www.sltrib.com/home/2434575-155/apple-software-bug-lets-hackers-crash ------------- Your DHS Wants YOU! Summary: At the annual http://www.rsaconference.com/>RSA Conference, Homeland Security Secretary Jeh Johnson said the agency would be looking to recruit cybersecurity experts from Silicon Valley, even going so far as to open a local office. The Washington Post April 22, 2015 By Josh Hicks Homeland Security is laying roots in Silicon Valley, and you might not like its reasons Full story: http://www.washingtonpost.com/blogs/federal-eye/wp/2015/04/22/homeland-security-is-laying-roots-in-silicon-valley-and-you-might-not-like-its-reasons/?tid=hpModule_14fd66a0-9199-11e2-bdea-e32ad90da239&hpid=z14 ------------- Putin Checks Obama's Schedule Summary: An investigation of an intrusion into the White House computer network last year has concluded that data and email on the unclassified network, including some of President Obama's, were accessed by Russian hackers. The article implies that the classified network was not involved in the breach. The New York Times By Michael S. Schmidt and David E. Sanger April 25, 2015 Russian Hackers Read Obama's Unclassified Emails, Officials Say Full story: http://www.nytimes.com/2015/04/26/us/russian-hackers-read-obamas-unclassified-emails-officials-say.html?action=click&pgtype=Homepage&module=well-region®ion=bottom-well&WT.nav=bottom-well&hpw&rref=technology&_r=0 ------------- Cyberthreat, cyberattack, cyberwar, a strategy Summary: The editorial board of the New York Times concludes that a new report by the Pentagon about cybersecurity lays the groundwork for a policy about retaliation to cyberattacks. It contains conditions under which "if ordered by the president, the military could conduct operations to counter 'an imminent or ongoing attack against the U.S. homeland or U.S. interests in cyberspace.'" The editorial surmises that the Obama administration feels that the executive branch must take the lead because of Congressional inaction. The New York Times Editorial Board April 28, 2015 Preparing for Warfare in Cyberspace Full story: http://www.nytimes.com/2015/04/28/opinion/preparing-for-warfare-in-cyberspace.html ------------- The end of "unfettered data collection"? Summary: The Patriot Act gave the NSA the power to collect bulk information on phone calls. Congress is considering two bills, one to extend the act and another to curtail it. Slate.com By Beth Ethier Apr 28, 2015 USA Freedom Act: Update to Patriot Act has bipartisan cosponsors, would end NSA bulk data collection, Full story: http://www.slate.com/blogs/the_slatest/2015/04/28/usa_freedom_act_update_to_patriot_act_has_bipartisan_cosponsors_would_end.html ------------- Congressman with CS degree calls FBI encryption plan "stupid" Summary: Rep. Ted Lieu of California has a computer science degree from Stanford University. He thinks that encryption "back doors" are infeasible because they cannot be restricted to "good guys". The members of House Government Oversight and Reform Committee's Information Technology subcommittee were "skeptical", but it is unclear if their opinions were founded on any understanding of cryptography. The Washington Post Apr 30, 2015 By Andrea Peterson Congressman with computer science degree: Encryption back-doors are 'technologically stupid' Full story: http://www.washingtonpost.com/blogs/the-switch/wp/2015/04/30/congressman-with-computer-science-degree-encryption-back-doors-are-technologically-stupid/?tid=trending_strip_6 ------------- Now you can know, is B2 Multics secure? Summary: Tom Van Vleck has caused the disinterment of a report on the landmark operating system, Multics. Full story: The 1986 Final Evaluation Report for the B2 rating of Multics has been released by NSA and is available at http://multicians.org/multics-fer.html ------------- The next step, combining data breaches Summary: Taxpayer information from an online IRS database was used to create false tax returns and claim refunds without the knowledge of the true account holders. This was possible because the hackers had previously obtained the taxpayers' personal identifying information from different data breaches. The combination of information defeated the authentication mechanisms used by the IRS. This has been done before on a small scale, but the technique now may be a potent weapon in fraud. Full story: New York Times By Patricia Cohen May 27, 2015 I.R.S. Data Breach May Be Sign of More Personalized Schemes http://www.nytimes.com/2015/05/28/business/irs-data-breach-may-be-sign-of-more-personalized-schemes.html ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, web page for more info. 5/31/15: IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services; http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tscsi_sdcss.pdf; Submissions are due 6/ 1/15: DPM, 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria; http://deic.uab.cat/conferences/dpm/dpm2015/; Submissions are due 6/ 1/15- 6/ 3/15: SACMAT, 20th ACM Symposium on Access Control Models and Technologies, Vienna, AustriaA; http://www.sacmat.org/ 6/ 2/15- 6/ 5/15: ACNS, 13th International Conference on Applied Cryptography and Network Security, New York, NY, USA; http://acns2015.cs.columbia.edu/ 6/ 5/15: WPES, Workshop on Privacy-Preserving Information Retrieval, Held in conjunction with the ACM SIGIR conference, Santiago de Chile; http://privacypreservingir.org; Submissions are due 6/ 7/15- 6/11/15: DAC-Security Track, Design Automation Conference, San Francisco, CA, USA; https://dac.com/submission-categories/hardware-and-software-security 6/ 8/15: WPES, Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://wpes15.cs.umn.edu/; Submissions are due 6/10/15: WISCS, 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/wiscs2015/; Submissions are due 6/12/15: SafeConfig, 8th Workshop on Automated Decision Making for Active Cyber Defense, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://ccsw.ics.uci.edu/15/; Submissions