_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 169 September 26, 2022 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of "The Complete Guide to SCION: From Design Principles to Formal Verification" by Laurent Chuat, David Basin, Samuel Hitz, Adrian Perrig, Markus Legner, David Hausheer, Peter Muller o News items - Drew Dean, August 23, 2022 - The Government that Cried TikTok - Gimme My Bitcoin Back - Nigeria Struggles With Cybersecurity - The Horror of Tar File Unpacking - More national good news/bad news re cyberprivacy o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * Conference and Workshop Announcements o Upcoming calls-for-papers and events * List of Computer Security Academic Positions, by Cynthia Irvine * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The season has turned as the wobbly axis of this gyroscope called Earth shifts once again. This brings us to notice that September 2022 is National Insider Threat Awareness Month! https://www.dni.gov/index.php/ncsc-features/2834-september-2021-is-national-insider-threat-awareness-month As you watch leaves turn to reddened gold, beware that Jack Frost might be hijacking your router. Election season draws near, and the practical security of voting technology is under scrutiny. I cannot help but wonder if public trust could have been gained years ago through transparency and open designs for the devices and software. Today, we have a situation in which the challenges to vote counts are so numerous and contentious that they strain the capacity of election entities to cope with the disputes. Sic transit democracy in a sea of recounts. Two deadlines for submitting papers for consideration for the 2023 Security and Privacy Symposium have passed, and the third and final deadline in December 2. Bring all your great research results to S&P, or at least plan on being there next May to hear all about it. In anticipation of Halloween, we celebrate MacBeth Wickedware This Way Comes Double, double toil and trouble; Shift the bits and make them bubble. Fillet of a fenny snake, Overclock and make it bake. Eye of newt and toe of frog, Blockchains might protect the log. Adder's fork and blind-worm's sting, Fight off DDOS, quench the ping. Rootkits running in the cloud. Viral evil rages proud. Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich Sep 25, 2022 ____________________________________________________________________ "The Complete Guide to SCION: From Design Principles to Formal Verification" by Laurent Chuat, David Basin, Samuel Hitz, Adrian Perrig, Markus Legner, David Hausheer, Peter Muller Springer Verlag 2022. ISBN ISBN 978-3-031-05287-3, ISBN 978-3-031-05288-0 (eBook) XXI, 656 pages Thinking back to the early days of the Internet when I connected with a 300 bps modem, I see that the Internet has progressively grown in coverage and in impact over the many decades since. Recently, we have seen people take detours via low-earth-orbit satellites to get their messages across or access vital resources, despite any adverse conditions. We still use the Internet Protocol (IP), in the UDP, TCP, and ICMP instantiations for achieving the various connectivity goals. It has been noted in one of my earlier reviews (https://ieee-security.org/Cipher/Bookreviews/2018/Perrig_by_dietrich.html) that we should rethink what the Internet is. Here we revisit the topic of inter-domain routing in the context of a new(er) book on the SCION architecture, this time with a slightly different set of authors. Adrian Perrig from the SCION team gives us an updated view of this next-generation Internet architecture in the new book "The Complete Guide to SCION: From Design Principles to Formal Verification." This book shows the coming of age of the SCION architecture, from an academic research environment, such as SCIONLAB, to a robust deployable and deployed network setup. It is more than a slightly revised version of the earlier book, it is more of a complete rewrite. The book is well illustrated in color, and has a good set of references which are found in the bibliography at the end of the book. This new book summarizes - yet again - many years, over a decade, of research and development on SCION and brings the reader up to speed with the ever-changing threat landscape. The book is divided into seven parts spanning a total of twenty-five chapters, plus addenda. After two forewords, one by Joel Mesot and one by Fritz Steinmann, an