_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/ _/
_/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/
_/ _/ _/ _/ _/ _/ _/ _/
_/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/
============================================================================
Newsletter of the IEEE Computer Society's TC on Security and Privacy
Electronic Issue 143 March 18, 2018
Hilarie Orman, Editor Sven Dietrich, Assoc. Editor
cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org
Sven Dietrich Yong Guan
Book Review Editor Calendar Editor
cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org
============================================================================
The newsletter is also at http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year
Contents:
* Letter from the Editor
* Commentary and Opinion and News
o News:
- CERIAS Celebrates a Score
- Blame it on Russia (The US and UK do!)
- Mid-term elections cause a rash of fretting
- Secure Voting Machines, My Foot!
- Russia, turn off the lights!
o Book reviews, Conference Reports and Commentary and News items
from past Cipher issues are available at the Cipher website
* List of Computer Security Academic Positions, by Cynthia Irvine
* Conference and Workshop Announcements
o Upcoming calls-for-papers and events
* Staying in Touch
o Information for subscribers and contributors
o Recent address changes
* Links for the IEEE Computer Society TC on Security and Privacy
o Becoming a member of the TC
o TC Officers
o TC publications for sale
====================================================================
Letter from the Editor
====================================================================
Dear Readers:
There are only a few weeks left of early registration for the Security
and Privacy Symposium aka "Oakland", which has once again migrated,
this time returning to San Francisco. The program and papers are
available at
https://www.computer.org/csdl/proceedings/sp/2018/4353/00/index.html.
There is something in the program for almost every interest, be it
ransomware, social media privacy, kernel bugs, interesting side
channels, ... the list mirrors the threats and defenses of our digital
lives.
Gene Spafford invites everyone to the Center for Education and
Research in Information Assurance and Security (CERIAS) for its annual
security research symposium and its 20th anniversary bash April 3rd
and 4th. See our news section for the registration link and other
important information.
Instances of harrassment at the conferences sponsored by the TCSP seem
rare, but in this #MeToo moment, conference-goers should be aware that
IEEE has both a Code of Conduct and a Code of Ethics that make it
clear that harrassment is not tolerated. There are IEEE ethics
committees that deal with reports of bad conduct. The atmosphere at a
conference is strongly influenced by the leadership. A diverse and
proactive group of conference organizers and senior attendees makes
all the difference. If the leadership at a conference seems thin on
diversity, to the detriment of some attendees, speak up, volunteer,
and make the conference better.
From our selection of news articles about security, we can see that
more computers does not mean more security. This work is never done.
The Merry Minuet in C++
There's malware in Africa,
There's hacking in Spain,
There's ransomware in Florida,
And spam will flood Maine,
The whole world is festering with software at war,
CPlusPlusians hate CSharpians, CSharpians hate R,
Pythonistas hate the Perlites, the Perlites hate SQL,
And I say everyone can go to hell.
(with apologies to the great Sheldon Harnick)
Hilarie Orman
cipher-editor @ ieee-security.org
====================================================================
News Briefs
====================================================================
News briefs from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/NewsBriefs.html
------------------
CERIAS Celebrates a Score
CERIAS Marks 20 Years
https://ceri.as/symp
By Gene Spafford
Summary:
CERIAS at Purdue University is celebrating its 20th anniversary this
year, as a leading center of innovation in education and research.
We'd like to invite friends and colleagues - old and new - to attend
our annual symposium and celebration, April 3 & 4. There will be a
no-cost workshop on cyberphysical research held the day before for
symposium attendees who wish to attend.
Registration and other details about the symposium are available at
https://ceri.as/symp. Note that anyone with a ".edu" can register at
no charge.
------------------
Blame it on Russia (The US and UK do!)
US joins UK in blaming Russia for NotPetya cyber-attack
https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine
The Guardian
By Sarah Marsh
Feb 15, 2018
Summary:
The White House and Downing Street announced that they believe that Russia
was responsible for a ransomware attack that cost the world more than
a billion dollars by rendering computers useless due to loss
of access to their files. The attack may have been meant to target the
Ukraine, but it spread far and wide after its inception in June of 2017.
The British defence secretary called it "a new era of warfare" (perhaps
showing that he hadn't been paying attention until recently).
------------------
Mid-term elections cause a rash of fretting
State elections officials fret over cybersecurity threats
https://www.washingtonpost.com/politics/state-elections-officials-fret-over-cybersecurity-threats/2018/02/17/1f850f46-1331-11e8-9065-e55346f6de81_story.html
The Washington Post
By Michelle Ye Hee Lee
Feb 17, 2018
Summary:
The Department of Homeland Security is taking steps to assure that
state election officials can know about the software threats
facing them during midterm elections this year. Nonetheless,
at a recent conference of state secretaries of state, there were
complaints that the federal government was too reticent in its
information sharing efforts. While it is known that Russians
tried to access voter information in 21 states, some state officials
feel that they do not have a clear picture of the threats and how
to counteract them. In other states, even simple steps to add
safeguards to voter information systems are stymied by the fact that
not all election precincts have smartphones and Internet access.
------------------
Secure Voting Machines, My Foot
The Myth of the Hacker-Proof Voting Machine
https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html
By Kim Zetter
The New York Times
Feb 21, 2018
Summary:
When an election board in a rural Pennsylvania county hired a computer
science expert to analyze a problem with the touchscreens on voting machines,
they did not expect to find that the machines had remote access software
installed. In fact, the software was present, and it had been installed
by contractor for the county who worked from home. His convenience was
a security nightmare because it was a way for hackers to gain access
and control the machine. Fortunately, there was no evidence of that
happening, but it underscored the severe difficulties that plague the
thousands of precincts that have no way to properly safeguard the voting
machines, if indeed there is anyway to completely safeguard them.
