2008년 11월 1일 토요일

HK target in sight

토푸오 네라에~ 간바스타!!! 같은 느낌이랄까.

image

어디가 되었던 얼른 퍼블리싱... 고고싱, 꼭 좋은 저널에 퍼블리싱 되었으면 좋겠다. special issue track 을 타진 못했지만 정규 review progress 를 타더라도 3일내에 shooting 해야 한다. (11.2 현재) - 절.박.

http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html


Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy

Home

Cipher Newsletter

Cipher Calendar

Calls for Papers

Call-for-Papers Submission Guidelines

Upcoming Conferences (submission date has passed)

Past conferences and journal special issues

Last Modified:10/27/08

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

Conference/Workshop Call-for Papers

Special Issues of Journals and Handbooks

Archival journals regularly specializing in security and privacy

Special Issues of Journals and Handbooks

Ad Hoc Networks Journal, Special Issue on Privacy and Security in Wireless Sensor and Ad Hoc Networks, TBD. (Submission Due 3 November 2008) [posted here 10/27/08]
Guest editor: Wensheng Zhang (Iowa State University, USA), Sencun Zhu (The Pennsylvania State University, USA), and Guohong Cao (The Pennsylvania State University, USA)
Wireless sensor and ad hoc networks have many applications in military, homeland security and other areas. Security is critical for such networks deployed in a hostile environment. In civilian applications, however, privacy concerns of these networks could become a more serious impediment to their popular adoption. Providing privacy and security in wireless sensor and ad hoc networks is more challenging than those in traditional wired networks because wireless communications use shared medium and thus are vulnerable to many attacks. Providing privacy and security in sensor networks is further complicated by the network scale, the highly constrained system resources and the difficulty of dealing with node compromises. The main purpose of this special issue is to promote further research interests and activities on privacy and security in wireless sensor and ad hoc networks. We are interested in analytical, experimental, and systems-related papers in various aspects of privacy and security in wireless sensor and ad hoc networks. Topics of interest include:
- Key distribution and management
- Privacy issues in wireless sensor networks
- Security and Privacy issues in vehicular networks
- Location privacy and source anonymity
- Secure localization and secure routing protocols
- Trust management
- Secure data aggregation
- Authentication and authorization
- Study of attack strategies, attack modeling
- Study of tradeoffs between security and system performance
- Denial of service attacks and prevention
- Cross layer security and privacy attacks and solutions
For more information, please seehttp://www.elsevier.com/framework_products/promis_misc/ADHOC_CFP_privacysecurity.pdf.