are due 6/12/15: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://www.cyberdna.uncc.edu/safeconfig/2015/cfp.html; Submissions are due 6/12/15: CPS-SPC, 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/2015cpsspc/; Submissions are due 6/14/15: FPS, 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France; http://confiance-numerique.clermont-universite.fr/fps2015/; Submissions are due 6/15/15- 6/17/15: MSPN, International Conference on Mobile, Secure and Programmable Networking, Paris, France; http://cedric.cnam.fr/workshops/mspn2015/ 6/19/15: CANS, 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh; http://www.cans2015.org/; Submissions are due 6/20/15: WISA, 16th International Workshop on Information Security Applications, Jeju Island, Korea; http://www.wisa.or.kr; Submissions are due 6/20/15: IWDW, 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan; http://iwdw2015.tokyo/; Submissions are due 6/22/15- 6/23/15: WEIS, 14th Annual Workshop on the Economic of Information Security, Delft University of Technology, The Netherlands; http://weis2015.econinfosec.org/ 6/22/15- 6/26/15: WiSec, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, NY, USA; http://www.sigsac.org/wisec/WiSec2015/ 6/22/15- 6/23/15: RFIDSec, 11th Workshop on RFID Security, Co-located with ACM WiSec 2015, New York City, NY, USA; http://rfidsec2015.iaik.tugraz.at/ 6/23/15: C&TC, 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece; http://www.onthemove-conferences.org/index.php/cloud-trust-15; Submissions are due 6/24/15- 6/26/15: PTDCS, Workshop on Privacy by Transparency in Data-Centric Services, Held in conjunction with the 18th International Conference on Business Information Systems (BIS 2015), Poznan, Poland; http://bis.kie.ue.poznan.pl/bis2015/workshops/ptdcs-2015/ 6/27/15- 7/ 2/15: SPE, IEEE 5th International Workshop on Security and Privacy Engineering, Co-located with 11th IEEE World Congress on Services (SERVICES 2015), New York, NY, USA; http://sesar.di.unimi.it/SPE2015/ 6/30/15- 7/ 2/15: PETS, 15th Privacy Enhancing Technologies Symposium, Philadelphia, PA, USA; https://www.petsymposium.org/2015/ 7/ 1/15- 7/3/15: HAISA, International Symposium on Human Aspects of Information Security & Assurance, Lesvos, Greece; http://haisa.org/ 7/ 3/15: SPC, 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy; http://www.zurich.ibm.com/spc2015/; Submissions are due 7/ 3/15: SPiCy, 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy; http://spicy2015.di.unimi.it; Submissions are due 7/ 9/15- 7/10/15: DIMVA, 12th International Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Milano, Italy; http://www.dimva2015.it 7/13/15: FCS, Workshop on Foundations of Computer Security, Held in conjunction with IEEE CSF 2015, Verona, Italy; http://software.imdea.org/~bkoepf/FCS15/; Submissions are due 7/18/15- 7/24/15: CAV, 27th International Conference on Computer Aided Verification, San Francisco, California, USA; http://i-cav.org/2015/ 7/20/15- 7/22/15: SECRYPT, 12th International Conference on Security and Cryptography, Colmar, Alsace, France; http://www.secrypt.icete.org 7/21/15- 7/23/15: PST, International Conference on Privacy, Security and Trust, Izmir, Turkey; http://pst2015.yasar.edu.tr/ 7/22/15- 7/24/15: SOUPS, Symposium On Usable Privacy and Security, Ottawa, Canada; http://cups.cs.cmu.edu/soups/ 7/29/15: ICISS, 11th International Conference on Information Systems Security, Kolkata, India; http://www.iciss.org.in; Submissions are due 8/12/15- 8/14/15: USENIX-Security, 24th USENIX Security Symposium, Washington, D.C., USA; https://www.usenix.org/conference/usenixsecurity15 8/13/15: WPES, Workshop on Privacy-Preserving Information Retrieval, Held in conjunction with the ACM SIGIR conference, Santiago de Chile; http://privacypreservingir.org 8/16/15- 8/21/15: 10th IFIP Summer School on Privacy and Identity Management - Time for a Revolution?, Edinburgh, Scotland; http://www.ifip-summerschool.org/ 8/20/15- 8/22/15: WISA, 16th International Workshop on Information Security Applications, Jeju Island, Korea; http://www.wisa.or.kr 8/24/15- 8/25/15: WISTP, 9th WISTP International Conference on Information Security Theory and Practice, Crete, Greece; http://www.wistp.org 8/24/15- 8/28/15: ECTCM, 3rd International Workshop on Emerging Cyberthreats and Countermeasures, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; http://www.ares-conference.eu/conference/workshops/wsdf-2015/ 8/24/15- 8/28/15: RT2ND, International Workshop on Risk and Trust in New Network Developments, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; http://www.ares-conference.eu/conference/workshops/rt2nd-2015/ 8/24/15- 8/28/15: WSDF, 8th International Workshop on Digital Forensics, Held in conjunction with the 10th International Conference on Availability, Reliability and Security (ARES 2015), Toulouse, France; http://www.ares-conference.eu/conference/workshops/wsdf-2015/ 8/31/15: IEEE Transactions on Services Computing, Special Issue on Security and Dependability of Cloud Systems and Services; http://www.journals.elsevier.com/journal-of-computer-and-system-sciences/call-for-papers/cyber-security-in-the-critical-infrastructure-advances-and-f/; Submissions are due 8/31/15- 9/ 4/15: EUSIPCO, 23rd European Signal Processing Conference, Information Forensics and Security Track, Nice, Cote d' Azur, France; http://www.eusipco2015.org 9/ 1/15- 9/ 2/15: TrustBus, 12th International Conference on Trust, Privacy, and Security in Digital Business, Valencia, Spain; http://www.ds.unipi.gr/trustbus15/ 9/10/15: IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security; http://www.journals.elsevier.com/computers-and-electrical-engineering/call-for-papers/challenges-and-solutions-in-mobile-systems-security/; Submissions are due 9/21/15- 9/22/15: DPM, 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria; http://deic.uab.cat/conferences/dpm/dpm2015/ 9/23/15- 9/25/15: ESORICS, 20th European Symposium on Research in