introduction brings the reader sufficiently up to speed with the nomenclature and basic concepts to delve into the well-structured parts of the book that are to follow. The first part is on the core parts of SCION, covering core concepts such as the control and data planes, authentication, and key concepts of basic networking. And whenever I hear 'control plane', I keep associating that with the 2600 Hz tone of the Captain Crunch whistle from the early hacking days for seizing phone network control. This still matters in a network such as the current Internet, where control plane attacks can disrupt basic connectivity and more. The second part steps back and provides an analysis of these core components in two chapters, focusing on functional properties and scalability on one hand, and on the other hand he security analysis that goes deep into the components and their role in providing security guarantees in the network. The third part shows how the security guarantees are achieved, mentioning extensions to the control and data planes, monitoring and filtering, and availability guarantees. The fourth part is all about SCION in the real world, ranging from the SCION research testbed to actual deployments in various locales. This shows how this architecture has evolved from the original testbed into a deployed setup. It also covers what role cryptography plays in SCION, as well as the energy-conscious aspect of using SCION for "green networking." The fifth part discusses extensions to SCION, including the trust model and naming services that got overhauled to a fresh start. Technically speaking, SCION is a fresh start due to its clean-slate design, with the aim to depart from the shortcomings of the original Internet design. The sixth part steps back and takes a closer look at the formal aspects: why should you believe that any of this is good? The formal verification at the protocol, code, and design levels give the reader higher confidence that this SCION concept was well thought out, at least based on what we can conceptualize up to now. The part wraps up with ongoing work, and open challenges in the area. The seventh part wraps up the book with connections of other next-generation Internet architecture work. Just as the previous SCION book, this work is great for understanding where we are in today's Internet, and what we need to consider for moving forward. The book also has a supplement website (https://www.scion-architecture.net) where the reader can get more background materials, such as research papers. I hope you will enjoy reading this book as much as I did. Adrian Perrig is a seasoned researcher and expert in his field. Moreover, Adrian and his team have shown that they can transition this technology into the real world. I had the pleasure of working with Adrian at Carnegie Mellon University's CyLab many years ago. ------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html --------------------------------------------------------------------------- Drew Dean, August 23, 2022 We note with sadness the sudden passing of Drew Dean, a researcher who contributed greatly to our field. His friends and colleagues are now preparing tributes to him, but they are not yet available. The computer security research community is over 50 years old, and it has lost enough notable people to warrant a community memorial page (href=https://www.acsac.org/acsa/memoriam.html), where Drew will be remembered. --------------------------------------------------------------------------- The Government that Cried TikTok It's Time to Get Real About TikTok's Risks US lawmakers keep warning about the popular app. But until they can explain what makes it uniquely dangerous, it's difficult to tailor a resolution. https://www.wired.com/story/tiktok-nationa-security-threat-why/ Publisher: WIRED Date: Sep 6, 2022 By: Lily Hay Newman Summary: Over a hundred million Americans have signed up to TikTok accounts. The company is owned by the Chinese tech giant Bytedance, and that has given US regulators pause. However, the exact dangers of the app remain unknown, despite being talking points in the US midterm elections. This vagueness has not stopped the current administration from planning to doubledown on the current bans against its use on military devices and for some agencies, such as TSA. An upcoming executive order is said to address TikTok and the ability of China to collect data on