Security and Communication Networks Journal (Wiley), Special Issue on Security and Trust Management for Dynamic Coalitions, TBD. (Submission Due 30 November 2008) [posted here 10/13/08]
Guest editor: Theo Dimitrakos (British Telecommunications plc, UK), Fabio Martinelli (Institute of Informatics and Telematics, National Research Council, Italy), and Bruce Schneier (British Telecommunications plc, USA)
There is an increasing interest and deployment of technologies that allow cooperation among entities that may act collectively. These entities may form dynamic coalitions where entities may leave and join, may show mobility aspects (either logical or physical), and may act in a collective manner. Examples of these coalitions can be found in the digital world, including: a) Crowds of users walking on the streets with advanced context aware converged telecommunication devices; b) A group of robots, manned and unmanned vehicles equipped with processors, sensors, smartphones, etc. interacting with each other, with their environment, and with a command or a control node, such as the command and control site of a defence coalition or a civil traffic control; c) A set of organizations (possibly virtual) sharing some resource for service provisions, or so called Virtual Organisations; d) Collaborative processes that use resources and services offered by partners in a Virtual Organisation; and e) Web 2.0 mash-ups and composite Web Services that are composed of services and applications offered by different service providers over a public network. These dynamic coalitions involve several technologies as peer to peer systems (P2P), mobile ad hoc networks (MANETs), and service oriented architectures such as those realised in GRID computing and Web Services Frameworks. There are several research areas identified as follows: a) Security in dynamic coalitions; b) trust in dynamic coalitions; c) security and trust interplay; and 4) secure processes and service composition. This special issue is proposed to cover research results and innovation case studies on security and trust management on dynamic coalitions. Topics of interest include but are not limited to:
- Semantics and computational models for security and trust in dynamic coalitions
- Context-based security and trust management architectures, mechanisms and policies
- Privacy and anonymity issues in trust negotiation
- Enforcing cooperation in dynamic coalitions
- Reputation and recommendation models and architectures for dynamic coalitions
- Usage control models, languages and architectures in dynamic coalitions
- Cryptographic models and mechanisms for dynamic coalitions
- Security protocols for group management
- Security for Service Oriented Architectures and Infrastructures
- Collaboration and Virtual Organization life-cycle management in dynamic coalitions
- Federated Identity Management in dynamic coalitions
- Distributed Access Control and administrative delegation in dynamic coalitions
- Policy verification and validation in order to predict the impact of changes to an infrastructure in order to support the life-cycle of a dynamic coalition
- QoS monitoring, evaluation and reporting in dynamic coalitions
- Auditing in dynamic coalitions
- Trust and security in ICT Governance and service management for dynamic coalitions
- Security frameworks for dynamic service composition
- Security frameworks for Web 2.0 service and application mash-ups
- Security and trust adaptation in dynamic coalitions
- Information management in dynamic coalitions including research in techniques for self-protecting information sets
- Trust and security aspects of Operational Support Systems (OSS) for the converged telecommunications infrastructure that underpins dynamic coalitions
For more information, please see http://www.iit.cnr.it/staff/fabio.martinelli/STM-DC.pdf.

IEEE Transactions on Information Forensics and Security, Special Issue on Electronic Voting, December 2009. (Submission Due 15 February 2009) [posted here 10/13/08]
Guest editor: Ronald L. Rivest (MIT, USA, Lead Guest Editor), David Chaum (Voting Systems Institute, USA), Bart Preneel (Katholieke Universiteit Leuven, Belgium), Aviel D. Rubin (Johns Hopkins University, USA), Donald G. Saari (University of California at Irvine, USA), and Poorvi L. Vora (The George Washington University, USA)
Following the discovery of a wide variety of flaws in electronic voting technology used in the US and other parts of the world, there has recently been a spurt of research activity related to electronic voting. The activity has been broad, ranging from the design of voting systems that specify what information is collected from voters and how it is used to determine one or many winners, through the development of cryptographic vote counting systems and the experimental security analysis of deployed voting systems, the experimental study of the usability of voting systems, to the development of methods for identifying election fraud. Most of the work has of necessity been interdisciplinary, involving contributions from experts in the areas of cryptography, computer security, information theory, political science, statistics, usability, game theory, mathematical modeling, etc. This special issue aims to provide an overview of the research area of electronic voting, with a focus on original results. The scope includes both remote and polling-place voting, and the areas of interest include, but are not limited to, the following:
- Voting theory, including voting models
- Cryptographic voting systems
- Formal security analysis of voting systems
- Experimental security analysis of voting systems
- Evaluations and ratings of voting systems
- Usability and accessibility of voting systems
- History of voting technology
- Components building-blocks of voting systems, such as anonymous voting channels and secure bulletin boards
- Fraud/anomaly detection in elections
- Political districting and the allocation of voting technology
For more information, please see http://vote.cs.gwu.edu/cfp.html.

