_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 172 March 22, 2023 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o Sven Dietrich's review of the book, "Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us" by Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra o News From the Media - Did They Or Didn't They? Only Their Lockbit Knows for Sure - I Thought YOU Patched the VMware Bug ... - Inglis, Outglis - Election Meddling as a Service - Russia Revs Up Cyber Attacks Against Germany o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: In a naval fleet, the admiral's ship carries a distinguishing banner, making it the "flagship". The Technical Committee on Security and Privacy has a fleet of conferences, and the flagship conference is now booking passengers, by which we mean that registration is open for Security and Privacy 2023, the conference historically known as "Oakland" that is now held in San Francisco. The conference will be held May 22-24, and virtual and in-person attendance options are available. The preliminary list of accepted papers shows the broad spectrum of subject matter, from queue contention side channels to malleable encryption to high school courses on cybersecurity. Prior to the S&P conference, the Hardware Oriented Security and Trust event will be held in San Jose May 1-4. July is the time for European events, and the European Security and Privacy conference will be held in Delft, The Netherlands on July 3 - 7, followed immediately by the Computer Security Foundations conference in Dubrovnik, Croatia. The newest of the security conference fleet is the Secure Development Conference which sails October 18 - 20 in Atlanta. If you've found it difficult to explain computer security to people, you might try a different tack. This month we have Sven Dietrich's review of a book that seeks to explain computer security by tackling the myths that have grown up around it. Recently I spent some time trying to locate copies of technical reports about security and privacy that were published in the 1970s. I was surprised to learn that many companies deemed the cost of scanning and archiving the material to be too high, and paper was discarded when the libraries were eliminated. My professional life began on the cusp of digital documents. We used computers to write and print reports, but we did not have any expectation of long-term digital storage, so we kept paper copies of anything important. There is no WayBack machine for the filing cabinets that have been discarded and are probably being discarded right now, so there is a an information chasm opening up between those few decades at the beginning of the digital information era and the Internet era. Sic transit charta. Ransomware, ransomware, We logged in, and we got quite a scare. The files were jumbled, The data tumbled, The whole site needed some repair. We were prepared, we'd taken care, To make backups that were copied everywhere. We'll just write it over, we'll copy over, And we'll be restoring 'til it's over Ransomware. (With apologies to George M. Cohan and WWI) Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ____________________________________________________________________ Book Review By Sven Dietrich March 19, 2023 ____________________________________________________________________ "Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us" By Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra Pearson, Addison-Wesley, 2023. ISBN ISBN-10 0137929234, ISBN-13 978-0137929238 With a foreword by Vint Cerf 416 plus xxxv pages, First edition "Email is Private." "A VPN makes you anonymous." These are sample statements that you will find in this new book by "Spaf," also known as Gene Spafford at Purdue University, a household name when it comes to cybersecurity. These statements are of course meant to make you cringe, to question the status quo, and to delve deeper into the "whys" and "why nots"... Spaf teamed up with Leigh Metcalf and Josiah Dykstra to write this 400+-page book on demystifying cybersecurity a little and to give you the skills to bust those myths and "mythconceptions." The book is well written, with additional text boxes sprinkled throughout for examples or contextual background. Black and white illustrations, sometimes technical diagrams, sometimes funny cartoons, complement the actual text. A