Electronic CIPHER, Issue 154, March 17, 2020 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 154 March 17, 2020 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year * Letter from the Editor * Commentary and Opinion and News o DHS hit by cyberattack o Huawei software engineering analysis * List of Computer Security Academic Positions, by Cynthia Irvine http://cisr.nps.edu/jobscipher.html (nothing new since E153) * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: This is the COVID-19 issue; it is abbreviated from our usual style because computer security has taken a backseat to life and death threat from the pandemic. Though computer viruses have long taken a toll on businesses and individuals, a real, biologic virus has turned out to be more expensive. Academic conferences are hard-hit by the travel restrictions and limits on large gatherings. Please check the conference websites before making travel plans. The IEEE Computer Society's Security and Privacy Symposium and Workshops will be virtual, online events at their scheduled dates during the week May 18-21, 2020. The symposium papers are now online in the Computer Society's Digital Libary: https://www.computer.org/csdl/proceedings/sp/2020/1dAAQaOrrva Help cheer up computer security researchers by voting for the "Best Paper of 2019" award! Be clean, be distant, be safe, Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ----- Cyber-Attack Hits U.S. Health Agency Amid Covid-19 Outbreak Bloomberg By Shira Stein and Jennifer Jacobs March 16, 2020 https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response Summary: As if the reality of a pandemic were not enough bad news, some attempts to keep the public informed have suffered a denial of service attack. ---- Official Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board Annual Report 2019 A report to the National Security Adviser of the United Kingdom March 2019 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf Summary: This report largely concerns an investigation of Huawei's software engineering processes. Notable are two summary items: "v. Further significant technical issues have been identified in Huawei's engineering processes, leading to new risks in the UK telecommunications networks; v. No material progress has been made by Huawei in the remediation of the issues reported last year, making it inappropriate to change the level of assurance from last year or to make any comment on potential future levels of assurance." o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html (nothing new since E153) -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ------------------------- Competition: What 2019 paper did most to advance the science of cybersecurity? Nominations for NSA's annual Best Science of Cybersecurity paper award are open. Were there any papers published in 2019 that you think were especially good, in the sense that they advanced the foundations of cybersecurity and/or exemplified excellence in scientific study in this multidisciplinary field? To help you remember what's been published in the past year, a table providing links to many of the relevant conferences and journals is available here: https://cps-vo.org/sos/papercompetition/sources-2019 . Last year's winning paper was Evaluating Fuzz Testing by George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, and Michael Hicks, presented at ACM CCS 2018: https://www.cs.umd.edu/~mwh/papers/fuzzeval.pdf Honorable Mentions went to Continuous Formal Verification of Amazon s2n https://link.springer.com/chapter/10.1007/978-3-319-96142-2_26 and Meltdown: Reading Kernel Memory from User Space https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-lipp.pdf Please take a few moments to honor a paper by nominating it for NSA's Best Science of Cybersecurity paper competition, which is described here: https://cps-vo.org/group/sos/papercompetition Submit your nomination here: https://cps-vo.org/group/sos/papercompetition/submit Nominations close 15 April 2020. --------------------------- CyberSECHARD 2020 2nd IFIP NTMS Workshop on Cybersecurity on Hardware, Held in conjunction with the 11th IFIP International Conference on New Technologies, Mobility and Security (NTMS 2020), Paris, France, July 6 - 8, 2020. http://www.ntms-conf.org/ntms2020/call-for-workshops/cybersechard Submission date: 20 March 2020 IoTSPT-ML 2020 10th International Workshop on Security, Privacy, Trust, and Machine Learning for Internet of Things, Held in conjunction with the 29th International Conference on Computer Communications and Networks (ICCCN 2020), Honolulu, Hawaii, USA, August 6, 2020. https://sites.google.com/uw.edu/iotspt-ml-2020 Submission date: 22 March 2020 IWSEC 2020 15th International Workshop on Security, Fukui, Japan, September 2 - 4, 2020. http://www.iwsec.org/2020/ Submission date: 23 March 2020 SecMT 2020 International Workshop on Security in Mobile Technologies, Held in conjunction with ACNS2020, Rome, Italy, June 22-25, 2020. https://spritz.math.unipd.it/events/2020/ACNS_Workshop/index.html Submission date: 25 March 2020 IEEE S&B 2020 4th IEEE Security and Privacy on the Blockchain Workshop, Held in conjunction with EuroS&P 2020, Genova, Italy, September 7-11, 2020. https://ieeesb.org Submission date: 9 April 2020 SenSys 2020 18th ACM Conference on Embedded Networked Sensor Systems, Yokohama, Japan, November 16-19, 2020. http://sensys.acm.org/2020/ Submission date: 10 April 2020 SCN 2020 12th Conference on Security and Cryptography for Networks, Amalfi, Italy, September 14 - 16, 2020. https://scn.unisa.it/ Submission date: 19 April 2020 SciSec 2020 3rd International Conference on Science of Cyber Security, Shanghai, China, August 9 - 11, 2020. http://www.sci-cs.net Submission date: 1 May 2020 CCS 2020 27th ACM Conference on Computer and Communications Security, Orlando, FL, USA, November 9 - 13, 2020. Submission date: 20 January 2020 and 4 May 2020 CUING 2020 4th International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 15th International Conference on Availability, Reliability and Security (ARES 2020), Dublin, Ireland, August 24 - 28, 2020. https://www.ares-conference.eu/workshops/cuing-2020/ Submission date: 11 May 2020 IWCC 2020 9th International Workshop on Cyber Crime, Held in conjunction with the 15th International Conference on Availability, Reliability and Security (ARES 2020), Dublin, Ireland, August 24 - 28, 2020. https://www.ares-conference.eu/workshops/iwcc-2020/ Submission date: 11 May 2020 5G-NS 2020 Workshop on 5G Networks Security, Held in the conjunction with the ARES workshops EU Projects Symposium 2020 at 15th International Conference on Availability, Reliability and Security (ARES 2020), Dublin, Ireland, August 25 - 28, 2020. https://www.ares-conference.eu/workshops/5g-ns-2020/ Submission date: 19 May 2020 SpaCCS 2020 13th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Nanjing, China, October 23 - 25, 2020. http://www.spaccs2020.com/ Submission date: 23 May 2020 TrustData 2020 11th International Workshop on Trust, Security and Privacy for Big Data, Held in conjunction with the 13th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Nanjing, China, Oct 23 - 25, 2020. http://www.spaccs.org/trustdata2020/ Submission date: 23 May 2020 IEEE Transactions on Intelligent Transportation Systems, Special Issue on Deep Learning Models for Safe and Secure Intelligent Transportation Systems. http://jolfaei.info/IEEE-TITS.html Submission date: May 30, 2020 Blockchain 2020 IEEE International Conference on Blockchain, Rhode Island, Greece, November 2 - 6, 2020. http://www.blockchain-ieee.org/ Submission date: 15 June 2020 ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Ulfar Erlingsson Mark Gondree Manager, Security Research UC Davis and Sonoma State University Google oakland19-chair@ieee-security.org tcchair at ieee-security.org Vice Chair: Treasurer: Brian Parno Yong Guan Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor Security and Privacy Symposium, 2020 Chair: Hilarie Orman Gabriela Ciocarlie Purple Streak, Inc. SRI International 500 S. Maple Dr. oakland20-chair@ieee-security.org Woodland Hills, UT 84653 cipher-editor@ieee-security.org TC Awards Chair EJ Jung UCSF ejun2 @ usfca.edu https://www.usfca.edu/faculty/eunjin-ej-jung ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year