ACM Transactions on Autonomous and Adaptive Systems (TAAS), Special Issue on Adaptive Security Systems, 2010. (Submission Due 15 March 2009) [posted here 9/29/08]
Guest editor: Yang Xiang (Central Queensland University, Australia) and Wanlei Zhou (Deakin University, Australia)
This special issue on Adaptive Security Systems in ACM TAAS focuses on autonomous and adaptive security system theories, technologies, and reallife applications. Original papers are solicited for this special issue. Suggested topics include, but are not limited to:
Adaptive Security System Theories
- Adaptive security architectures, algorithms, and protocols
- Autonomic learning mechanisms in security systems
- Intelligent attack systems and mechanisms
- Interactions between autonomic nodes of security systems
- Modeling of adaptive attack and defense mechanisms
- Theories in adaptive security systems
Adaptive Security System Technologies
- Adaptive security systems design
- Adaptive security systems implementation
- Adaptive intrusion detection/prevention systems
- Self-organizing identity management and authentication
- Adaptive defense against large-scale attacks
- Simulation and tools for adaptive security systems
Adaptive Security System Applications
- Benchmark, analysis and evaluation of adaptive security systems
- Distributed autonomous access control and trust management
- Autonomous denial-of-service attacks and countermeasures
- Autonomous wireless security systems
- Autonomous secure mobile agents and middleware
- Adaptive defense against viruses, worms, and other malicious codes
For more information, please see http://nss.cqu.edu.au/FCWViewer/getFile.do?id=23880.

Conference and Workshop Call-for-papers
October 2008

SecSE 2009 3rd Workshop on Secure Software Engineering, Held in conjunction with conjunction with ARES 2009, Fukuoka, Japan, March 16-19, 2009. (Submissions due 30 October 2008) [posted here 9/8/08]
In our modern society, software is an integral part of everyday life, and we expect and depend upon software systems to perform correctly. Software security is about ensuring that systems continue to function correctly also under malicious attack. As most systems now are web-enabled, the number of attackers with access to the system increases dramatically and thus the threat scenario changes. The traditional approach to secure a system includes putting up defence mechanisms like IDS and firewalls, but such measures are no longer sufficient by themselves. We need to be able to build better, more robust and more secure systems. Even more importantly, however, we should strive to achieve these qualities in all software systems, not just the ones that need special protection. This workshop will focus on techniques, experiences and lessons learned for engineering secure and dependable software. Suggested topics include, but are not limited to:
- Secure architecture and design
- Security in agile software development
- Aspect-oriented software development for secure software
- Security requirements
- Risk management in software projects
- Secure implementation
- Secure deployment
- Testing for security
- Quantitative measurement of security properties
- Static and dynamic analysis for security
- Verification and assurance techniques for security properties
- Lessons learned
- Security and usability
- Teaching secure software development
- Experience reports on successfully attuning developers to secure software engineering
For more information, please see http://www.sintef.no/secse.

SEC 2009 24th IFIP International Information Security Conference, Pafos, Cyprus, May 18-20, 2009. (Submissions due 30 October 2008) [posted here 10/27/08]
Papers offering novel and mature research contributions, in any aspect of information security and privacy, are solicited for submission to the conference. Papers may present theory, applications, or practical experiences on topics including but not limited to:
- Access Control
- Applications of Cryptography
- Attacks and Viral Software
- Authentication and Authorization
- Biometrics and Applications
- Critical ICT Resource Protection
- Data and System Integrity
- Data Protection, Ethics
- Digital Content Security
- Identity Management
- Information Hiding
- Information Warfare
- Internet and Web Security
- Intrusion Detection
- Peer-to-Peer Security
- Privacy Enhancing Technologies
- Risk Analysis and Management
- Secure Electronic Voting
- Secure Sensor Networks
- Secure Systems Development
- Security Architectures
- Security Economics
- Security Education
- Security Management
- Security Metrics
- Smart Cards
- SPAM, SPIT, SPIM
- Trust Management and Models
For more information, please see http://www.sec2009.org/.