Americans. This might interfere with US investment in China. The relationship between TikTok and Bytedance is structured to protect the data of US users, at least on paper. TikTok is a US company, subject to US data privacy laws. Can Bytedance engineers access TikTok user data? Perhaps. Do they? If they do, they would purportedly have to make a request to TikTok, and TikTok would have to keep a record of that. TikTok says that no requests have been made. Is that good enough? Meta's notoriously porous controls over Facebook data are a poor example, but perhaps not all social media companies should be tarnished with the same brush. Why is TikTok, among all social media apps, seen as such a looming danger? Even if its data were being harvested by the Chinese government, it seems unlikely to yield any more information than is available already on the "dark web". Perhaps there is some concern about having foreign agents conduct focused disinformation campaigns leading up to the next US general election. Whatever the concern, the US citizen remains in the dark. --------------------------------------------------------------------------- Gimme My Bitcoin Back US seizes $30 million in stolen cryptocurrency from North Korean hackers https://www.cnn.com/2022/09/08/politics/fbi-north-korea-hackers-30-million-axie-infinity/index.html Publisher: CNN Date: September 8, 2022 By: Sean Lyngaas Summary: North Koreans are alleged to have stolen lots of money from the Vietnamese gaming company Sky Mavis. The thefts $30 mil is a nice chunk of change, and it is a feel-good headline about stopping international cryptocurrency thefts. But, the flip side of the news is: "... the seizures still only account for a sliver of the billions of dollars made through cybercrime annually. Cybercriminals received more than $1.2 billion in ransom payments in 2020 and 2021 combined, according to Chainalysis." But wait a minute! The article also mentions that Sky Mavis lost $600 million. So that single Vietnamese company loss accounted for 50% of all cybertheft last year? In any case, the "recovered" money is said to be "frozen" at a cryptocurrency "mixer". Increasingly, the FBI targets these services in order to make it harder for hackers to get their stolen cryptocurrency secured with the cloak of anonymity. --------------------------------------------------------------------------- Nigeria Struggles With Cybersecurity The Deep Roots of Nigeria's Cybersecurity Problem Despite having one of the strongest data-protection policies in Africa, the country's enforcement and disclosure practices remain dangerously broken. https://www.wired.com/story/nigeria-cybersecurity-issues/ Publisher: Wired Date: Sep 19, 2022 By: Olatunji Olaigbe Summary: The good news is that Nigeria has a state health agency that uses AWS services to manage data on 37K of its clients. The bad news is that all their personal data was unsecured online from April to late July of this year. This situation is "typical of widespread cybersecurity issues in Nigeria, where regulations are ineffective, bad practices run rampant, and public disclosures of security breaches are often slow and insufficient." Security awareness remains low, despite the guidelines established by their National Information Technology Development Agency (NITDA). Good news, they have such an agency, bad news, no one pays any attention to it. --------------------------------------------------------------------------- The Horror of Tar File Unpacking Tarfile: Exploiting the World With a 15-Year-Old Vulnerability https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html Publisher: Trellix Date: September 21, 2022 By: Kasimir Schulz Summary: If you want to move a group of files and their directory structure to a new environment, and you want to package all those files into one file for transfer, "tar" is time-honored format for doing that. It is as common as mud, a workhorse of portability. Yet, with great power comes great responsibility. Unpacking a tar file can spray files anywhere, and the "untar" function has to be used with caution, lest it overwrite things that are important. Code for creating and unpacking tar files is part of Python and has been for some time, but the library function has no safeguards to keep it confined to a single part of the file system. Technically, this is not a bug, it is just a failure to include handrails for a powerful function. However, researchers