foreword by Internet pioneer Vint Cerf rounds off the writing of this book. The book is divided into four parts, with sixteen chapters in an uneven distribution over those four parts. The first part talks about 'General Issues' and contains the two chapters 'What is Cybersecurity?' and 'What is the Internet?' The second part 'Human Issues' covers five chapters, including on faulty assumptions, fallacies, and cognitive biases. The third part is the largest, with six chapters, on 'Contextual Issues', and talks about some pitfalls of analogies, legal issues, vulnerabilities, malware, and digital forensics. The fourth part 'Data Issues' includes three chapters on statistics and lies, illustrations, diagrams, and visualization, and least but not least about 'Finding Hope.' Perhaps an upbeat note about a light at the end of the tunnel? After that last part, an appendix also adds some background explanations and an acronym list helps with the letter mixes. As for further reading, the reader can find references at the end of each chapter in a contextual manner, rather than a single reference list at the end of the book. Still, those references will help you understand the well-described problems even better. At 175+ myth-busting statements in this book, if you space it out right at a dosage of reading one statement (typically a few paragraphs long, sometimes longer) once every two days, you could be stretching it to about a year. Given the "slow release" nature of these knowledge injections that truly get under your skin, they won't wear off right away and get you through the next day. Oh, and don't forget to laugh here and there while reading this book. Or this review, for that matter. Overall I liked reading this book: it covers so many topics in cybersecurity that needed this special treatise by Spaf and his co-authors Leigh Metcalf and Josiah Dykstra. It may make the reader experience the (more than) occasional "Aha!" moment. It will definitely find a spot on my bookshelf, to be readily retrieved upon an unsuspecting visitor to my office asking whether "Artificial Intelligence and Machine Learning Can Solve All Cybersecurity Problems." Of course... take a look over here... I hope you will enjoy reading this book as much as I did. --------------------------------------------- Sven Dietrich reviews technology and security books for IEEE Cipher. He welcomes your thoughts at spock at ieee dot org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ------------------------------------------------------------------------------ Did They Or Didn't They? Only Their Lockbit Knows for Sure Hackers who breached ION say ransom paid; company declines comment https://www.reuters.com/technology/hackers-say-ransom-paid-case-derivatives-data-firm-ion-company-declines-comment-2023-02-03/ Date: February 3, 2023 Publisher: Reuters By: Raphael Satter Summary: International trading through the financial firm ION was hampered for several days due to an apparent ransomware attack by the group known as Lockbit. The hacker group claimed that they were paid not by ION directly but by someone oddly described as a "very rich unknown philanthropist." Allegedly that is why they delisted ION from their hacker "wall of shame", an online list of claimed recent victims. ------------------------------------------------------------------------------ I Thought YOU Patched the VMware Bug ... Italy warns hackers targeting known server vulnerability https://www.reuters.com/world/europe/italy-sounds-alarm-large-scale-computer-hacking-attack-2023-02-05/ Date: February 5, 2023 Publisher: Reuters Summary: A year ago VMware discovered a vulnerability and issued remediation software. This year, Italy's National Cybersecurity Agency ACN announced that thousands of computer servers around the world had been "targeted" by hackers looking to exploit the vulnerability. Dozens of Italian computer systems were affected by breaches. The U.S. Cybersecurity and Infrastructure Security Agency said it as working to assess impacts and possibly to provide assistance. ------------------------------------------------------------------------------ Inglis, Outglis Top White House cyber official set to retire next week https://www.cnn.com/2023/02/08/politics/white-house-cyber-director-inglis-retires/index.html Date: February 8, 2023 Publisher: CNN By: Sean Lyngaas Summary: Chris