Commentary and Opinion
Richard Austin's review of the book, How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard and Richard Seiersen
NewsBits: Announcements and correspondence from readers (please contribute!)
Listing of academic positions available by
Nothing new since Cipher E133
Conference and Workshop Announcements
Cipher calendar announcements are on Twitter; follow "ciphernews"
new calls or announcements added since Cipher E133 (the calls-for-papers and the calendar announcements may differ slightly in content or time of update):
ICSS 2016 Industrial Control System Security Workshop, Held in conjunction with 32nd Annual Computer Security Applications Conference (ACSAC 2016), Los Angeles, CA, USA, December 6, 2016. (Submissions due 19 September 2016)
Supervisory control and data acquisition (SCADA) and industrial control systems monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steal manufacturing. Such systems are usually built using a variety of commodity computer and networking components, and are becoming increasingly interconnected with corporate and other Internet-visible networks. As a result, they face significant threats from internal and external actors. For example, in 2010 the Stuxnet malware was specifically written to attack SCADA systems and caused millions of dollars in damages.The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource constrained computing devices, legacy operating systems and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new security techniques that are applicable in the control systems context. Papers of interest including (but not limited to) the following subject categories are solicited:
IEEE Communications Magazine, Feature Topic on Traffic Measurements for Cyber Security, (Submissions Due 1 October 2016)
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland),
Koji Nakao (KDDI / NICT, Japan), Maciej Korczyski (Delft University of Technology, The Netherlands),
Engin Kirda (Northeastern University, USA), Cristian Hesselman (SIDN Labs, The Netherlands),
and Katsunari Yoshioka (Yokohama National University, Japan)
In today's world, societies are becoming more and more dependent on open networks such as the Internet - where commercial activities, business transactions and government services are realized. This has led to the fast development of new cyber threats and numerous information security issues which cyber criminals exploit. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous unfavorable socio-economic impact on global enterprises as well as individuals.
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a not only difficult yet vital task for network management but recently also for cyber security purposes.
Network traffic measuring and monitoring can, enable the analysis of the spreading of malicious software and its capabilities or can help us understand the nature of various network threats including those that exploit users' behavior and other user's sensitive information. On the other hand, network traffic investigation can also help us assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cyber security e.g. to assess ISP "badness" or to estimate the revenue of cyber criminals.
The aim of this feature topic is to bring together the research accomplishments by academic and industry researchers. The other goal is to show the latest research results in the field of cyber security and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews.
This special issue presents some of the most relevant ongoing research in cyber security seen from the traffic measurements perspective. Topics include, but are not limited to the following:
INTRICATE-SEC 2017 5th International Workshop on Security Intricacies in Cyber-Physical Systems and Services, Taipei, Taiwan, March 27-29, 2017. (Submissions Due 1 October 2016)
Cyber-physical systems (CPS) are ubiquitous in critical infrastructures such as electrical power generation, transmission, and distribution networks, water management, and transportation, but also in both industrial and home automation. For flexibility, convenience, and efficiency, CPS are increasingly supported by commodity hardware and software components that are deliberately interconnected using open standard general purpose information and communication technology (ICT). The long life-cycles of CPS and increasingly incremental changes to these systems require novel approaches to the composition and inter-operability of services provided. The paradigm of service-oriented architectures (SoA) has successfully been used in similar long-lived and heterogeneous software systems. However, adapting the SoA paradigm to the CPS domain requires maintaining the security, reliability and privacy properties not only of the individual components but also, for complex interactions and service orchestrations that may not even exist during the initial design and deployment of an architecture. An important consideration therefore is the design and analysis of security mechanisms and architectures able to handle cross domain inter-operability over multiple domains involving components with highly heterogeneous capabilities. The INTRICATE-SEC workshop aims to provide a platform for academics, industry, and government professionals to communicate and exchange ideas on provisioning secure CPS and Services.
SG-CRC 2017 2nd Singapore Cyber Security R&D Conference, Singapore, February 21-22, 2017. (Submissions Due 1 October 2016)
This conference will bring together academics and practitioners from across the world to participate in a vibrant programme consisting of research papers, industrial best practices, and tools exhibition. This conference focus on techniques and methodologies oriented to construct resilient systems against cyber-attacks that will helps to construct safe execution environments, improving security of both hardware and software by means of using mathematical tools and engineering approaches for designing, verifying, and monitoring cyber physical systems. Authors are invited to submit original work on the topics that fall in the general area of cyber security. Submissions may focus on theoretical results, experiments, or a mix of both.