------------------
Russia, turn off the lights!
US accuses Russia of cyber-attack on energy sector and imposes new sanctions
https://www.theguardian.com/us-news/2018/mar/15/russia-sanctions-energy-sector-cyber-attack-us-election-interference
By Julian Borger
The Guardian
Mar 15, 2018
Summary:
According to US officials, in March of 2016 Russia began a concerted
cyber-attack to conduct surveillance on the management of US energy
grid. The campaign used spear phishing attacks to learn passwords and
other access methods, followed by installation of remote monitoring
software. The FBI and Homeland Security feel certain that the actions
were conducted by the Russian government. The US industrial control
systems have been the subject of years of security analysis and
recommendations, and this recent hacking shows the importance of
moving to secure all critical systems immediately.
====================================================================
Commentary and Opinion
====================================================================
Book reviews from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/BookReviews.html, and conference
reports are archived at
http://www.ieee-security.org/Cipher/ConfReports.html
====================================================================
Listing of academic positions available
by Cynthia Irvine
====================================================================
Vrije Universiteit Amsterdam
Netherlands
Three faculty positions in CS security
Job Highlights: https://www.vusec.net/3-positions-cs
Job Description: https://www.vu.nl/en/employment/vacancies/2018/18068ThreeAssistantProfessorsOrAssociateProfessorsInComputerSystems.aspx
Information: D.C.A.Bulterman@vu.nl
Vrije Universiteit Amsterdam
Netherlands
PhD/Postdoc in systems security
Job Highlights: https://www.vusec.net/join/
Information: vusec@vu.nl (mention VUseek in subject)
Surrey Centre for Cyber Security, University of Surrey
United Kingdom
UK citizenship required
To apply, contact Dr. Ioana Boureanu i.boureanu@surrey.ac.uk
Information at: https://jobs.surrey.ac.uk/vacancy.aspx?ref=007318
--------------
Full list at http://cisr.nps.edu/jobscipher.html
This job listing is maintained as a service to the academic
community. If you have an academic position in computer security and
would like to have in it included on this page, send the following
information:
Institution,
City, State,
Position title,
date position announcement closes, and
URL of position description
to: irvine@cs.nps.navy.mil
====================================================================
Conference and Workshop Announcements
====================================================================
The complete Cipher Calls-for-Papers is located at
http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html
The Cipher event Calendar is at
http://www.ieee-security.org/Calendar/cipher-hypercalendar.html
Cipher calendar entries are announced on Twitter; follow ciphernews
Requests for inclusion in the list should sent per instructions:
http://www.ieee-security.org/Calendar/submitting.html
____________________________________________________________________
Cipher Event Calendar
____________________________________________________________________
3/21/18: IWSPA, 4th International Workshop on Security and Privacy Analytics,
Co-located with ACM CODASPY 2018,
Tempe, AZ, USA;
http://capex.cs.uh.edu/?q=content/4th-international-workshop-security-and-privacy-analytics-2018
3/23/18: WSEC, 13th International Workshop on Security,
Sendai, Japan;
http://www.iwsec.org/2018/
Submissions are due
3/25/18- 3/28/18: PKC, 21st IACR International Conference
on Practice and Theory in Public-Key Cryptography,
Rio de Janeiro, Brazil;
https://pkc.iacr.org/2018/
3/30/18: DASC, 16th IEEE International Conference on Dependable, Autonomic
and Secure Computing
Athens, Greece; http://cyber-science.org/2018/dasc/
Submissions are due
3/30/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data
and Applications Security and Privacy
Bergamo, Italy; http://dbsec18.unibg.it
Submissions are due
4/ 1/18: SP, 40th IEEE Symposium on Security and Privacy,
San Francisco, CA, USA;
https://www.ieee-security.org/TC/SP2019/
Submissions are due
4/ 1/18: DSML, International Workshop on Dependable and
Secure Machine Learning
Co-located with the 48th IEEE/IFIP International Conference on
Dependable Systems and Networks (DSN 2018),
Luxembourg City, Luxembourg; https://dependablesecureml.github.io
Submissions are due
4/10/18- 4/11/18: HotSoS, 5th Annual Hot Topics in the Science of
Security Symposium,
Raleigh, North Carolina, USA; https://cps-vo.org/group/hotsos/cfp
4/13/18: NSPW, New Security Paradigms Workshop,
Cumberland Lodge, Windsor, UK;
http://nspw.org/2018/cfp
Submissions are due
4/15/18: FARES, 13th International Workshop on Frontiers in
Availability, Reliability and Security,
Hamburg, Germany;
https://www.ares-conference.eu/workshops/fares-2018/
Submissions are due
4/15/18: GRAMSEC, 5th International Workshop on Graphical Models for Security,
Co-located with CSF 2018,
Oxford, UK; http://gramsec.uni.lu
