_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 143 March 18, 2018 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o News: - CERIAS Celebrates a Score - Blame it on Russia (The US and UK do!) - Mid-term elections cause a rash of fretting - Secure Voting Machines, My Foot! - Russia, turn off the lights! o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: There are only a few weeks left of early registration for the Security and Privacy Symposium aka "Oakland", which has once again migrated, this time returning to San Francisco. The program and papers are available at https://www.computer.org/csdl/proceedings/sp/2018/4353/00/index.html. There is something in the program for almost every interest, be it ransomware, social media privacy, kernel bugs, interesting side channels, ... the list mirrors the threats and defenses of our digital lives. Gene Spafford invites everyone to the Center for Education and Research in Information Assurance and Security (CERIAS) for its annual security research symposium and its 20th anniversary bash April 3rd and 4th. See our news section for the registration link and other important information. Instances of harrassment at the conferences sponsored by the TCSP seem rare, but in this #MeToo moment, conference-goers should be aware that IEEE has both a Code of Conduct and a Code of Ethics that make it clear that harrassment is not tolerated. There are IEEE ethics committees that deal with reports of bad conduct. The atmosphere at a conference is strongly influenced by the leadership. A diverse and proactive group of conference organizers and senior attendees makes all the difference. If the leadership at a conference seems thin on diversity, to the detriment of some attendees, speak up, volunteer, and make the conference better. From our selection of news articles about security, we can see that more computers does not mean more security. This work is never done. The Merry Minuet in C++ There's malware in Africa, There's hacking in Spain, There's ransomware in Florida, And spam will flood Maine, The whole world is festering with software at war, CPlusPlusians hate CSharpians, CSharpians hate R, Pythonistas hate the Perlites, the Perlites hate SQL, And I say everyone can go to hell. (with apologies to the great Sheldon Harnick) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ------------------ CERIAS Celebrates a Score CERIAS Marks 20 Years https://ceri.as/symp By Gene Spafford Summary: CERIAS at Purdue University is celebrating its 20th anniversary this year, as a leading center of innovation in education and research. We'd like to invite friends and colleagues - old and new - to attend our annual symposium and celebration, April 3 & 4. There will be a no-cost workshop on cyberphysical research held the day before for symposium attendees who wish to attend. Registration and other details about the symposium are available at https://ceri.as/symp. Note that anyone with a ".edu" can register at no charge. ------------------ Blame it on Russia (The US and UK do!) US joins UK in blaming Russia for NotPetya cyber-attack https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine The Guardian By Sarah Marsh Feb 15, 2018 Summary: The White House and Downing Street announced that they believe that Russia was responsible for a ransomware attack that cost the world more than a billion dollars by rendering computers useless due to loss of access to their files. The attack may have been meant to target the Ukraine, but it spread far and wide after its inception in June of 2017. The British defence secretary called it "a new era of warfare" (perhaps showing that he hadn't been paying attention until recently). ------------------ Mid-term elections cause a rash of fretting State elections officials fret over cybersecurity threats https://www.washingtonpost.com/politics/state-elections-officials-fret-over-cybersecurity-threats/2018/02/17/1f850f46-1331-11e8-9065-e55346f6de81_story.html The Washington Post By Michelle Ye Hee Lee Feb 17, 2018 Summary: The Department of Homeland Security is taking steps to assure that state election officials can know about the software threats facing them during midterm elections this year. Nonetheless, at a recent conference of state secretaries of state, there were complaints that the federal government was too reticent in its information sharing efforts. While it is known that Russians tried to access voter information in 21 states, some state officials feel that they do not have a clear picture of the threats and how to counteract them. In other states, even simple steps to add safeguards to voter information systems are stymied by the fact that not all election precincts have smartphones and Internet access. ------------------ Secure Voting Machines, My Foot The Myth of the Hacker-Proof Voting Machine