November 2008

Trust 2009 2nd International Conference on Trusted Computing, St. Hugh's College, University of Oxford, UK, April 6-8, 2009. (Submissions due 2 November 2008) [posted here 8/18/08]
Building on the success of Trust 2008 (held in Villach, Austria, in March 2008), this conference focuses on trusted and trustworthy computing, both from the technical and social perspectives. The conference itself will have two main strands, one devoted to technical aspects and one devoted to the socio-economic aspects of trusted computing. The conference solicits original papers on any aspect of the design and application of trusted computing. Topics of interest include, but are not limited to:
- architecture and implementation technologies for trusted platforms
- limitations of trusted computing
- mobile trusted computing
- implementations of trusted computing (covering both hardware and software)
- applications of trusted computing
- attestation and possible variants (e.g. property-based attestation)
- cryptographic aspects of trusted computing
- intrusion resilience in trusted computing
- virtualisation for trusted computing
- security policy and management of trusted computing
- access control for trusted platforms
- privacy aspects of trusted computing
- verification of trusted computing architectures
For more information, please see http://www.trust2009.org.

SP 2009 30th IEEE Symposium on Security and Privacy, Oakland/Berkeley, California, USA, May 17-20, 2009. (Submissions due 10 November 2008) [posted here 8/11/08]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of computer security or privacy. S & P is interested in all aspects of computer security and privacy. Papers may present advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems. Papers without a clear application to security or privacy will be considered out of scope and may be rejected without full review. Topics of interest include, but are not limited to:
- Access control
- Anonymity
- Application-level security
- Attacks and defenses
- Authentication
- Distributed systems security
- Embedded system security
- Forensics
- Hardware-based security
- Information flow
- Information security
- Intrusion detection
- Malicious code
- Language-based security
- Network security
- Physical security
- Privacy-preserving systems
- Recovery
- Secure protocols
- Security architectures
- Security and privacy policies
- System security
- Usability and security
- Web security
For more information, please see http://oakland09.cs.virginia.edu.

IDtrust 2009 8th Symposium on Identity and Trust on the Internet, Gaithersburg, Maryalnd, USA, April 14-16, 2009. (Submissions due 17 November 2008) [posted here 8/11/08]
IDtrust is devoted to research and deployment experience related to making good security decisions based on identity information, especially when public key cryptography is used and the human elements of usability are considered. The success of any business strategy depends on having the right people gain access to the right information at the right time. This implies that an IT infrastructure has - among other things - an authorization framework in place that can respond to dynamic security conditions and regulatory requirements quickly, flexibly and securely. What are the authorization strategies that will succeed in the next decade? What technologies exist to address complex requirements today? What research is academia and industry pursuing to solve the problems likely to show up in the next few years? We solicit technical papers and panel proposals from researchers, systems architects, vendor engineers, and users. Suggested topics include but are not limited to:
- Reports of real-world experience with the use and deployment of identity and trust applications for broad use on the Internet (where the population of users is diverse) and within enterprises who use the Internet (where the population of users may be more limited), how best to integrate such usage into legacy systems, and future research directions. Reports may include use cases, business case scenarios, requirements, best practices, implementation and interoperability reports, usage experience, etc.
- Identity management protocols (SAML, Liberty, CardSpace, OpenID, and PKI-related protocols)
- Identity metasystems, frameworks, and systems (Shibboleth, Higgins, etc.)
- User-centric identity, delegation, reputation
- Identity and Web 2.0, secure mash-ups, social networking, trust fabric and mechanisms of 밿nvited networks�br> - Identity management of devices from RFID tags to cell phones; Host Identity Protocol (HIP)
- Federated approaches to trust
- Trust management across security domains
- Standards related to identity and trust, including X.509, SPKI/SDSI, PGP, S/MIME, XKMS, XACML, XRML, and XML signatures
- Intersection of policy-based systems, identity, and trust; identity and trust policy enforcement, policy and attribute mapping and standardization
- Attribute management, attribute-based access control
- Trust path building and certificate validation in open and closed environments
- Improved usability of identity and trust systems for users and administrators, including usability design for authorization and policy management, naming, signing, verification, encryption, use of multiple private keys, and selective disclosure
- Identity and privacy
- Levels of trust and assurance
- Trust infrastructure issues of scalability, performance, adoption, discovery, and interoperability
- Use of PKI in emerging technologies (e.g., sensor networks)
- Application domain requirements: web services, grid technologies, document signatures, (including signature validity over time), data privacy, etc.
For more information, please see http://middleware.internet2.edu/idtrust/.