Submissions are due
4/17/18: NISK, 11th Norwegian Information Security Conference,
Longyearbyen, Svalbard, Norway; https://easychair.org/cfp/NISK2018
Submissions are due
4/25/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems,
Parnu, Estonia; http://plls2018.ttu.ee
Submissions are due
4/30/18: ICDF2C, 10th EAI International Conference on Digital
Forensics & Cyber Crime,
New Orleans, LA, USA; http://d-forensics.org/
Submissions are due
4/30/18: WCTI, International Workshop on Cyber Threat Intelligence,
Held in conjunction with the 13th International Conference
on Availability, Reliability and Security (ARES 2018),
Hamburg, Germany;
https://www.ares-conference.eu/workshops/wcti-2018/
Submissions are due
4/30/18- 5/ 4/18: HOST, IEEE International Symposium on
Hardware-Oriented Security and Trust,
Washington DC, USA;
http://www.hostsymposium.org
5/ 1/18: SP, 40th IEEE Symposium on Security and Privacy,
San Francisco, CA, USA; https://www.ieee-security.org/TC/SP2019/
Submissions are due
5/ 1/18: SciSec, 1st International Conference on Science of
Cyber Security,
Beijing, China; http://www.sci-cs.net/
Submissions are due
5/ 1/18: CANS, 17th International Conference on Cryptology
and Network Security,
Naples, Italy; http://cans2018.na.icar.cnr.it/
Submissions are due
5/ 2/18- 5/ 3/18: HST, 18th annual IEEE Symposium on Technologies for
Homeland Security,
Washington D.C., USA; http://ieee-hst.org
5/ 8/18: ACM-CCS, 25th ACM Conference on Computer and
Communications Security,
Toronto, Canada; https://www.sigsac.org/ccs/CCS2018/papers.html
Submissions are due
5/21/18- 5/23/18: SP, 39th IEEE Symposium on Security and Privacy,
San Francisco, CA, USA;
https://www.ieee-security.org/TC/SP2018/cfpapers.html
5/22/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy
In automotiVe systEms,
Co-located with SAFECOMP 2018,
Vasteras, Sweden; http://www.iit.cnr.it/strive2018
Submissions are due
5/24/18: BioSTAR, 3rd International Workshop on Bio-inspired Security,
Trust, Assurance and Resilience,
Co-located with 39th IEEE Symposium on Security and Privacy
(IEEE S&P 2018),
San Francisco, CA, USA; http://biostar.cybersecurity.bio/
5/30/18- 6/ 1/18: CNS, IEEE Conference on Communications and Network Security,
Beijing, China; http://cns2018.ieee-cns.org/
6/ 4/18- 6/ 7/18: WIIoTS, Workshop on Industrial Internet of Things Security,
Bilbao, Spain; http://globaliotsummit.org
6/ 4/18- 6/ 8/18: ASIACCS, ACM Symposium on Information, Computer and
Communications Security,
Sungdo, Incheon, Korea; http://asiaccs2018.org/
6/26/18- 6/27/18: ESSoS, International Symposium on Engineering Secure Software
and Systems,
Campus Paris-Saclay, France;
https://distrinet.cs.kuleuven.be/events/essos/2018/index.html
7/ 2/18-7/ 4/18: IVSW, 3rd International Verification and Security Workshop,
Costa Brava, Spain; http://tima.imag.fr/conferences/ivsw/ivsw18/
7/ 8/18: GRAMSEC, 5th International Workshop on Graphical
Models for Security,
Co-located with CSF 2018,
Oxford, UK; http://gramsec.uni.lu
7/ 8/18-7/13/18: WCCI-Blockchain, Blockchain Research and Applications Session,
Held in conjunction with the 2018 World Congress on Computational
Intelligence (WCCI 2018),
Rio de Janeiro, Brasil; http://www.ieee-cifer.org
7/15/18-7/18/18: DFRWS, 18th Annual DFRWS USA 2018 Conference,
Providence, Rhode Island, USA;
http://dfrws.org/conferences/dfrws-usa-2018
7/16/18-7/18/18: DBSec, 32nd Annual IFIP WG 11.3 Working Conference on Data
and Applications Security and Privacy,
Bergamo, Italy; http://dbsec18.unibg.it
7/24/18-7/27/18: PETS, 18th Privacy Enhancing Technologies Symposium,
Barcelona, Spain; https://petsymposium.org/
7/20/18: ISDDC, International Conference on Intelligent, Secure
and Dependable Systems in Distributed and Cloud Environments,
Vancouver, BC, Canada; http://www.isddc.org/2018/
Submissions are due
8/12/18-8/14/18: SOUPS, 14th Symposium on Usable Privacy and Security,
Baltimore, MD, USA; https://www.usenix.org/conference/soups2018
8/12/18-8/14/18: SciSec, 1st International Conference on Science of
Cyber Security,
Beijing, China; http://www.sci-cs.net/
8/12/18-8/15/18: DASC, 16th IEEE International Conference on
Dependable, Autonomic and Secure Computing,
Athens, Greece; http://cyber-science.org/2018/dasc/
8/15/18-8/17/18: USENIX Security, 27th USENIX Security Symposium,
Baltimore, MD, USA;
https://www.ieee-security.org/TC/SP2018/cfpapers.html
8/19/18-8/23/18: Crypto, 38th International Cryptology Conference,
Santa Barbara, CA, USA; https://crypto.iacr.org/2018/
8/27/18-8/30/18: ARES, 13th International Conference on Availability,
Reliability and Security,
Hamburg, Germany; http://www.ares-conference.eu
8/27/18-8/30/18: FARES, 13th International Workshop on Frontiers in
Availability, Reliability and Security,
Hamburg, Germany; https://www.ares-conference.eu/workshops/fares-2018/
8/27/18-8/30/18: WCTI, International Workshop on Cyber Threat Intelligence,
Held in conjunction with the 13th International Conference
on Availability, Reliability and Security (ARES 2018),
Hamburg, Germany; https://www.ares-conference.eu/workshops/wcti-2018/