https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html By Kim Zetter The New York Times Feb 21, 2018 Summary: When an election board in a rural Pennsylvania county hired a computer science expert to analyze a problem with the touchscreens on voting machines, they did not expect to find that the machines had remote access software installed. In fact, the software was present, and it had been installed by contractor for the county who worked from home. His convenience was a security nightmare because it was a way for hackers to gain access and control the machine. Fortunately, there was no evidence of that happening, but it underscored the severe difficulties that plague the thousands of precincts that have no way to properly safeguard the voting machines, if indeed there is anyway to completely safeguard them. ------------------ Russia, turn off the lights! US accuses Russia of cyber-attack on energy sector and imposes new sanctions https://www.theguardian.com/us-news/2018/mar/15/russia-sanctions-energy-sector-cyber-attack-us-election-interference By Julian Borger The Guardian Mar 15, 2018 Summary: According to US officials, in March of 2016 Russia began a concerted cyber-attack to conduct surveillance on the management of US energy grid. The campaign used spear phishing attacks to learn passwords and other access methods, followed by installation of remote monitoring software. The FBI and Homeland Security feel certain that the actions were conducted by the Russian government. The US industrial control systems have been the subject of years of security analysis and recommendations, and this recent hacking shows the importance of moving to secure all critical systems immediately. ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== Vrije Universiteit Amsterdam Netherlands Three faculty positions in CS security
Job Highlights: https://www.vusec.net/3-positions-cs Job Description: https://www.vu.nl/en/employment/vacancies/2018/18068ThreeAssistantProfessorsOrAssociateProfessorsInComputerSystems.aspx Information: D.C.A.Bulterman@vu.nl Vrije Universiteit Amsterdam Netherlands PhD/Postdoc in systems security
Job Highlights: https://www.vusec.net/join/ Information: vusec@vu.nl (mention VUseek in subject) Surrey Centre for Cyber Security, University of Surrey United Kingdom UK citizenship required To apply, contact Dr. Ioana Boureanu i.boureanu@surrey.ac.uk Information at: https://jobs.surrey.ac.uk/vacancy.aspx?ref=007318 -------------- Full list at http://cisr.nps.edu/jobscipher.html This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ 3/21/18: IWSPA, 4th International Workshop on Security and Privacy Analytics, Co-located with ACM CODASPY 2018, Tempe, AZ, USA; http://capex.cs.uh.edu/?q=content/4th-international-workshop-security-and-privacy-analytics-2018 3/23/18: WSEC, 13th International Workshop on Security, Sendai, Japan; http://www.iwsec.org/2018/ Submissions are due 3/25/18- 3/28/18: PKC, 21st IACR International Conference on Practice and Theory in Public-Key Cryptography, Rio de Janeiro, Brazil; https://pkc.iacr.org/2018/ 3/30/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing Athens, Greece; http://cyber-science.org/2018/dasc/ Submissions are due 3/30/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy Bergamo, Italy; http://dbsec18.unibg.it Submissions are due 4/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due 4/ 1/18: DSML, International Workshop on Dependable and Secure Machine Learning Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg; https://dependablesecureml.github.io Submissions are due 4/10/18- 4/11/18: HotSoS, 5th Annual Hot Topics in the Science of Security Symposium, Raleigh, North Carolina, USA; https://cps-vo.org/group/hotsos/cfp 4/13/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK; http://nspw.org/2018/cfp Submissions are due 4/15/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany; https://www.ares-conference.eu/workshops/fares-2018/ Submissions are due 4/15/18: GRAMSEC, 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK; http://gramsec.uni.lu Submissions are due 4/17/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway; https://easychair.org/cfp/NISK2018 Submissions are due 4/25/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia; http://plls2018.ttu.ee Submissions are due 4/30/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA; http://d-forensics.org/ Submissions are due 4/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany; https://www.ares-conference.eu/workshops/wcti-2018/ Submissions are due 4/30/18- 5/ 4/18: HOST, IEEE International Symposium on Hardware-Oriented Security and Trust, Washington DC, USA; http://www.hostsymposium.org 5/ 1/18: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ Submissions are due 5/ 1/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China; http://www.sci-cs.net/ Submissions are due 5/ 