ISPEC 2009 5th Information Security Practice and Experience Conference, Xi'an, China, April 13-15, 2009. (Submissions due 20 November 2008) [posted here 8/18/08]
As applications of information security technologies become pervasive, issues pertaining to their deployment and operation are becoming increasingly important. ISPEC is an annual conference that brings together researchers and practitioners to provide a confluence of new information security technologies, their applications and their integration with IT systems in various vertical sectors. Topics of interest include, but are not limited to:
- Applications of cryptography
- Critical infrastructure protection
- Digital rights management
- Information security in vertical applications
- Legal and regulatory issues
- Network security
- Privacy and anonymity
- Privacy issues in the use of smart cards and RFID systems
- Risk evaluation and security certification
- Resilience and availability
- Secure system architectures
- Security in e-commerce and e-business and other applications
- Security policy
- Security standards activities
- Trusted Computing
- Trust model and management
- Usability aspects of information security systems
For more information, please see http://www.ispec2009.net/.

SSDU 2009 3rd International Symposium on Service, Security and its Data management technologies in Ubi-comp , Geneva, Switzerland, May 4-8, 2009. (Submissions due 30 November 2008) [posted here 9/22/08]
Ubiquitous Computing (Ubi-comp) is emerging rapidly as an exciting new paradigm with user-centric environment to provide computing and communication services at any time and anywhere. In order to realize their advantages, it requires integrating security, services and data management to be suitable for Ubi-com. However, there are still many problems and major challenges awaiting for us to solve such as the security risks in ubiquitous resource sharing, which could be occurred when data resources are connected and accessed by anyone in Ubi-com. Therefore, it will be needed to explore more secure and intelligent mechanism in Ubi-com. SSDU-09 is intended to foster the dissemination of state-of-the-art research in the area of security and intelligence integrating into Ubi-com and data management technology. The main topics include but will not be limited to:
- Context-Awareness and its Data mining for Ubi-com service
- Human-Computer Interface and Interaction for Ubi-com
- Smart Homes and its business model for Ubi-com service
- Intelligent Multimedia Service and its Data management for Ubi-com
- USN / RFID for Ubi-com service
- Network security issues, protocols, data security in Ubi-com
- Database protection for Ubi-com
- Privacy Protection and Forensic in Ubi-com
- Multimedia Security in Ubi-com
- Authentication and Access control for data protection in Ubi-com
- Service, Security and its Data management for U-commerce
- New novel mechanism and Applications for Ubi-com
For more information, please see http://www.sersc.org/SSDU2009/.

December 2008

IFIP-CIP 2009 Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, Hanover, New Hampshire, USA, March 22-25, 2009. (Submissions due 31 December 2008) [posted here 7/21/08]
The IFIP Working Group 11.10 on Critical Infrastructure Protection is an active international community of researchers, infrastructure operators and policy-makers dedicated to applying scientific principles, engineering techniques and public policy to address current and future problems in information infrastructure protection. Papers are solicited in all areas of critical infrastructure protection. Areas of interest include, but are not limited to:
- Infrastructure vulnerabilities, threats and risks
- Security challenges, solutions and implementation issues
- Infrastructure sector interdependencies and security implications
- Risk analysis and risk assessment methodologies
- Modeling and simulation of critical infrastructures
- Legal, economic and policy issues related to critical infrastructure protection
- Secure information sharing
- Infrastructure protection case studies
- Distributed control systems/SCADA security
- Telecommunications network security
For more information, please see http://www.ifip1110.org.