8/31/18: NSPW, New Security Paradigms Workshop,
Cumberland Lodge, Windsor, UK; http://nspw.org/2018/cfp
9/ 3/18- 9/ 5/18: WSEC, 13th International Workshop on Security,
Sendai, Japan; http://www.iwsec.org/2018/
9/10/18- 9/12/18: ICDF2C, 10th EAI International Conference on Digital
Forensics & Cyber Crime,
New Orleans, LA, USA; http://d-forensics.org/
9/17/18- 9/19/18: PLLS, 2nd Workshop on the Protection of Long-Lived Systems,
Parnu, Estonia; http://plls2018.ttu.ee
9/18/18: STRIVE, 1st Workshop on Safety, securiTy, and pRivacy
In automotiVe systEms,
Co-located with SAFECOMP 2018,
Vasteras, Sweden; http://www.iit.cnr.it/strive2018
9/18/18- 9/20/18: NISK, 11th Norwegian Information Security Conference,
Longyearbyen, Svalbard, Norway; https://easychair.org/cfp/NISK2018
9/30/18-10/ 2/18: SecDev, IEEE Security Development Conference,
Cambridge, MA, USA; https://secdev.ieee.org/2018/papers/
9/30/18-10/ 3/18: CANS, 17th International Conference on Cryptology
and Network Security,
Naples, Italy; http://cans2018.na.icar.cnr.it/
10/ 1/18: Springer International Journal of Information Security,
Special Issue on IoT Security and Privacy;
https://link.springer.com/journal/10207
Submissions are due
10/15/18-10/19/18: ACM-CCS, 25th ACM Conference on Computer and
Communications Security,
Toronto, Canada; https://www.sigsac.org/ccs/CCS2018/papers.html
11/28/18-11/30/18: ISDDC, International Conference on Intelligent, Secure
and Dependable Systems in Distributed and Cloud Environments,
Vancouver, BC, Canada; http://www.isddc.org/2018/
5/20/19- 5/22/19: SP, 40th IEEE Symposium on Security and Privacy,
San Francisco, CA, USA;
https://www.ieee-security.org/TC/SP2019/
____________________________________________________________________
Journal, Conference and Workshop Calls-for-Papers
(new since Cipher E142)
___________________________________________________________________
IWSEC 2018 13th International Workshop on Security,
Sendai, Japan, September 3-5, 2018.
(Submissions Due 23 March 2018)
http://www.iwsec.org/2018/
Original papers on the research and development of various security topics,
as well as case studies and implementation experiences, are solicited for
submission to IWSEC 2018. Topics of interest for IWSEC 2018 include all
theory and practice of cryptography, information security, and network
security, as in previous IWSEC workshops.
-------------------------------------------------------------------------
DASC 2018 16th IEEE International Conference on Dependable, Autonomic
and Secure Computing, Athens, Greece, August 12-15, 2018.
(Submissions Due 30 March 2018)
http://cyber-science.org/2018/dasc/
IEEE DASC 2018 aims to bring together computer scientists, industrial engineers,
and researchers to discuss and exchange experimental and theoretical results,
novel designs, work-in-progress, experience, case studies, and trend-setting
ideas in the areas of dependability, security, trust and/or autonomic computing
systems. Topics of particular interests include the following tracks, but are
not limited to:
- Dependable, Autonomic, Secure Computing Systems, Architectures and
Communications
- Cloud Computing and Fog/edge Computing with Autonomic and Trusted Environment
- Dependable Automatic Control Techniques and Systems
- Dependable Sensors, Devices, Embedded Systems
- Dependable Electronic-Mechanical Systems, Optic-Electronic Systems
- Self-improvement in Dependable Systems
- Self-healing, Self-protection and Fault-tolerant Systems
- Hardware and Software Reliability, Verification and Testing
- Software Engineering for Dependable Systems
- Safety-critical Systems in Transportation and Power System
- Security Models and Quantifications
- Trusted P2P, Web Service, SoA, SaaS, EaaS, and PaaS
- Self-protection and Intrusion-detection in Security
- DRM, Watermarking Technology, IP Protection
- Context-aware Access Control
- Virus Detections and Anti-Virus Techniques/Software
- Cyber Attack, Crime and Cyber War
- Human Interaction with Trusted and Autonomic Computing Systems
- Security, Dependability and Autonomic Issues in Ubiquitous Computing
- Security, Dependability and Autonomic Issues in Cyber-Physical System
- Security, Dependability and Autonomic Issues in Big Data, SDN, and IoT
Systems
- QoS in Communications and Services and Service Oriented Architectures
- Information and System Security
- Reliable Computing and Trusted Computing
- Wireless Emergency and Security Systems
- Information Technology in Biomedicine
- Multimedia Security Issues over Mobile and Wireless Networks
- Multimedia in Mobile Computing: Issues, System Design and Performance
Evaluation
- Software Architectures and Design for Emerging Systems
- Software Engineering for Emerging Networks, Systems, and Mobile Systems
- Evaluation Platforms for Dependable, Autonomic and Secure Computing Systems
- Trustworthy Data, Secured Data Collection System, Model, and Architectures
-------------------------------------------------------------------------
DBSec 2018 32nd Annual IFIP WG 11.3 Working Conference on Data and
Applications Security and Privacy, Bergamo, Italy, July 16-18, 2018.