1/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy; http://cans2018.na.icar.cnr.it/ Submissions are due 5/ 2/18- 5/ 3/18: HST, 18th annual IEEE Symposium on Technologies for Homeland Security, Washington D.C., USA; http://ieee-hst.org 5/ 8/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada; https://www.sigsac.org/ccs/CCS2018/papers.html Submissions are due 5/21/18- 5/23/18: SP, 39th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2018/cfpapers.html 5/22/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden; http://www.iit.cnr.it/strive2018 Submissions are due 5/24/18: BioSTAR, 3rd International Workshop on Bio-inspired Security, Trust, Assurance and Resilience, Co-located with 39th IEEE Symposium on Security and Privacy (IEEE S&P 2018), San Francisco, CA, USA; http://biostar.cybersecurity.bio/ 5/30/18- 6/ 1/18: CNS, IEEE Conference on Communications and Network Security, Beijing, China; http://cns2018.ieee-cns.org/ 6/ 4/18- 6/ 7/18: WIIoTS, Workshop on Industrial Internet of Things Security, Bilbao, Spain; http://globaliotsummit.org 6/ 4/18- 6/ 8/18: ASIACCS, ACM Symposium on Information, Computer and Communications Security, Sungdo, Incheon, Korea; http://asiaccs2018.org/ 6/26/18- 6/27/18: ESSoS, International Symposium on Engineering Secure Software and Systems, Campus Paris-Saclay, France; https://distrinet.cs.kuleuven.be/events/essos/2018/index.html 7/ 2/18-7/ 4/18: IVSW, 3rd International Verification and Security Workshop, Costa Brava, Spain; http://tima.imag.fr/conferences/ivsw/ivsw18/ 7/ 8/18: GRAMSEC, 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK; http://gramsec.uni.lu 7/ 8/18-7/13/18: WCCI-Blockchain, Blockchain Research and Applications Session, Held in conjunction with the 2018 World Congress on Computational Intelligence (WCCI 2018), Rio de Janeiro, Brasil; http://www.ieee-cifer.org 7/15/18-7/18/18: DFRWS, 18th Annual DFRWS USA 2018 Conference, Providence, Rhode Island, USA; http://dfrws.org/conferences/dfrws-usa-2018 7/16/18-7/18/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy; http://dbsec18.unibg.it 7/24/18-7/27/18: PETS, 18th Privacy Enhancing Technologies Symposium, Barcelona, Spain; https://petsymposium.org/ 7/20/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada; http://www.isddc.org/2018/ Submissions are due 8/12/18-8/14/18: SOUPS, 14th Symposium on Usable Privacy and Security, Baltimore, MD, USA; https://www.usenix.org/conference/soups2018 8/12/18-8/14/18: SciSec, 1st International Conference on Science of Cyber Security, Beijing, China; http://www.sci-cs.net/ 8/12/18-8/15/18: DASC, 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece; http://cyber-science.org/2018/dasc/ 8/15/18-8/17/18: USENIX Security, 27th USENIX Security Symposium, Baltimore, MD, USA; https://www.ieee-security.org/TC/SP2018/cfpapers.html 8/19/18-8/23/18: Crypto, 38th International Cryptology Conference, Santa Barbara, CA, USA; https://crypto.iacr.org/2018/ 8/27/18-8/30/18: ARES, 13th International Conference on Availability, Reliability and Security, Hamburg, Germany; http://www.ares-conference.eu 8/27/18-8/30/18: FARES, 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany; https://www.ares-conference.eu/workshops/fares-2018/ 8/27/18-8/30/18: WCTI, International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany; https://www.ares-conference.eu/workshops/wcti-2018/ 8/31/18: NSPW, New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK; http://nspw.org/2018/cfp 9/ 3/18- 9/ 5/18: WSEC, 13th International Workshop on Security, Sendai, Japan; http://www.iwsec.org/2018/ 9/10/18- 9/12/18: ICDF2C, 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA; http://d-forensics.org/ 9/17/18- 9/19/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia; http://plls2018.ttu.ee 9/18/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden; http://www.iit.cnr.it/strive2018 9/18/18- 9/20/18: NISK, 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway; https://easychair.org/cfp/NISK2018 9/30/18-10/ 2/18: SecDev, IEEE Security Development Conference, Cambridge, MA, USA; https://secdev.ieee.org/2018/papers/ 9/30/18-10/ 3/18: CANS, 17th International Conference on Cryptology and Network Security, Naples, Italy; http://cans2018.na.icar.cnr.it/ 10/ 1/18: Springer International Journal of Information Security, Special Issue on IoT Security and Privacy; https://link.springer.com/journal/10207 Submissions are due 10/15/18-10/19/18: ACM-CCS, 25th ACM Conference on Computer and Communications Security, Toronto, Canada; https://www.sigsac.org/ccs/CCS2018/papers.html 11/28/18-11/30/18: ISDDC, International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada; http://www.isddc.org/2018/ 5/20/19- 5/22/19: SP, 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/ ____________________________________________________________________ Journal, Conference and Workshop Calls-for-Papers (new since