January 2009

ACNS 2009 7th International Conference on Applied Cryptography and Network Security, Paris, France, June 2-5, 2009. (Submissions due 12 January 2009) [posted here 10/6/08]
ACNS is an annual conference concentrating on current developments that advance the areas of applied cryptography and its application to systems and network security. The goal is to represent both academic research works as well as developments in industrial and technical frontiers. Original research papers pertaining to all aspects of cryptography and network security are solicited for submission to ACNS'09. Relevant topics include but are not limited to:
- Applied Cryptography and provably-secure cryptographic protocols
- Design and analysis of efficient cryptographic primitives: public-key and symmetric-key cryptosystems, block ciphers, and hash functions
- Network security protocols
- Techniques for anonymity; trade-offs between anonymity and utility
- Integrating security into the next-generation Internet: DNS security, routing, naming, denial-of-service attacks, TCP/IP, secure multicast
- Economic fraud on the Internet: phishing, pharming, spam, and click fraud
- Email and web security
- Public key infrastructure, key management, certification, and revocation
- Security and privacy for emerging technologies: sensor networks, mobile (ad hoc) networks, peer-to-peer networks, bluetooth, 802.11, RFID
- Trust metrics and robust trust inference in distributed systems
- Security and usability
- Intellectual property protection: metering, watermarking, and digital rights management
- Modeling and protocol design for rational and malicious adversaries
- Automated analysis of protocols
For more information, please see http://acns09.di.ens.fr/.

SECURWARE 2009 3rd International Conference on Emerging Security Information, Systems and Technologies, Athens, Greece, June 14-19, 2009. (Submissions due 20 January 2009) [posted here 10/6/08]
The SECURWARE 2009 is an event covering related topics on theory and practice on security, cryptography, secure protocols, trust, privacy, confidentiality, vulnerability, intrusion detection and other areas related to low enforcement, security data mining, malware models, etc. SECURWARE 2009 Special Areas (details in the CfP on site) are:
- ARCH: Security frameworks, architectures and protocols
- SECMAN: Security management
- SECTECH: Security technologies
- SYSSEC: System security
- INFOSEC: Information security
- MALWA: Malware and Anti-malware
- ANTIFO: Anti-forensics
- PRODAM: Profiling data mining
- SECHOME: Smart home security
- SECDYN: Security and privacy in dynamic environments
- ECOSEC: Ecosystem security and trust
- CRYPTO: Cryptography
- CYBER-Threat
For more information, please see http://www.iaria.org/conferences2009/SECURWARE09.html.

February 2009

IH 2009 11th Information Hiding Workshop, Darmstadt, Germany, June 7-10, 2009. (Submissions due 1 February 2009) [posted here 9/29/08]
For many years, Information Hiding has captured the imagination of researchers: Digital watermarking and steganography protect information, conceal secrets or are used as core primitives in Digital Rights Management schemes; steganalysis and digital forensics pose important challenges to investigators; and information hiding plays an important role in anonymous communication systems. These are but a small number of related topics and issues. Current research themes include:
- Anonymous communication and privacy
- Low probability of intercept communications
- Digital forensics
- Covert/subliminal channels
- Steganography and steganalysis
- Watermarking algorithms and applications
- Security aspects of watermarking
- Novel data hiding domains
- Multimedia and document security
- Novel applications of information hiding
For more information, please see http://www.ih09.tu-darmstadt.de/.