DFRWS-EU 2017 DFRWS digital forensics EU conference, Lake Constance, Germany, March 21-23, 2017. (Submissions Due 3 October 2016)
This year two premier research conferences in Europe, the DFRWS digital forensics conference (DFRWS EU 2017) and the International Conference on IT Security Incident Management & IT Forensics (IMF 2017) are brought together. Established in 2001, DFRWS has become the premier digital forensics conference, dedicated to solving real world challenges, and pushing the envelope of what is currently possible in digital forensics. Since 2003, IMF has established itself as one of the premier venues for presenting research on IT security incident response and management and IT forensics. While the first IMF conference was organized to establish a research forum for German speaking researchers and practitioners from the field, it soon became an International conference attracting many experts across Europe. IMF 2017, being the 10th Conference, is also an important mile stone in bringing the two worlds of IT security incident response and management and forensics together. Both DFRWS and IMF organise informal collaborative environments each year that bring together leading researchers, practitioners, industry, tool developers, academics, law enforcement, and other government bodies from around the globe to tackle current and emerging challenges in their fields. The co-hosting of the two events will help generate new discussions and ideas by bringing together two strong research communities: DFRWS's community encompassing a broad range of topics in digital forensics, and IMF's community focusing on IT security incident response and management.
WWW 2017 WWW Security and Privacy Track, Perth, Australia, April 3-7, 2017. (Submissions Due 19 October 2016)
The Security and Privacy track at the International World Wide Web Conference offers researchers working on security, privacy, trust, and abuse of trust to present their work to the broad community of researchers, with myriad backgrounds and interests, who will be attending the 2017 World Wide Web Conference. Relevant topics include:
HOST 2017 IEEE International Symposium on Hardware Oriented Security and Trust, McLean, VA, USA, May 1-5, 2017. (Submissions Due 1 November 2016)
IEEE International Symposium on Hardware Oriented Security and Trust (HOST) aims to facilitate the rapid growth of hardware-based security research and development. HOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware. HOST 2017 invites original contributions related to, but not limited by, the following topics:
ASIACCS 2017 ACM Symposium on Information, Computer and Communications Security, Abu Dhabi, United Arab Emirates, April 2-6, 2017. (Submissions Due 1 November 2016)
Building on the success of ACM Conference on Computer and Communications Security (CCS), the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) formally established the annual ACM Asia Conference on Computer and Communications Security (ASIACCS). Topics of interest include but are not limited to:
SP 2017 38th IEEE Symposium on Security and Privacy, San Jose, CA, USA, May 22-24, 2017. (Submissions Due 4 November 2016)
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
PETS 2017 17th Privacy Enhancing Technologies Symposium, Minneapolis, MN, USA, July 18 - July 21, 2017. (Submissions Due 31 August 31 2016; 30 November 2016; 28 February 28 2017)
The annual Privacy Enhancing Technologies Symposium (PETS) brings together privacy experts from around the world to present and discuss recent advances and new perspectives on research in privacy technologies. Papers undergo a journal-style reviewing process and accepted papers are published in Proceedings on Privacy Enhancing Technologies (PoPETs), a scholarly, open access journal. Submitted papers should present novel practical and/or theoretical research into the design, analysis, experimentation, or fielding of privacy-enhancing technologies. While PETS/PoPETs has traditionally been home to research on anonymity systems and privacy-oriented cryptography, we strongly encourage submissions on a number of both well-established and emerging privacy-related topics, for which examples are provided below. PoPETs also solicits submissions for Systematization of Knowledge (SoK) papers. These are papers that critically review, evaluate, and contextualize work in areas for which a body of prior literature exists, and whose contribution lies in systematizing the existing knowledge in that area.