Inglis, who has over four decades of government experience in national security, and who has been the White House's National Cyber Director, resigned on February 15. In December, Republican and Democratic lawmakers with interest in cybersecurity asked Inglis to finish the national cybersecurity strategy before leaving, but now it was unclear when the strategy will be completed (see below). Former Microsoft executive Kemba Eneas Walden is now acting director. The most recent activity mentioned on the OCND webpage is a roundtable on "The State of Cybersecurity in the Black Community." ------------------------------ FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/ Date: March 02, 2023 Publisher: White House By: Press Release Summary: The US National Cybersecurity Strategy describes itself as making fundamental shifts in roles, responsibilities, and resources. It markedly addresses what we assume are software and hardware manufacturers. The two key points are: We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us. We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future. ------------------------------------------------------------------------------ Election Meddling as a Service Revealed: the hacking and disinformation team meddling in elections 'Team Jorge' unit exposed by undercover investigation Group sells hacking services and access to vast army of fake social media profiles Evidence unit behind disinformation campaigns across world Mastermind Tal Hanan claims covert involvement in 33 presidential elections Tal Hanan has always denied any wrongdoing. https://www.theguardian.com/world/2023/feb/15/revealed-disinformation-team-jorge-claim-meddling-elections-tal-hanan Date: 14 Feb 2023 Publisher: The Guardian By: Stephanie Kirchgaessner, Manisha Ganguly, David Pegg, Carole Cadwalladr and Jason Burke Summary: The French nonprofit organization, Forbidden Stories, coordinated a team of journalists to uncover the activities of an Israeli disinformation service called "Team Jorge." They have a "vast army" of false personae (avatars) on social media, some with financial accounts backed by assets like credit cards and cryptocurrencies. They can be hired as election influencers by governments and corporations. The group's leader is Tal Hanan, someone who is said to have been working in this disinformation area for two decades. He denies any "wrongdoing". The original report from Forbidden Stories: https://forbiddenstories.org/story-killers/team-jorge-disinformation/ ------------------------------------------------------------------------------ Russia Revs Up Cyber Attacks Against Germany German minister warns of 'massive' danger from Russian hackers Nancy Faeser says Ukraine war has exacerbated German cybersecurity concerns https://www.theguardian.com/world/2023/feb/26/german-minister-warns-of-massive-danger-from-russian-hackers Date: 26 Feb 2023 Publisher: The Guardian By: Kate Connolly Summary: Germany reports that it sees increases in cyber-attacks each time it takes an action that opposes Russia's war in Ukraine. The German government announced expansion of its Federal Office for Information Security (BSI). They have called on federal and regional sectors to repel attacks and develop new protection methods. A Google analysis indicated that Moscow was actively recruiting private hacker groups. The Google report: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/ The actual scope of the current damage is unclear, but in 2015 the German parliament IT infrastructure was severely compromised by what is believed to be a Russian attack. ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== The Department of Computer Science at the Vrije Universiteit Amsterdam offers three open positions for assistant/associate professor in the area of security, related to theory, vulnerability research, and AI. Assistant/associate professor tenure track in security theory https://werkenbij.vu.nl/ad/assistant-associate-professor-tenure-track-in-security-theory/d5balg Assistant professor tenure track in security vulnerability research https://werkenbij.vu.nl/ad/assistant-professor-tenure-track-in-security-vulnerability-research/7s7dny Assistant professor career track in security and AI https://werkenbij.vu.nl/ad/assistant-professor-career-track-in-security-and-ai/n5e8bt Deadline for applications is April 13, 