Computer Security, Vienna, Austria; http://www.esorics2015.sba-research.org 9/28/15- 9/30/15: CNS, 3rd IEEE Conference on Communications and Network Security, Florence, Italy; http://cns2015.ieee-cns.org/ 9/30/15: Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics; http://www.journals.elsevier.com/pervasive-and-mobile-computing/call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/; Submissions are due 9/30/15: SPC, 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy; http://www.zurich.ibm.com/spc2015/ 9/30/15: SPiCy, 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy; http://spicy2015.di.unimi.it 10/ 5/15-10/ 7/15: CRITIS, 10th International Conference on Critical Information Infrastructures Security, Berlin, Germany; http://www.critis2015.org 10/ 7/15: PQCrypto, 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan; https://pqcrypto2016.jp/; Submissions are due 10/ 7/15-10/10/15: IWDW, 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan; http://iwdw2015.tokyo/ 10/12/15: WISCS, 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/wiscs2015/ 10/12/15: WPES, Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://wpes15.cs.umn.edu/ 10/12/15: SafeConfig, 8th Workshop on Automated Decision Making for Active Cyber Defense, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://ccsw.ics.uci.edu/15/ 10/12/15-10/16/15: ACM-CCS, 22nd ACM Conference on Computer and Communications Security, Denver, Colorado, USA; http://www.sigsac.org/ccs/CCS2015 10/16/15: CCSW, ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; http://ccsw.ics.uci.edu/15/ 10/16/15: CPS-SPC, 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA; https://sites.google.com/site/2015cpsspc/ 10/26/15-10/28/15: FPS, 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France; http://confiance-numerique.clermont-universite.fr/fps2015/ 10/26/15-10/28/15: C&TC, 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece; http://www.onthemove-conferences.org/index.php/cloud-trust-15 11/ 3/15-11/ 5/15: NSS, 9th International Conference on Network and System Security, New York City, NY, USA; http://anss.org.au/nss2015/index.htm 11/30/15: ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery; http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf; Submissions are due 12/ 6/15-12/10/15: Globecom-CISS, IEEE Globecom 2015, Communication & Information System Security Symposium, San Diego, CA, USA; http://globecom2015.ieee-globecom.org/sites/globecom2015.ieee-globecom.org/files/u42/GC15_TPC_CFP_CISS_-_Communication_&_Information_System_Security.pdf 12/ 8/15-12/12/15: CANS, 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh; http://www.cans2015.org/ 12/16/15-12/20/15: ICISS, 11th International Conference on Information Systems Security, Kolkata, India; http://www.iciss.org.in 2/24/16- 2/26/16: PQCrypto, 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan; https://pqcrypto2016.jp/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E125) This list is maintained by Yong Guan ___________________________________________________________________ DPM 2015 10th International Workshop on Data Privacy Management, Co-located with ESORICS 2015, Vienna, Austria, September 21-22, 2015. (Submission Due 1 June 2015) http://deic.uab.cat/conferences/dpm/dpm2015/ Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers. The aim of this workshop is to discuss and exchange the ideas related to privacy data management. We invite papers from researchers and practitioners working in privacy, security, trustworthy data systems and related areas to submit their original papers in this workshop. ------------------------------------------------------------------------- WPES 2015 Workshop on Privacy-Preserving Information Retrieval, Held in conjunction with the ACM SIGIR conference, Santiago de Chile, August 13, 2015. (Submission Due 5 June 2015) http://privacypreservingir.org We look forward to your ideas and solutions to the cross-discipline research on privacy and information retrieval. The submissions should be about but not limited to the following research areas: - Privacy-related information retrieval models - Privacy in social media, micro blog, and people search - Evaluation for privacy-preserving IR - Leak of sensitive information in natural languages - Privacy in location-based services, recommender systems, and other IR works on mobile app - Privacy preserving IR work for healthcare and other domains ------------------------------------------------------------------------- WISCS 2015 2nd Workshop on Information Sharing and Collaborative Security, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 12, 2015. (Submission Due 8 June 2015) https://sites.google.com/site/wiscs2015/ Sharing of cyber-security related information is believed to greatly enhance the ability of organizations to defend themselves against sophisticated attacks. If one organization detects a breach sharing associated security indicators (such as attacker IP addresses, domain names, file hashes etc.) provides valuable, actionable information to other organizations. The analysis of shared security data promises novel insights into emerging attacks. Sharing higher level intelligence about threat actors, the tools they use and mitigations provides defenders with much needed context for better preparing and responding to attacks. In the US and the EU major efforts are underway to strengthen information sharing. Yet, there are a number of technical and policy challenges to realizing this vision. Which information exactly should be shared? How can privacy and confidentiality be protected? How can we create high-fidelity intelligence from shared data that minimizes false positives? The 2nd Workshop on Information Sharing and Collaborative Security (WISCS 2015) aims to bring together experts and practitioners from academia, industry and government to present innovative research, case studies, and legal and policy issues. Topics of interest for the workshop