IEEE MultiMedia, Special Issue on Cybersecurity for Cyber-Enabled Multimedia Applications, (Submissions Due 1 December 2016)
Guest Editors: Qun Jin (Waseda University, Japan),
Yong Xiang (Deakin University, Australia),
Guozi Sun (Nanjing University of Posts and Telecommunications, China),
Yao Liu (University of South Florida, USA),
and Chin-Chen Chang (Feng Chia University, Taiwan)
With the rapid popularity of social network applications and advanced digital devices, the past few years have witnessed the explosive growth of multimedia big data in terms of both scale and variety. Such increasing multimedia data determines a new way of communication: seamless network connection, the joyfulness user experience, and free information sharing. Meanwhile, security issues related to such multimedia big data have arisen, and an urgent demand for novel technologies has emerged to deal with copyright protection, multimedia forgery detection, and cybersecurity, especially for cyber-enabled multimedia applications. Although many promising solutions have been proposed recently, it is still challenging for the multimedia community to effectively and efficiently handle security challenges over large-scale multimedia data, especially when the scale comes up from tens of thousands to tens of millions or even billions. This special issue aims to bring together the greatest research efforts in cybersecurity for cyber-enabled multimedia applications to specifically deal with the security challenges in the multimedia big data era. The main goals are to investigate novel ideas and research work of cybersecurity issues with multimedia big data; find or develop effective and efficient techniques and methods in computer vision, multimedia processing, and sensor networks for specific cybersecurity tasks, such as data hiding, and forensics; survey the progress of this area in the past years; and explore interesting and practical cyber-enabled multimedia applications. Submissions should be unpublished and present innovative research work offering contributions either from a methodological or application point of view. Topics of interest include, but are not limited to, the following:
Advances in Multimedia journal, Special Issue on Emerging Challenges and Solutions for Multimedia Security, (Submissions Due 2 December 2016)
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology, Poland),
Artur Janicki (Warsaw University of Technology, Poland),
Hui Tian (National Huaqiao University, China),
and Honggang Wang (University of Massachusetts Dartmouth, USA)
Today's world's societies are becoming more and more dependent on open networks such as the Internet, where commercial activities, business transactions, government services, and entertainment services are realized. This has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies could have a tremendous socioeconomic impact on global enterprises as well as on individuals. In the recent years, rapid development in digital technologies has been augmented by the progress in the field of multimedia standards and the mushrooming of multimedia applications and services penetrating and changing the way people interact, communicate, work, entertain, and relax. Multimedia services are becoming more significant and popular and they enrich humans' everyday life. Currently, the term multimedia information refers not only to text, image, video, or audio content but also to graphics, flash, web, 3D data, and so forth. Multimedia information may be generated, processed, transmitted, retrieved, consumed, or shared in various environments. The lowered cost of reproduction, storage, and distribution, however, also invites much motivation for large-scale commercial infringement. The above-mentioned issues have generated new challenges related to protection of multimedia services, applications, and digital content. Providing multimedia security is significantly different from providing typical computer information security, since multimedia content usually involves large volumes of data and requires interactive operations and real-time responses. Additionally, ensuring digital multimedia security must also signify safeguarding of the multimedia services. Different services require different methods for content distribution, payment, interaction, and so forth. Moreover, these services are also expected to be 'smart' in the environment of converged networks, which means that they must adapt to different network conditions and types as multimedia information can be utilized in various networked environments, for example, in fixed, wireless, and mobile networks. All of these make providing security for multimedia even harder to perform. This special issue intends to bring together diversity of international researchers, experts, and practitioners who are currently working in the area of digital multimedia security. Researchers both from academia and industry are invited to contribute their work for extending the existing knowledge in the field. The aim of this special issue is to present a collection of high-quality research papers that will provide a view on the latest research advances not only on secure multimedia transmission and distribution but also on multimedia content protection. Potential topics include, but are not limited to:
IEEE Security & Privacy Magazine, Special issue on Digital Forensics, (Submissions Due 1 March 2017)
Guest Editors: Wojciech Mazurczyk (Warsaw University of Technology &
FernUniversitat in Hagen, Poland), Steffen Wendzel (Fraunhofer FKIE, Germany),
Luca Caviglione (National Research Council of Italy, Italy),
and Simson L. Garfinkel (National Institute of Standards and
Modern societies are becoming increasingly dependent on open networks where commercial activities, business transactions, and government services are delivered. Despite the benefits, these networks have led to new cyberthreats and cybersecurity issues. Abuse of and mistrust for telecommunications and computer network technologies have significant socioeconomic impacts on global enterprises as well as individuals. Cybercriminal activities such as fraud often require the investigations that span across international borders. In addition, they're often subject to different jurisdictions and legal systems. The increased intricacy of the communication and networking infrastructure complicates investigation of such activities. Clues of illegal digital activities are often buried in large volumes of data that makes crime detection and evidence collection difficult. This poses new challenges for law enforcement and compels computer societies to utilize digital forensics to combat the growing number of cybercrimes. Forensic professionals must be fully prepared to gather effective digital evidence. Forensic techniques must keep pace with new technologies; therefore, digital forensics is becoming more important for law enforcement and information and network security. This multidisciplinary area includes several fields, including law, computer science, finance, networking, data mining, and criminal justice. It faces diverse challenges and issues in terms of the efficiency of digital evidence processing and related forensic procedures. This special issue aims to collect the most relevant ongoing research efforts in digital forensics field. Topics include, but aren't limited to:
Staying in touch....
IEEE Computer Society's Technical Committee on Security and Privacy
|TC home page||TC Officers|
|How to join the TCSP (or other TCs)||Open Access Proceedings|
|Cipher past issues archive|