Cipher E142) ___________________________________________________________________ IWSEC 2018 13th International Workshop on Security, Sendai, Japan, September 3-5, 2018. (Submissions Due 23 March 2018) http://www.iwsec.org/2018/ Original papers on the research and development of various security topics, as well as case studies and implementation experiences, are solicited for submission to IWSEC 2018. Topics of interest for IWSEC 2018 include all theory and practice of cryptography, information security, and network security, as in previous IWSEC workshops. ------------------------------------------------------------------------- DASC 2018 16th IEEE International Conference on Dependable, Autonomic and Secure Computing, Athens, Greece, August 12-15, 2018. (Submissions Due 30 March 2018) http://cyber-science.org/2018/dasc/ IEEE DASC 2018 aims to bring together computer scientists, industrial engineers, and researchers to discuss and exchange experimental and theoretical results, novel designs, work-in-progress, experience, case studies, and trend-setting ideas in the areas of dependability, security, trust and/or autonomic computing systems. Topics of particular interests include the following tracks, but are not limited to: - Dependable, Autonomic, Secure Computing Systems, Architectures and Communications - Cloud Computing and Fog/edge Computing with Autonomic and Trusted Environment - Dependable Automatic Control Techniques and Systems - Dependable Sensors, Devices, Embedded Systems - Dependable Electronic-Mechanical Systems, Optic-Electronic Systems - Self-improvement in Dependable Systems - Self-healing, Self-protection and Fault-tolerant Systems - Hardware and Software Reliability, Verification and Testing - Software Engineering for Dependable Systems - Safety-critical Systems in Transportation and Power System - Security Models and Quantifications - Trusted P2P, Web Service, SoA, SaaS, EaaS, and PaaS - Self-protection and Intrusion-detection in Security - DRM, Watermarking Technology, IP Protection - Context-aware Access Control - Virus Detections and Anti-Virus Techniques/Software - Cyber Attack, Crime and Cyber War - Human Interaction with Trusted and Autonomic Computing Systems - Security, Dependability and Autonomic Issues in Ubiquitous Computing - Security, Dependability and Autonomic Issues in Cyber-Physical System - Security, Dependability and Autonomic Issues in Big Data, SDN, and IoT Systems - QoS in Communications and Services and Service Oriented Architectures - Information and System Security - Reliable Computing and Trusted Computing - Wireless Emergency and Security Systems - Information Technology in Biomedicine - Multimedia Security Issues over Mobile and Wireless Networks - Multimedia in Mobile Computing: Issues, System Design and Performance Evaluation - Software Architectures and Design for Emerging Systems - Software Engineering for Emerging Networks, Systems, and Mobile Systems - Evaluation Platforms for Dependable, Autonomic and Secure Computing Systems - Trustworthy Data, Secured Data Collection System, Model, and Architectures ------------------------------------------------------------------------- DBSec 2018 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy, Bergamo, Italy, July 16-18, 2018. (Submissions Due 30 March 2018) http://dbsec18.unibg.it DBSec is an annual international conference covering research in data and applications security and privacy. The 32nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2018) will be held in Bergamo, Italy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security. Topics of interest include, but are not limited to: - access control - anonymity - applied cryptography in data security - authentication - big data security - data and system integrity - data protection - database security - digital rights management - identity management - intrusion detection - knowledge discovery and privacy - methodologies for data and application security - network security - organizational security - privacy - secure cloud computing - secure distributed systems - secure information integration - secure Web services - security and privacy in crowdsourcing - security and privacy in IT outsourcing - security and privacy in the Internet of Things - security and privacy in location-based services - security and privacy in P2P scenarios and social networks - security and privacy in pervasive/ubiquitous computing - security and privacy policies - security management - security metrics - threats, vulnerabilities, and risk management - trust and reputation systems - trust management - wireless and mobile security ------------------------------------------------------------------------- SP 2019 40th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 20-22, 2019. (Submissions Due first day of each