(Submissions Due 30 March 2018)
http://dbsec18.unibg.it
DBSec is an annual international conference covering research in data
and applications security and privacy. The 32nd Annual IFIP WG 11.3 Working
Conference on Data and Applications Security and Privacy (DBSec 2018) will
be held in Bergamo, Italy. The conference seeks submissions from academia,
industry, and government presenting novel research on all theoretical and
practical aspects of data protection, privacy, and applications security.
Topics of interest include, but are not limited to:
- access control
- anonymity
- applied cryptography in data security
- authentication
- big data security
- data and system integrity
- data protection
- database security
- digital rights management
- identity management
- intrusion detection
- knowledge discovery and privacy
- methodologies for data and application security
- network security
- organizational security
- privacy
- secure cloud computing
- secure distributed systems
- secure information integration
- secure Web services
- security and privacy in crowdsourcing
- security and privacy in IT outsourcing
- security and privacy in the Internet of Things
- security and privacy in location-based services
- security and privacy in P2P scenarios and social networks
- security and privacy in pervasive/ubiquitous computing
- security and privacy policies
- security management
- security metrics
- threats, vulnerabilities, and risk management
- trust and reputation systems
- trust management
- wireless and mobile security
-------------------------------------------------------------------------
SP 2019 40th IEEE Symposium on Security and Privacy,
San Francisco, CA, USA, May 20-22, 2019.
(Submissions Due first day of each month)
https://www.ieee-security.org/TC/SP2019/
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has
been he premier forum for computer security research, presenting the
latest developments and bringing together researchers and
practitioners. We solicit previously unpublished papers offering novel
research contributions in any aspect of security or privacy. Papers
may present advances in the theory, design, implementation, analysis,
verification, or empirical evaluation and measurement of secure
systems. Topics of interest include:
- Access control and authorization
- Accountability
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Censorship resistance
- Cloud security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy
This topic list is not meant to be exhaustive; S&P is interested in all
aspects of computer security and privacy. Papers without a clear application
to security or privacy, however, will be considered out of scope and may
be rejected without full review.
Systematization of Knowledge Papers
As in past years, we solicit systematization of knowledge (SoK) papers that
evaluate, systematize, and contextualize existing knowledge, as such papers
can provide a high value to our community. Suitable papers are those that
provide an important new viewpoint on an established, major research area,
support or challenge long-held beliefs in such an area with compelling
evidence, or present a convincing, comprehensive new taxonomy of such an
area. Survey papers without such insights are not appropriate. Submissions
will be distinguished by the prefix ÒSoK:Ó in the title and a checkbox on
the submission form. They will be reviewed by the full PC and held to the
same standards as traditional research papers, but they will be accepted
based on their treatment of existing work and value to the community, and
not based on any new research results they may contain. Accepted papers
will be presented at the symposium and included in the proceedings.
Workshops
The Symposium is also soliciting submissions for co-located workshops.
Further details on submissions can be found at
https://www.ieee-security.org/TC/SP2019/workshops.html.
Ongoing Submissions
To enhance the quality and timeliness of the scientific results presented
as part of the Symposium, and to improve the quality of our reviewing
process, IEEE S&P now accepts paper submissions 12 times a year, on the
first of each month. The detailed process can be found at the conference
call-for-papers page.
-------------------------------------------------------------------------
DSML 2018 International Workshop on Dependable and Secure Machine Learning,
Co-located with the 48th IEEE/IFIP International Conference on Dependable
Systems and Networks (DSN 2018),
Luxembourg City, Luxembourg, June 25, 2018.
(Submissions Due 1 April 2018)
https://dependablesecureml.github.io
The DSN Workshop on Dependable and Secure Machine Learning (DSML) is an
open forum for researchers, practitioners, and regulatory experts, to
present and discuss innovative ideas and practical techniques and tools
for producing dependable and secure machine learning (ML) systems.
A major goal of the workshop is to draw the attention of the research
community to the problem of establishing guarantees of reliability,
security, safety, and robustness for systems that incorporate increasingly
complex ML models, and to the challenge of determining whether such
systems can comply with requirements for safety-critical systems. A
further goal is to build a research community at the intersection
of machine learning and dependable and secure computing.
-------------------------------------------------------------------------
NSPW 2018 New Security Paradigms Workshop,
Cumberland Lodge, Windsor, UK, August 28-31, 2018.
(Submissions Due 13 April 2018)
http://nspw.org/2018/cfp
The New Security Paradigms Workshop (NSPW) seeks embryonic, disruptive,
and unconventional ideas on information and cyber security that benefit
from early feedback. Submissions typically address current limitations
of information security, directly challenge long-held beliefs or the
very foundations of security, or discuss problems from an entirely
novel angle, leading to new solutions. We welcome papers both from
computer science and other disciplines that study adversarial
relationships, as well as from practice. The workshop is invitation-only;
all accepted papers receive a 1 hour plenary time slot for presentation
and discussion. In order to maximize diversity of perspectives, we
particularly encourage submissions from new NSPW authors, from Ph.D.
students, and from non-obvious disciplines and institutions. In 2018,
NSPW invites theme submissions around "Security in 2038" next to regular
submissions. We know from past experience that every security advance
brings with it new security failures. Automated software updates open
the door to malicious software updates; DNSSEC is subject to
cryptography-based denial-of-service attacks; antivirus software
can be compromised by data files that are otherwise harmless. We
encourage authors to imagine the security problems of the next 20
years, how they are currently being created through fallible solutions
and paradigms, and what alternative paradigms would be available to
mitigate those anomalies (as meant by Kuhn). Theme submissions can
take any form, but we suggest writing them as if they were a submission
for NSPW 2038 (including citations to future work). We particularly
invite submissions (co-)authored by historians and futurologists.