2023. http://cisr.nps.edu/jobscipher.html -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman, The Call-For-Papers List is maintained by Yong Guan. Date (Month/Day/Year), Event, Locations, web page for more info. FSE 2023 29th Fast Software Encryption, Beijing, China, March 20-24, 2023. https://fse.iacr.org/2023/ WTMC 2023 8th International Workshop on Traffic Measurements for Cybersecurity, Co-located with 8th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2023), Delft, The Netherlands, July 7, 2023. https://wtmc.info/ Submission date: 22 March 2023 RAID 2023 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, October 16-18, 2023. https://raid2023.org/call.html Submission date: 23 March 2023 FHE 2023 2nd Annual FHE.org Conference on Fully Homomorphic Encryption, Co-located with Real World Crypto 2023, Tokyo, Japan, March 26, 2023. https://fhe.org/conferences/conference-2023/home Journal of Systems Architecture, Special Issue on Distributed Learning and Blockchain Enabled Infrastructures for Next Generation of Big Data Driven Cyber-Physical Systems. https://www.sciencedirect.com/journal/journal-of-systems-architecture/about/call-for-papers#distributed-learning-and-blockchain-enabled-infrastructures-for-next-generation-of-big-data-driven-cyber-physical-systems Submission date: 31 March 2023 CODASPY 2023 ACM Conference on Data and Application Security and Privacy, Charlotte, NC, USA, April 24-26, 2023. http://www.codaspy.org/2023/ C&ESAR 2023 Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge), Rennes, France, November 21-22, 2023. https://2023.cesar-conference.org Submission dates: 26 April 2023, 10 May 2023, and 30 August 2023 OSNeHM 2023 1st International workshop on Online Social Networks in the Human-centric Metaverse, Co-located with the Web Conference 2023, April 30 - May 4, 2023, Austin, Texas, USA, https://osnehm.iit.cnr.it/ HOST 2023 16th IEEE International Symposium on Hardware Oriented Security and Trust, May 1-4, 2023, San Jose, CA, USA, http://www.hostsymposium.org CCS 2023 30th ACM Conference on Computer and Communications Security, Copenhagen, Denmark, November 26-30, 2023. https://www.sigsac.org/ccs/CCS2023/index.html Submission dates: 19 January 2023 and 4 May 2023 C&ESAR 2023 Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge), Rennes, France, November 21-22, 2023. https://2023.cesar-conference.org Submission dates: 26 April 2023, 10 May 2023, and 30 August 2023 CUING 2023 7th International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 - September 1, 2023, Benevento, Italy, https://www.ares-conference.eu/workshops/cuing-2023/ Submission date: 22 May 2023 ENS 2023 5th International Workshop on Emerging Network Security, Held in conjunction with the 18th International Conference on Availability, Reliability and Security (ARES 2023), Benevento, Italy, August 29 - September 1, 2023. https://www.ares-conference.eu/workshops-eu-symposium/ens-2023/ Submission date: 22 May 2023 SP 2023 44th IEEE Symposium on Security and Privacy, May 22-26, 2023, San Francisco, CA, USA, https://www.ieee-security.org/TC/SP2023/cfpapers.html ESORICS 2023 28th European Symposium on Research in Computer Security, The Hague, Netherlands, September 25-29, 2023. https://esorics2023.org Submission dates: 22 January 2023 and 28 May 2023 SecDev 2023 IEEE Secure Development Conference, Atlanta, GA, USA, October 18-20, 2023. https://secdev.ieee.org/2023/home Submission date: 2 June 2023 USENIX Security 2024 33rd USENIX Security Symposium, Philadelphia, PA, USA, August 14-16, 2024. https://www.usenix.org/conference/usenixsecurity24 Submission dates: 6 June 2023, 17 October 2023, and 8 February 2024 SecMT 2023 International Workshop on Security in Mobile Technologies, Held in conjunction with ACNS2023, Kyoto, Japan, June 19-22, 2023. https://spritz.math.unipd.it/events/2023/ACNS_Workshop/index.html SecSoft 2023 5th International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures, Co-located with IEEE NetSoft 2023, Madrid, Spain, June 23, 2023. https://www.secsoft-workshop.org/ MetaCom 2023 International Conference on Metaverse Computing, Networking and Applications, Kyoto, Japan, June 26-28, 2023. http://www.ieee-metacom.org/2023 CSCML 2023 7th International Symposium on Cyber Security Cryptography and Machine Learning, Virtually, Beer-Sheva, Israel, June 29-30, 2023. https://www.cscml.org/cscml2023 