month) https://www.ieee-security.org/TC/SP2019/ Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been he premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include: - Access control and authorization - Accountability - Anonymity - Application security - Attacks and defenses - Authentication - Censorship resistance - Cloud security - Distributed systems security - Economics of security and privacy - Embedded systems security - Forensics - Hardware security - Intrusion detection and prevention - Malware and unwanted software - Mobile and Web security and privacy - Language-based security - Network and systems security - Privacy technologies and mechanisms - Protocol security - Secure information flow - Security and privacy for the Internet of Things - Security and privacy metrics - Security and privacy policies - Security architectures - Usable security and privacy This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix ÒSoK:Ó in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. Workshops The Symposium is also soliciting submissions for co-located workshops. Further details on submissions can be found at https://www.ieee-security.org/TC/SP2019/workshops.html. Ongoing Submissions To enhance the quality and timeliness of the scientific results presented as part of the Symposium, and to improve the quality of our reviewing process, IEEE S&P now accepts paper submissions 12 times a year, on the first of each month. The detailed process can be found at the conference call-for-papers page. ------------------------------------------------------------------------- DSML 2018 International Workshop on Dependable and Secure Machine Learning, Co-located with the 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018), Luxembourg City, Luxembourg, June 25, 2018. (Submissions Due 1 April 2018) https://dependablesecureml.github.io The DSN Workshop on Dependable and Secure Machine Learning (DSML) is an open forum for researchers, practitioners, and regulatory experts, to present and discuss innovative ideas and practical techniques and tools for producing dependable and secure machine learning (ML) systems. A major goal of the workshop is to draw the attention of the research community to the problem of establishing guarantees of reliability, security, safety, and robustness for systems that incorporate increasingly complex ML models, and to the challenge of determining whether such systems can comply with requirements for safety-critical systems. A further goal is to build a research community at the intersection of machine learning and dependable and secure computing. ------------------------------------------------------------------------- NSPW 2018 New Security Paradigms Workshop, Cumberland Lodge, Windsor, UK, August 28-31, 2018. (Submissions Due 13 April 2018) http://nspw.org/2018/cfp The New Security Paradigms Workshop (NSPW) seeks embryonic, disruptive, and unconventional ideas on information and cyber security that benefit from early feedback. Submissions typically address current limitations of information security, directly challenge long-held beliefs or the very foundations of security, or discuss problems from an entirely novel angle, leading to new solutions. We welcome papers both from computer science and other disciplines that study adversarial relationships, as well as from practice. The workshop is invitation-only; all accepted papers receive a 1 hour plenary time slot for presentation and discussion. In order to maximize diversity of perspectives, we particularly encourage submissions from new NSPW authors, from Ph.D. students, and from non-obvious disciplines and institutions. In 2018, NSPW invites theme submissions around "Security in 2038" next to regular submissions. We know from past experience that every security advance brings with it new security failures. Automated software updates open the door to malicious software updates; DNSSEC is subject to cryptography-based denial-of-service attacks; antivirus software can be compromised by data files that are otherwise harmless. We encourage authors to imagine the security problems of the next 20 years, how they are currently being created through fallible solutions and paradigms, and what alternative paradigms would be available to mitigate those anomalies (as meant by Kuhn). Theme submissions can take any form, but we suggest writing them as if they were a submission for NSPW 2038 (including citations to future work). We particularly invite submissions (co-)authored by historians and futurologists. ------------------------------------------------------------------------- FARES 2018 13th International Workshop on Frontiers in Availability, Reliability and Security, Hamburg, Germany, August 27-30, 2018. (Submissions Due 15 April 2018) https://www.ares-conference.eu/workshops/fares-2018/ FARES establishes an in-depth academic platform to exchange novel theories, designs, applications