include, but are not limited to: - Collaborative intrusion detection - Case studies of information sharing - Domain name and IP address blacklists - Collaborative approaches to spear-phishing, DDoS and other attacks - Privacy and confidentiality - Data deidentification - Cryptographic protocols for collaborative security - Access control for shared information - Scalable security analysis on shared data - Ontologies and standards for sharing security data - UX and behavioral aspects of collaboration - Policy and legal issues - Surveillance issues - Trust models - Attacks on information sharing - Economics of security collaboration ------------------------------------------------------------------------- WPES 2015 Workshop on Privacy in the Electronic Society, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 12, 2015. (Submission Due 10 June 2015) https://wpes15.cs.umn.edu/ The increased power and interconnectivity of computer systems available today create the ability to store and process large amounts of data, resulting in networked information accessible from anywhere at any time. It is becoming easier to collect, exchange, access, process, and link information. This global scenario has inevitably resulted in an increasing degree of awareness with respect to privacy. Privacy issues have been the subject of public debates, and the need for privacy-aware policies, regulations, and techniques has been widely recognized. The goal of this workshop is to discuss the problems of privacy in the global interconnected societies and possible solutions to them. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. ------------------------------------------------------------------------- CCSW 2015 ACM Cloud Computing Security Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. (Submission Due 12 June 2015) http://ccsw.ics.uci.edu/15/ The CCSW workshop brings together researchers and practitioners in all security and privacy aspects of cloud-centric and outsourced computing, including: - practical cryptographic protocols for cloud security - outsourced privacy-preserving computation - secure cloud resource virtualization mechanisms - secure data management outsourcing (e.g., database as a service) - practical privacy and integrity mechanisms for outsourcing - privacy-enhancing technologies for the cloud - foundations of cloud-centric threat models - secure computation outsourcing - remote attestation mechanisms in clouds - sandboxing and VM-based enforcements - trust and policy management in clouds - secure identity management mechanisms - new cloud-aware web service security paradigms and mechanisms - cloud-centric regulatory compliance issues and mechanisms - business and security risk models and clouds - cost and usability models and their interaction with security in clouds - scalability of security in global-size clouds - trusted computing technology and clouds - binary analysis of software for remote attestation and cloud protection - network security (DOS, IDS etc.) mechanisms for cloud contexts - security for emerging cloud programming models - energy/cost/efficiency of security in clouds - security for software defined networking ------------------------------------------------------------------------- SafeConfig 2015 8th Workshop on Automated Decision Making for Active Cyber Defense, Collocated with ACM CCS 2015, Denver, Colorado, USA, October 12, 2015. (Submission Due 12 June 2015) http://www.cyberdna.uncc.edu/safeconfig/2015/cfp.html The high growth of cyber connectivity significantly increases the potential and sophistication of cyber-attacks. The new capabilities based on active cyber defense (ACD) are required to offer automated, intelligently-driven, agile, and resilient cyber defense. Both accurate "sense-making" based security analytics of the system artifacts (e.g., traces, configurations, logs, incident reports, alarms and network traffic), and provably-effective "decision-making" based on robust reasoning are required to enable ACD for cyber security and resiliency. Cyber security requires automated and scalable analytics in order to normalize, model, integrate, and analyze large and complex data to make correct decisions on time about security measures against threats. The automated decision making goals is to determine and improve the security and resiliency of cyber systems and services. As the current technology moves toward 'smart' cyber-physical infrastructures as well as open networking platforms (e.g., software defined networking and virtual/cloud computing), the need for large-scale security analytics and automation for decision making significantly increases. This workshop offers a unique opportunity by bringing together researchers from academia, industry as well as government agencies to discuss the challenges listed above, to exchange experiences, and to propose joint plans for promoting research and development in this area. SafeConfig is a one day forum that includes invited talks, technical presentations of peer-reviewed papers, poster/demo sessions, and joint panels on research collaboration. SafeConfig was started in 2009 and has been continuously running since then. It provides a distinct forum to explore theoretical foundations, algorithmic advances, modeling, and evaluation of configuration related challenges for large scale cyber and cyberphysical systems. ------------------------------------------------------------------------- CPS-SPC 2015 1st ACM Cyber-Physical Systems Security and PrivaCy Workshop, Held in conjunction with the 22nd ACM Conference on Computer and Communications Security (ACM CCS 2015), Denver, Colorado, USA, October 16, 2015. (Submission Due 12 June 2015) https://sites.google.com/site/2015cpsspc/ Cyber-physical systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed by a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications - in areas such as medical devices, automotive, and smart infrastructure - and increasing the role that the information infrastructure plays in existing control systems - such as in the process control industry or the power grid. Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control and to the people who depend on it. In particular, the protection of our critical infrastructures that rely on CPS, such as the electric power transmission and distribution, industrial control systems, oil and natural gas systems, water and waste-water treatment plants, healthcare devices, and transportation networks play a fundamental and large-scale role in our society - and their disruption can have a significant impact to individuals, and nations at large. Similarly, because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore in addition to security, CPS systems must be designed with privacy considerations. To address some of these issues, we invite original research papers on the security and/or privacy of cyber-physical systems. We seek submissions from multiple interdisciplinary backgrounds representative of CPS, including but not limited to the following: - intrusion detection for CPS - privacy in CPS - network security for CPS - control theory and mathematical foundations for secure CPS - embedded systems and IoT security and privacy - real-time systems - game theory applied to CPS - human factors and humans in the loop - reliability and safety - economics of security and privacy in CPS CPS domains of interest include: - manufacturing - industrial control systems - Supervisory Control and Data Acquisition (SCADA) systems - power grid and smart grid - robotics - unmanned aerial vehicles - transportation systems - healthcare and medical devices - automotive - abstract theoretical CPS domains that involve sensing and actuation ------------------------------------------------------------------------- FPS 2015 8th International Symposium on Foundations & Practice of Security, Clermont-Ferrand, France, October 26-28, 2015. (Submission Due 14 June 2015) http://confiance-numerique.clermont-universite.fr/fps2015/ This conference, the 8th in an annual series, provides a forum for researchers world-wide working in security, privacy, trustworthy data systems and related areas. The aim of FPS is to discuss and exchange theoretical and practical ideas that address security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaboration, joint research programs, and student exchanges between institutions involved in this important and fast moving research field. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems and related areas to submit their original papers. The main topics, but not limited to, include: - Computer and Network Security - Formal foundations in Information or Operational Security - Security of Service Oriented Architectures - Information Theoretic Security - Security of Cloud Computing - Security Management and Security Policies - Policy-based Security Architectures - Security of P2P systems - Security & Privacy on Social Networks - Access Control Languages - Data Mining & Watermarking - Cryptography & Cryptanalysis - Threat Analysis and Trust Management - Privacy & Sensitive Data Management - Policy-based Distributed Information Systems - Security in Sensor Networks and RFIDs - Security of Cloud Computing, Grid Computing - Security of Distributed Embedded Middleware - Distributed Security Protocols & Policies - Security and Privacy in Digital Currencies - Malware, Botnet and Advanced Persistent Threats - Code Reverse Engineering and Vulnerability Exploitation - Side Channel & Physical Attacks - Social Engineering ------------------------------------------------------------------------- CANS 2015 14th International Conference on Cryptology and Network Security, Morocco, Marrakesh, December 8-12, 2015. (Submission Due 19 June 2015) http://www.cans2015.org/ Papers offering novel research contributions are solicited. The conference focus is on original, high-quality, unpublished research and implementation results. Especially encouraged are submissions of papers suggesting novel paradigms, original directions, or non-traditional perspectives. Also of particular interest this year are papers on network security, from modeling, measurement, engineering, and attack perspectives. Submitted papers must not substantially overlap with papers that have been published or that are submitted in parallel to a journal or a conference with formally published proceedings. Topics of Interest: - Access Control for Networks - Adware, Malware, and Spyware - Anonymity & Pseudonymity - Authentication, Identification - Cloud Security - Cryptographic Algorithms & Protocols - Denial of Service Protection - Embedded System Security - Identity & Trust Management - Internet Security - Key Management - Mobile Code Security - Multicast Security - Network Security - Peer-to-Peer Security - Security Architectures - Security in Social Networks - Sensor Network Security - Virtual Private Networks - Wireless and Mobile Security ------------------------------------------------------------------------- WISA 2015 16th International Workshop on Information Security Applications, Jeju Island, Korea, August 20-22, 2015. (Submission Due 20 June 2015) http://www.wisa.or.kr The primary focus of WISA 2015 is on systems and network security, and the secondary focus is on all other technical and practical aspects of security applications. The workshop will serve as a forum for new results from the academic research community as well as from the industry. The areas of interest include, but are not limited to: - Analysis of network and security protocols - Applications of cryptographic techniques - Automated tools for source code/binary analysis - Critical infrastructure security - Digital Forensics - Exploit techniques and automation - HCI security and privacy - Malware analysis - Network-based attacks - Operating system security - Security policy - Storage and file system security - Trustworthy computing - Web