Euro S&P 2023 8th IEEE European Symposium on Security and Privacy, Delft, Netherlands, July 3-7, 2023. https://eurosp2023.ieee-security.org/cfp.html WTMC 2023 8th International Workshop on Traffic Measurements for Cybersecurity, Co-located with 8th IEEE European Symposium on Security and Privacy (IEEE EuroS&P 2023), Delft, The Netherlands, July 7, 2023. https://wtmc.info/ DFRWS 2023 23rd Annual Digital Forensics Research Conference, Baltimore, MD, USA, July 9-12, 2023. https://dfrws.org/conferences/dfrws-usa-2023/ SECRYPT 2023 20th International Conference on Security and Cryptography, Rome, Italy, July 10-12, 2023. https://secrypt.scitevents.org ASIACCS 2023 18th ACM ASIA Conference on Computer and Communications Security, Melbourne, Australia, July 10-14, 2023. https://asiaccs2023.org/ PETS 2023 23rd Privacy Enhancing Technologies Symposium, Lausanne, Switzerland, Hybrid, July 10-15, 2023. https://petsymposium.org/cfp23.php CSF 2023 36th IEEE Computer Security Foundations Symposium, Dubrovnik, Croatia, July 10-14, 2023. https://csf2023.ieee-security.org USENIX Security 2023 32nd USENIX Security Symposium, Anaheim, CA, USA, August 9-11, 2023. https://www.usenix.org/conference/usenixsecurity23/call-for-papers NSS 2023 17th International Conference on Network and System Security, Canterbury, UK, August 14-16, 2023. ttps://nss2023.cyber.kent.ac.uk/ CUING 2023 7th International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 18th International Conference on Availability, Reliability and Security (ARES 2023), Benevento, Italy, August 29 - September 1, 2023. https://www.ares-conference.eu/workshops/cuing-2023/ ENS 2023 5th International Workshop on Emerging Network Security, Held in conjunction with the 18th International Conference on Availability, Reliability and Security (ARES 2023), Benevento, Italy, August 29 - September 1, 2023. https://www.ares-conference.eu/workshops-eu-symposium/ens-2023/ C&ESAR 2023 Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge), Rennes, France, November 21-22, 2023. https://2023.cesar-conference.org Submission dates: 26 April 2023, 10 May 2023, and 30 August 2023 ESORICS 2023 28th European Symposium on Research in Computer Security, The Hague, Netherlands, September 25-29, 2023. https://esorics2023.org RAID 2023 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, October 16-18, 2023. https://raid2023.org/call.html USENIX Security 2024 33rd USENIX Security Symposium, Philadelphia, PA, USA, August 14-16, 2024. https://www.usenix.org/conference/usenixsecurity24 Submission dates: 6 June 2023, 17 October 2023, and 8 February 2024 SecDev 2023 IEEE Secure Development Conference, Atlanta, GA, USA, October 18-20, 2023. https://secdev.ieee.org/2023/home C&ESAR 2023 Cybersecurity of Smart Peripheral Devices (Mobiles / IoT / Edge), Rennes, France, November 21-22, 2023. https://2023.cesar-conference.org CCS 2023 30th ACM Conference on Computer and Communications Security, Copenhagen, Denmark, November 26-30, 2023. https://www.sigsac.org/ccs/CCS2023/index.html USENIX Security 2024 33rd USENIX Security Symposium, Philadelphia, PA, USA, August 14-16, 2024. https://www.usenix.org/conference/usenixsecurity24 Submission dates: 6 June 2023, 17 October 2023, and 8 February 2024 USENIX Security 2024 33rd USENIX Security Symposium, Philadelphia, PA, USA, August 14-16, 2024. https://www.usenix.org/conference/usenixsecurity24 ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE European Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Brian Parno Rakesh Bobba Associate Professor Associate Professor Carnegie Mellon University Oregon State University tcchair at ieee-security.org https://eecs.oregonstate.edu/ people/bobba-rakesh Vice Chair: Treasurer: Gabriela Ciocarlie Yong Guan Elpha Secure Professor tcchair at ieee-security.org Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor: Security and Privacy Symposium, 2023 Chair: Hilarie Orman Daniel Takabi Purple Streak, Inc. Associate Professor 500 S. Maple Dr. Georgia State University Woodland Hills, UT 84653 https://cas.gsu.edu/profile/daniel-takabi cipher-editor@ieee-security.org sp23-chair@ieee-security.org TC Awards Chair: Tegan Brennan Assistant Professor Stevens Institute of Technology tbrenna5 at stevens.edu ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year --=====================_purplestreak_932242421235479791===--