MobiSec 2009 1st International Conference on Security and Privacy in Mobile Information and Communication Systems, Turin, Italy, June 3-5, 2009. (Submissions due 2 February 2009) [posted here 9/22/08]
The convergence of information and communication technology is most palpable in the form of intelligent mobile devices, accompanied by the advent of converged, and next-generation, communication networks. As mobile communication and information processing becomes a commodity, economy and society require protection of this precious resource. MobiSec brings together leading-edge researchers from academia and industry in the field of mobile systems security and privacy, as well as practitioners, standards developers and policymakers. Topics of interest include, but are not limited to the following focus areas:
- Security architectures for next-generation, new-generation, and converged communication networks
- Trusted mobile devices, hardware security
- Network resilience
- Threat analyses for mobile systems
- Multi-hop authentication and trust
- Non-repudiation of communication
- Context-aware and data-centric security
- Protection and safety of distributed mobile data
- Mobile application security
- Security for voice and multimedia communication
- Machine-to-machine communication security
- Trust in autonomic and opportunistic communication
- Location based applications security and privacy
- Security for the networked home environment
- Security and privacy for mobile communities
- Mobile emergency communication, public safety
- Lawful interception and mandatory data retention
- Security of mobile agents and code
- Idenity management
- Embedded security
For more information, please see http://www.mobisec.org/.

ACSISP 2009 14th Australasian Conference on Information Security and Privacy, Brisbane, Australia, July 1-3, 2009. (Submissions due 9 February 2009) [posted here 10/13/08]
Original papers pertaining to all aspects of information security and privacy are solicited for submission to the 14th Australasian Conference on Information Security and Privacy (ACISP 2009). Papers may present theory, techniques, applications and practical experiences on a variety of topics including:
- Cryptology
- Mobile communications security
- Database security
- Authentication and authorization
- Secure operating systems
- Intrusion detection
- Access control
- Security management
- Security protocols
- Network security
- Secure commercial applications
- Privacy Technologies
- Smart cards
- Key management and auditing
- Mobile agent security
- Risk assessment
- Secure electronic commerce
- Privacy and policy issues
- Copyright protection
- Security architectures and models
- Evaluation and certification
- Software protection and viruses
- Computer forensics
- Distributed system security
- Identity management
- Biometrics
For more information, please see http://conf.isi.qut.edu.au/acisp2009/.

SECRYPT 2009 International Conference on Security and Cryptography, Milan, Italy, July 7-10, 2009. (Submissions due 17 February 2009) [posted here 9/22/08]
The purpose of SECRYPT 2009 is to bring together researchers, engineers and practitioners interested on information systems and applications in the context of wireless networks and mobile technologies. Topics of interest include, but are not limited to, provided they fit in one of the following main topic areas:
Area 1: Access Control and Intrusion Detection
- Intrusion Detection and Vulnerability Assessment
- Authentication and Non-repudiation
- Identification and Authentication
- Insider Threats and Countermeasures
- Intrusion Detection & Prevention
- Identity and Trust Management
- Biometric Security
- Trust models and metrics
- Regulation and Trust Mechanisms
- Data Integrity
- Models for Authentication, Trust and Authorization
- Access Control in Computing Environments
- Multiuser Information
Area 2: Network Security and Protocols
- IPsec, VPNs and Encryption Modes
- Service and Systems Design and QoS Network Security
- Fairness Scheduling and QoS Guarantee
- Reliability and Dependability
- Web Performance and Reliability
- Denial of Service and Other Attacks
- Data and Systems Security
- Data Access & Synchronization
- GPRS and CDMA Security
- Mobile System Security
- Ubiquitous Computing Security
- Security in Localization Systems
- Sensor and Mobile Ad Hoc Network Security
- Wireless Network Security (WiFi, WiMAX, WiMedia and Others)
- Security of GSM/GPRS/UMTS Systems
- Peer-to-Peer Security
- e-Commerce Protocols and Micropayment Schemes
Area 3: Cryptographic Techniques and Key Management
- Smart Card Security
- Public Key Crypto Applications
- Coding Theory and Practice
- Spread Spectrum Systems
- Speech/Image Coding
- Shannon Theory
- Stochastic Processes
- Quantum Information Processing
- Mobile Code & Agent Security
- Digital Rights Management
Area 4: Information Assurance
- Planning Security
- Risk Assessment
- Security Area Control
- Organizational Security Policies and Responsibility
- Security Through Collaboration
- Human Factors and Human Behaviour Recognition Techniques
- Ethical and Legal Implications
- Intrusive, Explicit Security vs. Invisible, Implicit Computing
- Information Hiding
- Information Systems Auditing
- Management of Computing Security
Area 5: Security in Information Systems
- Security for Grid Computing
- Secure Software Development Methodologies
- Security for Web Services
- Security for Databases and Data Warehouses
- e-Health
- Security Engineering
- Security Information Systems Architectures
- Security Requirements
- Security Metrics
- Personal Data Protection
- XML Security
- Workflow and Business Process Security
For more information, please see http://www.secrypt.org/.