security - Anonymity and censorship-resistant technologies - Authentication and authorization - Botnet defense - Denial-of-service attacks and countermeasures - Embedded systems security - Hardware and physical security - Intrusion detection and prevention - Mobile/wireless/cellular system security - Network infrastructure security - Practical cryptanalysis (hardware, DRM, etc.) - Side channel attacks and countermeasures - Techniques for developing secure systems - Vulnerability research ------------------------------------------------------------------------- IWDW 2015 14th International Workshop on Digital Forensics and Watermarking, Tokyo, Japan, October 7-10, 2015. (Submission Due 20 June 2015) http://iwdw2015.tokyo/ The 14th IWDW, International Workshop on Digital-forensics and Watermarking (IWDW 2015) is a premier forum for researchers and practitioners working on novel research, development and applications of digital watermarking and forensics techniques for multimedia security. We invite submissions of high-quality original research papers. The topics include, but are not limited to: - Mathematical modeling of embedding and detection - Information theoretic, stochastic aspects of data hiding - Security issues, including attacks and counter-attacks - Combination of data hiding and cryptography Optimum watermark detection and reliable recovery - Copyright protection, DRM, and forensic watermarking - Large-scale experimental tests and benchmarking - New statistical and perceptual models of multimedia content - Estimation of watermark capacity - Reversible data hiding - Data hiding in special media - Data hiding and authentication - Steganography and steganalysis - Channel coding techniques for watermarking - Digital multimedia forensics and anti-forensics - Visual cryptography and secret image sharing ------------------------------------------------------------------------- C&TC 2015 5th International Symposium on Cloud Computing, Trusted Computing and Secure Virtual Infrastructures - Cloud and Trusted Computing, Rhodes, Greece, October 26-28, 2015. (Submission Due 23 June 2015) http://www.onthemove-conferences.org/index.php/cloud-trust-15 Current and future software needs to remain focused towards the development and deployment of large and complex intelligent and networked information systems, required for internet-based and intranet-based systems in organizations. Today software covers a very wide range of application domains as well as technology and research issues. This has found realization through Cloud Computing. Vital element in such networked information systems are the notions of trust, security, privacy and risk management. The conference solicits submissions from both academia and industry presenting novel research in the context of Cloud Computing, presenting theoretical and practical approaches to cloud trust, security, privacy and risk management. The conference will provide a special focus on the intersection between cloud and trust bringing together experts from the two communities to discuss on the vital issues of trust, security, privacy and risk management in Cloud Computing. Potential contributions could cover new approaches, methodologies, protocols, tools, or verification and validation techniques. We also welcome review papers that analyze critically the current status of trust, security, privacy and risk management in the cloud. Papers from practitioners who encounter trust, security, privacy and risk management problems and seek understanding are also welcome. ------------------------------------------------------------------------- SPC 2015 1st Workshop on Security and Privacy in the Cloud, Held in conjunction with the IEEE Conference on Communications and Network Security (CNS 2015), Florence, Italy, September 30, 2015. (Submission Due 3 July 2015) http://www.zurich.ibm.com/spc2015/ The workshop seeks submissions from academia, industry, and government presenting novel research, as well as experimental studies, on all theoretical and practical aspects of security, privacy, and data protection in cloud scenarios. Topics of interest include, but are not limited to: - Anonymity in cloud scenarios - Applied cryptography in cloud scenarios - Data and application security - Data and system integrity - Data availability in outsourcing scenarios - Data protection - Efficient access to outsourced data - Key management in cloud scenarios - Privacy - Privacy of accesses - Secure computation over encrypted data - Security and trust metrics - Security and privacy in crowdsourcing - Security and privacy in multi-clouds and federated clouds - Security and privacy in data outsourcing - Security and privacy in the Internet of Things - Security and privacy of big data - Security and privacy of distributed computations - Security and privacy policies - Selective information sharing - Threats, vulnerabilities, and risk management ------------------------------------------------------------------------- SPiCy 2015 1st Workshop on Security and Privacy in Cybermatics, Held in conjuction with IEEE Conference on Communications and Networks Security (IEEE-CNS 2015), Florence, Italy, September 30, 2015. (Submission Due 3 July 2015) http://spicy2015.di.unimi.it In the modern age Cybermatics is differentiating itself by designing the physical and social places into the cyber space to accomplish the union of three spaces: (i) Physical Cyberworld, (ii) Social Cyberworld, and (iii) Thinking Cyberworld. In the cyber space, everywhere cyber-nodes are significantly independent from the space-time limitations that exist in the physical space. Along with the development of intelligent systems, Cybermatics has brought a wide area of open issues during the cyber interaction, physical perception, social correlation, and cognitive thinking. Currently, Cybermatics is still in its initial stage, and it is expected that Cybermatics will lead industrialization and IT applications to