found that the tar function is included in many thousands of github projects, and it is unlikely that all those uses are carefully confined, so the possibility of misuse is great. No known exploits have been reported. --------------------------------------------------------------------------- More national good news/bad news re cyberprivacy Optus cyber-attack could involve customers dating back to 2017 CEO says company has not yet confirmed how many people were affected by hack, but 9.8 million was 'worst case scenario' https://www.theguardian.com/business/2022/sep/23/optus-cyber-attack-hack-data-breach-hacked-could-involve-customers-dating-back-to-2017/ Publisher: Date: Sep 22, 2022 By: Josh Taylor Summary: Optus is an Australian company that registers identity information about cellphone users. Brett Callow, a threat analyst, posted on Twitter that names and email addresses for 1.1 million Optus customers had been for sale online since 17 September. Bayer Rosmarin of Optus could not say whether that was true, but the total exposure could be as great as their total customer base of 9.8 million. ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html SEED 2022 IEEE International Symposium on Secure and Private Execution Environment Design, Virtual, September 26-27, 2022. https://seed22.engr.uconn.edu CNS 2022 IEEE Conference on Communications and Network Security, Austin, TX, USA, Hybrid, September 26-28, 2022. https://cns2022.ieee-cns.org CNS-CRW 2022 IEEE Conference on Communications and Network Security - Cyber Resilience Workshop, Austin, TX, USA, Hybrid, September 26-28, 2022. https://cns2022.ieee-cns.org/cyber-resilience-workshop ISC2 2022 8th IEEE International Smart Cities Conference, Paphos, Cyprus, September 26-29, 2022. https://attend.ieee.org/isc2-2022/call-for-papers/ IEEE Communications Magazine, Special Issue on Security of Communication Protocols in Industrial Control Systems (ICS). https://www.comsoc.org/publications/magazines/ieee-communications-magazine/cfp/security-communication-protocols-industrial Submission date: 30 September 2022 UbiSec 2022 2nd International Conference on Ubiquitous Security, Zhangjiajie, China, December 28-31, 2022. http://ubisecurity.org/2022/ Submission date: 10 October 2022 CODASPY 2023 ACM Conference on Data and Application Security and Privacy, Charlotte, NC, USA, April 24-26, 2023. http://www.codaspy.org/2023/ Submission date: 10 October 2022 USENIX Security 2023 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9-11, 2023. https://www.usenix.org/conference/usenixsecurity23/call-for-papers Submission date: 7 June 2022, 11 October 2022, and 7 February 2023 Springer Journal of Hardware and Systems Security, Special Issue on Multi-tenant Computing Security Challenges and Solutions. https://www.springer.com/journal/41635 Submission date: 15 October 2022 HOST 2023 16th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA, May 1-4, 2023. http://www.hostsymposium.org Submission date: 17 October 2022 and 16 January 2023 SecureComm 2022 18th EAI International Conference on Security and Privacy in Communication Networks, Kansas City, USA, October 17-19, 2022. https://securecomm.eai-conferences.org/2022/ IFIP 11.9 DF 2023 19th Annual IFIP WG 11.9 International Conference on Digital Forensics, SRI International, Arlington, Virginia, USA, January 30-31, 2023. http://www.ifip119.org Submission date: 31 October 2022 ACM CCS 2022, Los Angeles, U.S.A, November 7-11, 2022. https://sigsac.org/ccs/CCS2022/call-for-papers.html WPES 2022 21st Workshop on Privacy in the Electronic Society, Held in conjunction with ACM CCS 2022, Los Angeles, CA, USA, November 7, 2022. https://arc.encs.concordia.ca/wpes22/cfp.html ASHES 2022 6th Workshop on Attacks and Solutions in Hardware Security, Held in conjunction with ACM CCS 2022, Los Angeles, CA, USA, November 11, 2022. http://ashesworkshop.org SSS 2022 24th International Symposium on Stabilization, Safety, and Security of Distributed Systems, Clermont-Ferrand, France, November 15-17, 2022. https://sss2022.limos.fr/ ISPEC 2022 International Conference on Information Security Practice and Experience, Taipei, Taiwan, November 23-25, 2022. https://ispec2022.ndhu.edu.tw/ FHE 2023 2nd Annual FHE.org Conference on Fully Homomorphic Encryption, Co-located with Real World Crypto 2023, Tokyo, Japan, March 26, 2023. https://fhe.org/conferences/conference-2023/home Submission date: 19 November 2022 FSE 