-------------------------------------------------------------------------
FARES 2018 13th International Workshop on Frontiers in Availability,
Reliability and Security, Hamburg, Germany, August 27-30, 2018.
(Submissions Due 15 April 2018)
https://www.ares-conference.eu/workshops/fares-2018/
FARES establishes an in-depth academic platform to exchange novel
theories, designs, applications and on-going research results among
researchers and practitioners in different Computing Dependability
aspects which emphasize the Practical Issues in Availability, Reliability
and Security. Topics of interest comprise but are not limited to:
- Reliability Models and Failure Prevention
- Standards, Guidelines and Certification
- Dependability Requirement Engineering
- Intrusion Detection and Fraud Detection
- Database and Datawarehouse Security
- Dependability Modelling and Prediction
- Secure Enterprise Information System
- Trust Models and Trust Management
- Network/Software/Database Security
- Risk Planning, Analysis & Awareness
- Survivability of Computing Systems
- Authorization and Authentication
- Applied Tools and Applications
- Security and privacy issues
- Security Models / Methods
- Availability and Reliability
- Usability and Security
- Digital Forensics
- Grid Security
-------------------------------------------------------------------------
GRAMSEC 2018 5th International Workshop on Graphical Models for Security,
Co-located with CSF 2018, Oxford, UK, July 8, 2018.
(Submissions Due 15 April 2018)
http://gramsec.uni.lu
The use of graphical security models to represent and analyse the
security of systems has gained an increasing research attention over
the last two decades. Formal methods and computer security researchers,
as well as security professionals from the industry and government,
have proposed various graphical security models, metrics, and
measurements. Graphical models are used to capture different security
facets and address a range of challenges including security assessment,
automated defence, secure services composition, security policy
validation, and verification. For example, attack graphs, attack trees,
attack-defence trees, and attack countermeasure trees represent possible
ways of attacking and defending a system while misuse cases and mal-activity
diagrams capture threats and abusive behaviour of users.
-------------------------------------------------------------------------
NISK 2018 11th Norwegian Information Security Conference,
Longyearbyen, Svalbard, Norway, September 18-20, 2018.
(Submissions Due 17 April 2018)
https://easychair.org/cfp/NISK2018
The 11th Norwegian Information Security Conference (NISK2018) will
take place in Svalbard, Sep. 18-20, 2018. The annual NISK conference
series aims to be the principal Norwegian venue for presenting new
research and developments in the field of ICT security and privacy,
and bringing together people from universities, industry, and public
authorities. We invite national and international contributions in any
aspect of ICT security and privacy. Submissions can be in the form of
full papers, short papers and poster/demo presentation. All papers
must be original and not simultaneously submitted to another journal
or conference.
-------------------------------------------------------------------------
PLLS 2018 2nd Workshop on the Protection of Long-Lived Systems,
Parnu, Estonia, September 17-19, 2018.
(Submissions Due 25 April 2018)
http://plls2018.ttu.ee
Original contributions on technical, legal, social and economical
aspects of protecting systems that are intended to work or have
been working during a long period of time are solicited for submission
to PLLS 2018. Submissions are welcome on any topics related to
long-term security.
-------------------------------------------------------------------------
ICDF2C 2018 10th EAI International Conference on Digital Forensics &
Cyber Crime, New Orleans, LA, USA, September 10-12, 2018.
(Submissions Due 30 April 2018)
http://d-forensics.org/
Cyberspace is becoming increasingly central to the basic function of modern
society. Cybercrime and cyberwarfare have emerged as major threats to the
integrity of digital information and to the functioning of cyber-controlled
physical systems. Such threats have direct consequences for almost all
individuals, businesses and organizations, government institutions, and
civic processes. Digital forensics and cybercrime investigations are
multidisciplinary areas that encompass law and law enforcement, computer
science and engineering, IT operations, economics and finance, data
analytics and criminal justice. ICDF2C brings together researchers and
practitioners from all these areas in order to scientifically address the
numerous challenges due to the rapid increase in the amount and variety
of data under investigation, as well as the growing complexity of both
the threats and the targeted systems.
-------------------------------------------------------------------------
WCTI 2018 International Workshop on Cyber Threat Intelligence,
Held in conjunction with the 13th International Conference on Availability,
Reliability and Security (ARES 2018),
Hamburg, Germany, August 27-30, 2018.
(Submissions Due 30 April 2018)
https://www.ares-conference.eu/workshops/wcti-2018/
In order to effectively defend a system against malicious activities,
information about the nature of the adversaries, their available skills
and resources is essential. Without this information, we run the risk
that the portfolio of countermeasures does not turn out to be adequate to
thwart off cyber threats, or that the defender deploys unnecessary resources.
Cyber Threat Intelligence is an emerging new discipline, which aims to develop
methods and techniques to assemble information about compromises, extract
information about the infrastructure and tools used, investigate adversarial
techniques and practices and their evolution, structure and share this
information and thus help detect and prevent future incidents. WCTI aims
to bring together experts from academia, industry, government and law
enforcement who are interested to advance the state of the art in cyber
threat intelligence. The aim of the workshop is to present mature and
early stage ideas, promote discussion and exchange, and build a
community of researchers and practitioners in cyber threat intelligence.