a new level and will significantly change the way of producing, living, and even thinking of the mankind. Cybermatics will transform how we interact with and control the physical world around us, just in the same way as the Internet transformed how we interact and communicate with one another and revolutionized how and where we access information. Cyber-physical systems are subject to threats stemming from increasing dependence on computer and communication technologies. Cyber security threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation's security, economy, public safety, and health at risk. This workshop aims to represent an opportunity for cyber security researchers, practitioners, policy makers, and users to exchange ideas, research findings, techniques and tools, raise awareness, and share experiences related to all practical and theoretical aspects of Cybermatics security issues. Capturing security and privacy requirements in the early stages of system development is essential for creating sufficient public confidence in order to facilitate the adoption of novel systems of Cybermatics such as cyber-physical-social (CPS) systems, cyber-physical-social-thinking (CPST) systems, and cyber-physical-thinking (CPT) systems. However, security and privacy requirements are often not handled properly due to their wide variety of facets and aspects which make them difficult to formulate. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and as well as practical aspects of Cybermatics. ------------------------------------------------------------------------- ICISS 2015 11th International Conference on Information Systems Security, Kolkata, India, December 16-20, 2015. (Submission Due 29 July 2015) http://www.iciss.org.in The conference series ICISS (International Conference on Information Systems Security), held annually, provides a forum for disseminating latest research results in information and systems security. ICISS 2015, the eleventh conference in this series, will be held under the aegis of the Society for Research in Information Security and Privacy (SRISP). Submissions are encouraged from academia, industry and government, addressing theoretical and practical problems in information and systems security and related areas. Topics of interest include but are not limited to: - Access and Usage Control - Application Security - Authentication and Audit - Biometric Security - Cloud Security - Cryptographic Protocols - Cyber-physical Systems Security - Data Security and Privacy - Digital Forensics - Digital Rights Management - Distributed Systems Security - Formal Models in Security - Identity Management - Intrusion Detection and Prevention - Intrusion Tolerance and Recovery - Key Management - Language-based Security - Malware Analysis and Mitigation - Network Security - Operating Systems Security - Privacy and Anonymity - Secure Data Streams - Security and Usability - Security Testing - Sensor and Ad Hoc Network Security - Smartphone Security - Software Security - Usable Security - Vulnerability Detection and Mitigation - Web Security ------------------------------------------------------------------------- Journal of Computer and System Sciences, Special Issue on Cyber Security in the Critical Infrastructure: Advances and Future Directions. (Submission Due 31 August 2015) http://www.journals.elsevier.com/journal-of-computer-and-system-sciences /call-for-papers/cyber-security-in-the-critical-infrastructure-advances-and-f/ Editors: Jemal Abawajy (Deakin University, Australia), Kim-Kwang Raymond Choo (University of South Australia, Australia), and Rafiqul Islam (Charles Sturt University, Australia). This special issue invites original research papers that reports on state-of-the-art and recent advancements in securing our critical infrastructure and cyberspace, with a particular emphasis on novel techniques to build resilient critical information infrastructure. Topics of interest include but are not limited to: - Cyber security mitigation techniques for critical infrastructures such as banking and finance, communications, emergency services, energy, food chain, health, mass gatherings, transport and water - Cyber threat modelling and analysis - Cyber forensics - Visual analytics and risk management techniques for cyber security - Cyber security test beds, tools, and methodologies ------------------------------------------------------------------------- IEICE Transactions on Information and Systems, Special Issue on Information and Communication System Security. (Submission Due 10 September 2015) http://www.journals.elsevier.com/computers-and-electrical-engineering /call-for-papers/challenges-and-solutions-in-mobile-systems-security/. Editors: Abhishek Parakh (University of Nebraska, Omaha, USA) and Zhiwei Wang (Nanjing University of Posts and Telecommunications, P.R. China). Mobile devices, such as smart tags, smart pads, tablets, PDAs, smart phones and wireless sensors, have become pervasive and attract significant interest from academia, industry, and standard organizations. With the latest cloud computing technology, those mobile devices will play a more and more important role in computing and communication. When those devices become pervasive, security become critical components for the acceptance of applications build based on those devices. Moreover, several favorable characteristics of mobile devices, including portability, mobility and sensitivity, further increase the challenges of security in these systems. However due to rapid development and applications, security in mobile systems involves different challenges. This special issue aims to bring together works of technologists and researchers who share an interest in the area of security in mobile systems, and to explore new venues of collaboration. Its main purpose is to promote discussions about research and relevant activities in the models and designs of secure, privacy-preserving, trusted architectures, security