2023 29th Fast Software Encryption, Beijing, China, March 20-24, 2023. https://fse.iacr.org/2023/ Submission dates: 1 March 2022, 1 June 2022, 1 September 2022, and 23 November 2022 PETS 2023 23rd Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, Hybrid, July 10-14, 2023 (to be confirmed). https://petsymposium.org/cfp23.php Submission dates: 31 May 2022, 31 August 2022, 30 November 2022, 28 February, 2023 NordSec 2022 27th Nordic Conference on Secure IT Systems, Reykjavik, Iceland, November 30 - December 2, 2022. https://nordsec2022.ru.is APWG eCrime 2022 17th Symposium on Electronic Crime Research, Virtual, November 30 - Dec 2, 2022. https://apwg.org/event/ecrime2022/ Elsevier Computers & Security, Special Issue on Benefits and Outlook of Program Analysis for Systems Security. https://www.journals.elsevier.com/computers-and-security/forthcoming-special-issues/special-issue-on-benefits-and-outlook-of-program-analysis-for-systems-security?utm_campaign=STMJ_175559_CALLP_HYB&utm_medium=email&utm_acid=30314051&SIS_ID=&dgcid=STMJ_175559_CALLP_HYB&C Submission date: 1 December 2022 SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 21-25, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html Submission dates: 1 April 2022, 19 August 2022, and 2 December 2022 ASIACCS 2023 18th ACM ASIA Conference on Computer and Communications Security, Melbourne, Australia, July 10-14, 2023. https://asiaccs2023.org/ Submission date: 1 September 2022 and 15 December 2022) UbiSec 2022 2nd International Conference on Ubiquitous Security, Zhangjiajie, China, December 28-31, 2022. http://ubisecurity.org/2022/ HOST 2023 16th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA, May 1-4, 2023. http://www.hostsymposium.org Submission date: 17 October 2022 and 16 January 2023 IFIP 11.9 DF 2023 19th Annual IFIP WG 11.9 International Conference on Digital Forensics, SRI International, Arlington, Virginia, USA, January 30-31, 2023. http://www.ifip119.org USENIX Security 2023 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9-11, 2023. https://www.usenix.org/conference/usenixsecurity23/call-for-papers Submission date: 7 June 2022, 11 October 2022, and 7 February 2023 NDSS 2023 32nd Network and Distributed System Security Symposium, San Diego, California, USA, February 27 - March 3, 2023. https://www.ndss-symposium.org/ndss2023-call-for-papers/ PETS 2023 23rd Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, Hybrid, July 10-14, 2023 (to be confirmed). https://petsymposium.org/cfp23.php Submission dates: 31 May 2022, 31 August 2022, 30 November 2022, 28 February, 2023 FSE 2023 29th Fast Software Encryption, Beijing, China, March 20-24, 2023. https://fse.iacr.org/2023/ FHE 2023 2nd Annual FHE.org Conference on Fully Homomorphic Encryption, Co-located with Real World Crypto 2023, Tokyo, Japan, March 26, 2023. https://fhe.org/conferences/conference-2023/home CODASPY 2023 ACM Conference on Data and Application Security and Privacy, Charlotte, NC, USA, April 24-26, 2023. http://www.codaspy.org/2023/ HOST 2023 16th IEEE International Symposium on Hardware Oriented Security and Trust, San Jose, CA, USA, May 1-4, 2023. http://www.hostsymposium.org SP 2023 44th IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 21-25, 2023. https://www.ieee-security.org/TC/SP2023/cfpapers.html ASIACCS 2023 18th ACM ASIA Conference on Computer and Communications Security, Melbourne, Australia, July 10-14, 2023. https://asiaccs2023.org/ PETS 2023 23rd Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, Hybrid, July 10-14, 2023 (to be confirmed). https://petsymposium.org/cfp23.php USENIX Security 2023 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9-11, 2023. https://www.usenix.org/conference/usenixsecurity23/call-for-papers ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Brian Parno Rakesh Bobba Associate Professor Associate Professor Carnegie Mellon University Oregon State University tcchair at ieee-security.org https://eecs.oregonstate.edu/ people/bobba-rakesh Vice Chair: Treasurer: Gabriela Ciocarlie Yong Guan Elpha Secure Professor tcchair at ieee-security.org Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2023 Chair: Hilarie Orman Daniel Takabi Purple Streak, Inc. Associate Professor 500 S. Maple Dr. Georgia State University Woodland Hills, UT 84653 https://cas.gsu.edu/profile/daniel-takabi cipher-editor@ieee-security.org sp23-chair@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--