and on-going research results among researchers and practitioners in different Computing Dependability aspects which emphasize the Practical Issues in Availability, Reliability and Security. Topics of interest comprise but are not limited to: - Reliability Models and Failure Prevention - Standards, Guidelines and Certification - Dependability Requirement Engineering - Intrusion Detection and Fraud Detection - Database and Datawarehouse Security - Dependability Modelling and Prediction - Secure Enterprise Information System - Trust Models and Trust Management - Network/Software/Database Security - Risk Planning, Analysis & Awareness - Survivability of Computing Systems - Authorization and Authentication - Applied Tools and Applications - Security and privacy issues - Security Models / Methods - Availability and Reliability - Usability and Security - Digital Forensics - Grid Security ------------------------------------------------------------------------- GRAMSEC 2018 5th International Workshop on Graphical Models for Security, Co-located with CSF 2018, Oxford, UK, July 8, 2018. (Submissions Due 15 April 2018) http://gramsec.uni.lu The use of graphical security models to represent and analyse the security of systems has gained an increasing research attention over the last two decades. Formal methods and computer security researchers, as well as security professionals from the industry and government, have proposed various graphical security models, metrics, and measurements. Graphical models are used to capture different security facets and address a range of challenges including security assessment, automated defence, secure services composition, security policy validation, and verification. For example, attack graphs, attack trees, attack-defence trees, and attack countermeasure trees represent possible ways of attacking and defending a system while misuse cases and mal-activity diagrams capture threats and abusive behaviour of users. ------------------------------------------------------------------------- NISK 2018 11th Norwegian Information Security Conference, Longyearbyen, Svalbard, Norway, September 18-20, 2018. (Submissions Due 17 April 2018) https://easychair.org/cfp/NISK2018 The 11th Norwegian Information Security Conference (NISK2018) will take place in Svalbard, Sep. 18-20, 2018. The annual NISK conference series aims to be the principal Norwegian venue for presenting new research and developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities. We invite national and international contributions in any aspect of ICT security and privacy. Submissions can be in the form of full papers, short papers and poster/demo presentation. All papers must be original and not simultaneously submitted to another journal or conference. ------------------------------------------------------------------------- PLLS 2018 2nd Workshop on the Protection of Long-Lived Systems, Parnu, Estonia, September 17-19, 2018. (Submissions Due 25 April 2018) http://plls2018.ttu.ee Original contributions on technical, legal, social and economical aspects of protecting systems that are intended to work or have been working during a long period of time are solicited for submission to PLLS 2018. Submissions are welcome on any topics related to long-term security. ------------------------------------------------------------------------- ICDF2C 2018 10th EAI International Conference on Digital Forensics & Cyber Crime, New Orleans, LA, USA, September 10-12, 2018. (Submissions Due 30 April 2018) http://d-forensics.org/ Cyberspace is becoming increasingly central to the basic function of modern society. Cybercrime and cyberwarfare have emerged as major threats to the integrity of digital information and to the functioning of cyber-controlled physical systems. Such threats have direct consequences for almost all individuals, businesses and organizations, government institutions, and civic processes. Digital forensics and cybercrime investigations are multidisciplinary areas that encompass law and law enforcement, computer science and engineering, IT operations, economics and finance, data analytics and criminal justice. ICDF2C brings together researchers and practitioners from all these areas in order to scientifically address the numerous challenges due to the rapid increase in the amount and variety of data under investigation, as well as the growing complexity of both the threats and the targeted systems. ------------------------------------------------------------------------- WCTI 2018 International Workshop on Cyber Threat Intelligence, Held in conjunction with the 13th International Conference on Availability, Reliability and Security (ARES 2018), Hamburg, Germany, August 27-30, 2018. (Submissions Due 30 April 2018) https://www.ares-conference.eu/workshops/wcti-2018/ In order to effectively defend a system