-------------------------------------------------------------------------
SciSec 2018 1st International Conference on Science of Cyber Security,
Beijing, China, August 12-14, 2018.
(Submissions Due 1 May 2018)
http://www.sci-cs.net/
This new forum aims to catalyze the research collaborations between the relevant
communities and disciplines that can work together to deepen our understanding
of, and build a firm foundation for, the emerging Science of Cyber Security.
Publications in this venue would distinguish themselves from others by taking
or thinking from a holistic perspective about cyber security, rather than
the building-block perspective. Each submission will be reviewed (double
blind) by at least 3 reviewers. The program committee plans to select and
award a Best Paper and a Best Student Paper. The post-conference proceedings
will be published in Springer's Lecture Notes in Computer Science (LNCS)
series. Areas of interest include:
- Cybersecurity Dynamics
- Cybersecurity Metrics and Their Measurements
- First-principle Cybersecurity Modeling and Analysis (e.g., Dynamical
Systems, Control-Theoretic, and Game-Theoretic Modeling)
- Cybersecurity Data Analytics
- Big Data for Cybersecurity
- Artificial Intelligence for Cybersecurity
- Machine Learning for Cybersecurity
- Economics Approaches for Cybersecurity
- Social Sciences Approaches for Cybersecurity
- Statistical Physics Approaches for Cybersecurity
- Complexity Sciences Approaches for Cybersecurity
- Experimental Cybersecurity
- Macroscopic Cybersecurity
- Statistics Approaches for Cybersecurity
- Human Factors for Cybersecurity
- Compositional Security
- Biology-inspired Approaches for Cybersecurity
-------------------------------------------------------------------------
CANS 2018 17th International Conference on Cryptology and Network Security,
Naples, Italy, September 30 - October 3, 2018.
(Submissions Due 1 May 2018)
http://cans2018.na.icar.cnr.it/
The annual International Conference on Cryptology and Network Security
(CANS) focuses on current advances in all aspects of cryptology, data
protection, and network and computer security. CANS 2018 is held in
cooperation with the International Association of Cryptologic Research
(IACR). High quality papers on unpublished research and implementation
experiences are solicited for submission.
-------------------------------------------------------------------------
ACM-CCS 2018 25th ACM Conference on Computer and Communications Security,
Toronto, Canada, October 15-19, 2018.
(Submissions Due 8 May 2018)
https://www.sigsac.org/ccs/CCS2018/papers.html
The 25th ACM Conference on Computer and Communications Security (ACM CCS)
seeks submissions presenting scientific innovations in all practical
and theoretical aspects of computer and communications security and
privacy. Papers should demonstrate their real-world impacts. Theoretic
papers are expected to make a convincing case for the relevance of
their techniques and findings to secure systems.
-------------------------------------------------------------------------
STRIVE 2018 1st Workshop on Safety, securiTy, and pRivacy In automotiVe
systEms,
Co-located with SAFECOMP 2018, Vasteras, Sweden, September 18, 2018.
(Submissions Due 22 May 2018)
http://www.iit.cnr.it/strive2018
The introduction of ICT systems into vehicles make them more prone to
cyber-security attacks. Such attacks may impact on vehicles capability
and, consequently, on the safety of drivers, passengers. The strong
integration among dedicated ICT devices, the physical environment,
and the networking infrastructure, leads to consider modern vehicles
as Cyber-Physical Systems (CPS). This workshop aims at providing a
forum for researchers and engineers in academia and industry to foster
an exchange of research results, experiences, and products in the
automotive domain from both a theoretical and practical perspective.
Its ultimate goal is to envision new trends and ideas about aspects
of designing, implementing, and evaluating innovative solutions for
CPS with a particular focus on the new generation of vehicles.
Indeed, the automotive domain presents several challenges in the
fields of vehicular network, Internet of Things, Privacy, as well
as Safety and Security methods and approaches. The workshop aims at
presenting the advancement on the state of art in these fields and
spreading their adoption in several scenarios involving main
stockholders of the automotive domain.
-------------------------------------------------------------------------
ISDDC 2018 International Conference on Intelligent, Secure and
Dependable Systems in Distributed and Cloud Environments,
Vancouver, BC, Canada, November 28-30, 2018.
(Submissions Due 20 July 2018)
http://www.isddc.org/2018/
This conference solicits papers addressing issues related to the design,
analysis, and implementation, of dependable and secure infrastructures,
systems, architectures, algorithms, and protocols that deal with
network computing, mobile/ubiquitous systems, cloud systems,
and IoT systems.
-------------------------------------------------------------------------
Springer International Journal of Information Security,
Special Issue on IoT Security and Privacy,
(Submissions Due 1 October 2018)
https://link.springer.com/journal/10207
Guest Editors: akeshi Takahashi (National Institute of Information
and Communications Technology, Japan),
Rodrigo Roman Castro (Universidad de Malaga, Spain),
Ryan Ko (University of Waikato, New Zealand),
Bilhanan Silverajan (Tampere University of Technology, Finland),
and Said Tabet (Dell EMC, USA).
The Internet is gradually transforming from a communication platform
for conventional IT appliances into the Internet of Things (IoT),
increasingly interconnecting many assorted devices and sensors.
These devices are generally referred as IoT devices, and many of
them are inexpensive and can be constrained in terms of energy,
bandwidth and memory. The establishment of IoT ecosystems in various
domains is bringing multiple benefits to human users and companies
alike. Example of such domains include Smart Homes, Smart Cities,
the Industrial Internet and even Intelligent Transportation Systems.