protocols, cryptographic algorithms, services and applications, as well as to analyse cyber threat in mobile systems. It also aims at increasing the synergy between academic and industry professionals working in this area. We seek papers that address theoretical, experimental research, and works-in-progress for security-related issues in the context of mobile systems. Suitable topics include the following in relation to security: - Cryptography for mobile systems - Mobile local area networks - Mobile mesh networks - Mobile ad-hoc networks - Vehicular networks - Mobile social networks - Mobile smart grid - Mobile RFID-based systems - Mobile cloud - Mobile cyber-physical systems - Internet of things - Location-based service systems - Mobile healthcare systems - Big data for mobile computing ------------------------------------------------------------------------- Pervasive and Mobile Computing, Special Issue on Mobile Security, Privacy and Forensics. (Submission Due 30 September 2015) http://www.journals.elsevier.com/pervasive-and-mobile-computing /call-for-papers/special-issue-on-mobile-security-privacy-and-forensics/ Editors: Kim-Kwang Raymond Choo (University of South Australia, Australia), Lior Rokach (Ben-Gurion University of the Negev Beer-Sheva, Israel), and Claudio Bettini (University of Milan, Italy) This special issue will focus on cutting edge research from both academia and industry on the topic of mobile security, privacy and forensics, with a particular emphasis on novel techniques to secure user data and/or obtain evidential data from mobile devices in crimes that make use of sophisticated and secure technologies. Topics of interest include: - Advanced mobile security features - Anti-anti mobile forensics - Data visualization in mobile forensics - Economics of mobile user security and privacy - Information security awareness of mobile users - Mobile app security - Mobile cloud security - Mobile device security - Mobile app forensic and anti-forensic techniques - Mobile device forensic and anti-forensic techniques - Mobile evidence preservation and examination - Mobile information leakage detection and prevention - Mobile malware - Mobile network security - Mobile threat identification, detection and prevention - Mobile user anonymity - Privacy in geo-social networks - Privacy in mobile context-aware services - Privacy for mobile smart objects - Trust models for mobile devices and services - Usability of mobile privacy and security technologies ------------------------------------------------------------------------- PQCrypto 2016 7th International Conference on Post-Quantum Cryptography, Fukuoka, Japan, February 24-26, 2016. (Submission Due 7 October 2015) https://pqcrypto2016.jp/ The aim of PQCrypto is to serve as a forum for researchers to present results and exchange ideas on the topic of cryptography in an era with large-scale quantum computers. The conference will be preceded by a winter school on February 22-23, 2016. Original research papers on all technical aspects of cryptographic research related to post-quantum cryptography are solicited. The topics include (but are not restricted to): - Cryptosystems that have the potential to be safe against quantum computers such as: hash-based signature schemes, lattice-based cryptosystems, code-based cryptosystems, multivariate cryptosystems and quantum cryptographic schemes; - Classical and quantum attacks including side-channel attacks on post-quantum cryptosystems; - Security models for the post-quantum era. ------------------------------------------------------------------------- ACM Transactions on Internet Technology, Special Issue on Internet of Things (IoT): Secure Service Delivery. (Submission Due 30 November 2015) http://toit.acm.org/CfP/ACM-ToIT-CfP-IoT-Security.pdf Editors: Elisa Bertino (Purdue University, USA), Kim-Kwang Raymond Choo (University of South Australia, Australia), Dimitrios Georgakopoulos (RMIT University, Australia), and Surya Nepal (CSIRO, Australia). The aim of this special section is to bring together cutting-edge research with particular emphasis on novel and innovative techniques to ensure the security and privacy of IoT services and users. We solicit research contributions and potential solutions for IoT-based secure service delivery anywhere and at any time. This special section emphasizes service-level considerations. Topics of interest include, but are not limited to: - Security of IoT - IoT Service Architectures and Platforms - Real-Time IoT Service Security Analytics and Forensics - Organizational Privacy and Security Policies - Governance for IoT Services - Social Aspects of IoT Security - Security and Privacy Threats to IoT Services and Users - Accountability and Trust Management - Legal Considerations and Regulations - Case Studies and Applications ------------------------------------------------------------------------- ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy by completing the on-line for at IEEE at https://www.ieee.org/membership-catalog/productdetail/showProductDetailPage.html?product=CMYSP728 ______________________________________________________________________ TC Publications for Sale ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE CS Press ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Patrick McDaniel Greg Shannon Computer Science and Engineering CERT Pennsylvania State University oakland14-chair@ieee-security.org 360 A IST Building University Park, PA 16802 (814) 863-3599 mcdaniel@cse.psu.edu Vice Chair: Treasurer: Ulf Lindqvist Yong Guan SRI International 3219 Coover Hall Menlo Park, CA Department of Electrical and Computer ulf.lindqvist@sri.com Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2015 Chair: TC Awards Chair: Sean Peisert Hilarie Orman UC Davis and Purple Streak, Inc. Lawrence Berkeley National Laboratory 500 S. Maple Dr. oakland15-chair@ieee-security.org Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year