against malicious activities, information about the nature of the adversaries, their available skills and resources is essential. Without this information, we run the risk that the portfolio of countermeasures does not turn out to be adequate to thwart off cyber threats, or that the defender deploys unnecessary resources. Cyber Threat Intelligence is an emerging new discipline, which aims to develop methods and techniques to assemble information about compromises, extract information about the infrastructure and tools used, investigate adversarial techniques and practices and their evolution, structure and share this information and thus help detect and prevent future incidents. WCTI aims to bring together experts from academia, industry, government and law enforcement who are interested to advance the state of the art in cyber threat intelligence. The aim of the workshop is to present mature and early stage ideas, promote discussion and exchange, and build a community of researchers and practitioners in cyber threat intelligence. ------------------------------------------------------------------------- SciSec 2018 1st International Conference on Science of Cyber Security, Beijing, China, August 12-14, 2018. (Submissions Due 1 May 2018) http://www.sci-cs.net/ This new forum aims to catalyze the research collaborations between the relevant communities and disciplines that can work together to deepen our understanding of, and build a firm foundation for, the emerging Science of Cyber Security. Publications in this venue would distinguish themselves from others by taking or thinking from a holistic perspective about cyber security, rather than the building-block perspective. Each submission will be reviewed (double blind) by at least 3 reviewers. The program committee plans to select and award a Best Paper and a Best Student Paper. The post-conference proceedings will be published in Springer's Lecture Notes in Computer Science (LNCS) series. Areas of interest include: - Cybersecurity Dynamics - Cybersecurity Metrics and Their Measurements - First-principle Cybersecurity Modeling and Analysis (e.g., Dynamical Systems, Control-Theoretic, and Game-Theoretic Modeling) - Cybersecurity Data Analytics - Big Data for Cybersecurity - Artificial Intelligence for Cybersecurity - Machine Learning for Cybersecurity - Economics Approaches for Cybersecurity - Social Sciences Approaches for Cybersecurity - Statistical Physics Approaches for Cybersecurity - Complexity Sciences Approaches for Cybersecurity - Experimental Cybersecurity - Macroscopic Cybersecurity - Statistics Approaches for Cybersecurity - Human Factors for Cybersecurity - Compositional Security - Biology-inspired Approaches for Cybersecurity ------------------------------------------------------------------------- CANS 2018 17th International Conference on Cryptology and Network Security, Naples, Italy, September 30 - October 3, 2018. (Submissions Due 1 May 2018) http://cans2018.na.icar.cnr.it/ The annual International Conference on Cryptology and Network Security (CANS) focuses on current advances in all aspects of cryptology, data protection, and network and computer security. CANS 2018 is held in cooperation with the International Association of Cryptologic Research (IACR). High quality papers on unpublished research and implementation experiences are solicited for submission. ------------------------------------------------------------------------- ACM-CCS 2018 25th ACM Conference on Computer and Communications Security, Toronto, Canada, October 15-19, 2018. (Submissions Due 8 May 2018) https://www.sigsac.org/ccs/CCS2018/papers.html The 25th ACM Conference on Computer and Communications Security (ACM CCS) seeks submissions presenting scientific innovations in all practical and theoretical aspects of computer and communications security and privacy. Papers should demonstrate their real-world impacts. Theoretic papers are expected to make a convincing case for the relevance of their techniques and findings to secure systems. ------------------------------------------------------------------------- STRIVE 2018 1st Workshop on Safety, securiTy, and pRivacy In automotiVe systEms, Co-located with SAFECOMP 2018, Vasteras, Sweden, September 18, 2018. (Submissions Due 22 May 2018) http://www.iit.cnr.it/strive2018 The introduction of ICT systems into vehicles make them more prone to cyber-security attacks. Such attacks may impact on vehicles capability and, consequently, on the safety of drivers, passengers. The strong integration among dedicated ICT devices, the physical environment, and the networking infrastructure, leads to consider modern vehicles as Cyber-Physical Systems (CPS). This workshop aims at providing a forum for researchers and engineers in academia and industry to foster an exchange of research results, experiences, and products in the