DBSEC 2009 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Montreal, Canada, July 12-15, 2009. (Submissions due 20 February 2009) [posted here 10/27/08]
The 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security provides a forum for presenting original unpublished research results, practical experiences, and innovative ideas in data and applications security. Papers and panel proposals are also solicited. Papers may present theory, techniques, applications, or practical experience on topics of relevance to IFIP WG 11.3:
- Access Control
- Applied cryptography in data security
- Identity theft and countermeasures
- Integrity maintenance
- Intrusion detection
- Knowledge discovery and privacy
- Organizational security
- Privacy and privacy-preserving data management
- Secure transaction processing
- Secure information integration
- Secure Semantic Web
- Secure sensor monitoring
- Secure Web Services
- Threats, vulnerabilities, and risk management
- Trust management
Additional topics of interest include (but are not limited to): Critical Infrastructure Protection, Cyber Terrorism, Information Warfare, Database Forensics, Electronic Commerce Security, and Security in Digital Health Care.
For more information, please see http://www.ciise.concordia.ca/dbsec09/.

March 2009

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Michael Shamos
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: George Cybenko
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found athttp://computer.org/security/.

ACM Transactions on Information and System Security,   Editor-in-Chief: Michael Reiter
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravishankar K. Iyer
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement뾲hrough design, modeling, and evaluation뾬f systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page athttp://www.computer.org/tdsc/.

The Kluwer International Series on ADVANCES IN INFORMATION SECURITY.
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series will serve as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact either Sushil Jajodia (jajodia@gmu.edu,703-993-1653) or Lance Wobus (lance.wobus@wkap.com, 781-681-0602)
Journal of Computer Security,   Editor-in-Chief: Sushil Jadodia and Jonathan Millen
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. Submissions: send six copies to one of the editors in chief: Sushil Jadodia, CSIS, George Mason University, 440 University Drive, Fairfax, VA 22030, or Jonathan Millen, The MITRE Corporation, 202 Burlington Rd., Bedford, MA. Subscriptions: contact IOS Press, Niewe Hemweg 6B, 1013 BG Amsterdam, Netherlands, (e-mail: order@iospress.nl) for information about individual or institutional subscriptions or back issues. More information is given on the journal web page athttp://www.mitre.org/jcs.
Computers & Security,   Editor-in-Chief: E. Schultz
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. Four copies of papers from 5-10,000 words should be sent to the editor, N. Dudley, at Elsevier Advanced Technology, P.O. Box 150, Kidlington, Oxford, OX5 1AS, United Kingdom. Telephones: voice +44(0)1865 843848 / 843000; fax +44 (0) 1865 843971.  More information can be found athttp://www.elsevier.com/locate/issn/01674048.
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; C.A. Meadows; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page athttp://link.springer.de/link/service/journals/10207/index.htm.
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.nchu.edu.tw/.
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online athttp://www.inderscience.com/ijsn/. More information is given on the journal web page athttp://www.inderscience.com/ijsn/.
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page athttp://www.elsevier.com/locate/ijcip.
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: Pierre Moulin
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, viasps-ieee.manuscriptcentral.com.  More information can be found athttp://www.ieee.org/organizations/society/sp/tifs.html.