However, the IoT as a whole - including related paradigms such as
Machine-to-Machine (M2M) and Cyber-Physical Systems (CPS) - is
susceptible to a multitude of threats. In fact, many IoT devices
currently are insecure and have many security vulnerabilities. For
example, many vulnerable IoT devices which have been infected with
malware have subsequently become comprised into large botnets,
resulting in devastating DDOS attacks. Consequently, ensuring the
security of such IoT ecosystems - before, during, and after an
attack takes place - is a crucial issue for our society at this
moment. This special issue aims to collect contributions by
leading-edge researchers from academia and industry, show the
latest research results in the field of IoT security and privacy,
and provide valuable information to researchers as well as
practitioners, standards developers and policymakers. Its aim
is to focus on the research challenges and issues in IoT security.
Manuscripts regarding novel algorithms, architectures,
implementations, and experiences are welcome. Topics include
but are not limited to:
- Secure protocols for IoT devices
- Privacy solutions and privacy helpers for IoT environments
- Trust frameworks and secure/private collaboration mechanisms
for IoT environments
- Secure management and self-healing for IoT environments
- Operative systems security for IoT devices
- Security diagnosis tools for IoT devices
- Threat and vulnerability detection in IoT environments
- Anomaly detection and prevention mechanisms in IoT networks
- Case studies of malware analysis in IoT environments
- IoT forensics and digital evidence
- Testbeds and experimental facilities for IoT security analysis and research
- Standardization activities for IoT security
- Security and privacy solutions tailored to specific IoT domains and ecosystems
====================================================================
Information on the Technical Committee on Security and Privacy
====================================================================
____________________________________________________________________
Information for Subscribers and Contributors
____________________________________________________________________
SUBSCRIPTIONS:
Two options, each with two options:
1. To receive the full ascii CIPHER issues as e-mail, send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe".
OR
send a note to cipher-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
2. To receive a short e-mail note announcing when a new issue of
CIPHER is available for Web browsing send e-mail to
cipher-admin@ieee-security.org (which is NOT automated) with subject line
"subscribe postcard".
OR
send a note to cipher-postcard-request@mailman.xmission.com with the
subject line "subscribe"
(this IS automated - thereafter you can manage your subscription
options, including unsubscribing, yourself)
To remove yourself from the subscription list, send e-mail to
cipher-admin@ieee-security.org with subject line "unsubscribe" or
"unsubscribe postcard" or, if you have subscribed directly to the
xmission.com mailing list, use your password (sent monthly) to
unsubscribe per the instructions at
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or
http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard
Those with access to hypertext browsers may prefer to read Cipher
that way. It can be found at URL http://www.ieee-security.org/cipher.html
CONTRIBUTIONS:
to cipher @ ieee-security.org are invited. Cipher is a NEWSletter,
not a bulletin board or forum. It has a fixed set of departments,
defined by the Table of Contents. Please indicate in the
subject line for which department your contribution is intended.
Calendar and Calls-for-Papers entries should be sent to
cipher-cfp @ ieee-security.org
and they will be automatically included in both departments. To
facilitate the semi-automated handling, please send either a text
version of the CFP or a URL from which a text version can be easily
obtained. For Calendar entries, please include a URL and/or e-mail
address for the point-of-contact. For Calls for Papers, please submit
a one paragraph summary. See this and past issues for examples. ALL
CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS
APPLY. All reuses of Cipher material should respect stated copyright
notices, and should cite the sources explicitly; as a courtesy,
publications using Cipher material should obtain permission from the
contributors.
____________________________________________________________________
Recent Address Changes
____________________________________________________________________
Address changes from past issues of Cipher are archived at
http://www.ieee-security.org/Cipher/AddressChanges.html
_____________________________________________________________________
How to become <> a member of the
IEEE Computer Society's TC on Security and Privacy
_____________________________________________________________________
You may easily join the TC on Security & Privacy (or other TCs) by completing
the on-line form at IEEE at
https://www.computer.org/web/tandc/technical-committees
______________________________________________________________________
TC Conference Publications Online
______________________________________________________________________
The proceedings of previous conferences are available from the
Computer Society's Digital Library.
IEEE Security and Privacy Symposium
IEEE Computer Security Foundations
IEEE Europenan Security and Privacy Symposium
From 2012 onward, these are available without charge from the digital
library 12 months after the conference.
____________________________________________________________________________
TC Officers and SP Steering Committee
____________________________________________________________________________
Chair: Security and Privacy Symposium Chair Emeritus:
Sean Peisert Kevin R. B. Butler
UC Davis and University of Florida
Lawrence Berkeley oakland17-chair@ieee-security.org
National Laboratory
speisert@ucdavis.edu
Vice Chair: Treasurer:
Ulfar Erlingsson Yong Guan
Manager, Security Research 3219 Coover Hall
Google Department of Electrical and Computer
tcchair at ieee-security.org Engineering
Iowa State University, Ames, IA 50011
(515) 294-8378
yguan (at) iastate.edu
Newsletter Editor and Security and Privacy Symposium, 2018 Chair:
TC Awards Chair: Jason Li
Hilarie Orman Intelligent Automation
Purple Streak, Inc. oakland18-chair@ieee-security.org
500 S. Maple Dr.
Woodland Hills, UT 84653
cipher-editor@ieee-security.org
____________________________________________________________________________
BACK ISSUES:
Cipher is archived at: http://www.ieee-security.org/cipher.html
Cipher is published 6 times per year