automotive domain from both a theoretical and practical perspective. Its ultimate goal is to envision new trends and ideas about aspects of designing, implementing, and evaluating innovative solutions for CPS with a particular focus on the new generation of vehicles. Indeed, the automotive domain presents several challenges in the fields of vehicular network, Internet of Things, Privacy, as well as Safety and Security methods and approaches. The workshop aims at presenting the advancement on the state of art in these fields and spreading their adoption in several scenarios involving main stockholders of the automotive domain. ------------------------------------------------------------------------- ISDDC 2018 International Conference on Intelligent, Secure and Dependable Systems in Distributed and Cloud Environments, Vancouver, BC, Canada, November 28-30, 2018. (Submissions Due 20 July 2018) http://www.isddc.org/2018/ This conference solicits papers addressing issues related to the design, analysis, and implementation, of dependable and secure infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems. ------------------------------------------------------------------------- Springer International Journal of Information Security, Special Issue on IoT Security and Privacy, (Submissions Due 1 October 2018) https://link.springer.com/journal/10207 Guest Editors: akeshi Takahashi (National Institute of Information and Communications Technology, Japan), Rodrigo Roman Castro (Universidad de Malaga, Spain), Ryan Ko (University of Waikato, New Zealand), Bilhanan Silverajan (Tampere University of Technology, Finland), and Said Tabet (Dell EMC, USA). The Internet is gradually transforming from a communication platform for conventional IT appliances into the Internet of Things (IoT), increasingly interconnecting many assorted devices and sensors. These devices are generally referred as IoT devices, and many of them are inexpensive and can be constrained in terms of energy, bandwidth and memory. The establishment of IoT ecosystems in various domains is bringing multiple benefits to human users and companies alike. Example of such domains include Smart Homes, Smart Cities, the Industrial Internet and even Intelligent Transportation Systems. However, the IoT as a whole - including related paradigms such as Machine-to-Machine (M2M) and Cyber-Physical Systems (CPS) - is susceptible to a multitude of threats. In fact, many IoT devices currently are insecure and have many security vulnerabilities. For example, many vulnerable IoT devices which have been infected with malware have subsequently become comprised into large botnets, resulting in devastating DDOS attacks. Consequently, ensuring the security of such IoT ecosystems - before, during, and after an attack takes place - is a crucial issue for our society at this moment. This special issue aims to collect contributions by leading-edge researchers from academia and industry, show the latest research results in the field of IoT security and privacy, and provide valuable information to researchers as well as practitioners, standards developers and policymakers. Its aim is to focus on the research challenges and issues in IoT security. Manuscripts regarding novel algorithms, architectures, implementations, and experiences are welcome. Topics include but are not limited to: - Secure protocols for IoT devices - Privacy solutions and privacy helpers for IoT environments - Trust frameworks and secure/private collaboration mechanisms for IoT environments - Secure management and self-healing for IoT environments - Operative systems security for IoT devices - Security diagnosis tools for IoT devices - Threat and vulnerability detection in IoT environments - Anomaly detection and prevention mechanisms in IoT networks - Case studies of malware analysis in IoT environments - IoT forensics and digital evidence - Testbeds and experimental facilities for IoT security analysis and research - Standardization activities for IoT security - Security and privacy solutions tailored to specific IoT domains and ecosystems ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Sean Peisert Kevin R. B. Butler UC Davis and University of Florida Lawrence Berkeley oakland17-chair@ieee-security.org National Laboratory speisert@ucdavis.edu Vice Chair: Treasurer: Ulfar Erlingsson Yong Guan Manager, Security Research 3219 Coover Hall Google Department of Electrical and Computer tcchair at ieee-security.org Engineering Iowa State University, Ames, IA 50011 (515) 294-8378 yguan (at) iastate.edu Newsletter Editor and Security and Privacy Symposium, 2018 Chair: TC Awards Chair: Jason Li Hilarie Orman Intelligent Automation Purple Streak, Inc. oakland18-chair@ieee-security.org 500 S. Maple Dr. Woodland Hills, UT 84653 cipher-editor@ieee-security.org ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year