Category Archives: Call for papers

Conference announcements, etc.

Two invitations to Cambridge

Two invitations to Cambridge (UK):

2025-03-25: the Rossfest Symposium, in honour of Ross Anderson (1956-2024)
https://www.cl.cam.ac.uk/events/rossfest/

2025-03-26 and 27: the 29th Security Protocols Workshop
https://www.cl.cam.ac.uk/events/spw/2025/

Start writing, and sign up here for updates on either or both:
https://forms.gle/Em9Hy43aRqrdGmd17

The Rossfest Symposium and its posthumous Festschrift is a celebration and remembrance of our friend and colleague Ross Anderson, who passed away suddenly on 28 March 2024, aged 67.

Ross Anderson FRS FRSE FREng was Professor of Security Engineering at the University of Cambridge and lately also at the University of Edinburgh. He was a world-leading figure in security. He had a gift for pulling together the relevant key people and opening up a new subfield of security research by convening a workshop on the topic that would then go on to become an established series, from Fast Software Encryption to Information Hiding, Scrambling for Safety, Workshop on Economics and Information Security, Security and Human Behavior and so forth. He co-authored around 300 papers. His encyclopedic Security Engineering textbook (well over 1000 pages) is dense with both war stories and references to research papers. An inspiring and encouraging supervisor, Ross graduated around thirty PhD students. And as a contagiously enthusiastic public speaker he inspired thousands of researchers around the world.

The Rossfest Symposium is an opportunity for all of us who were touched by Ross to get together and celebrate his legacy.

The Festschrift volume

Scientific papers

We solicit scientific contributions to a posthumous Festschrift volume, in the form of short, punchy papers on any security-related topic. These submissions will undergo a lightweight review process by a Program Committee composed of former PhD students of Ross:

Accepted papers will be published in the Festschrift book and presented at the event. For a subset of the accepted papers, the authors will be invited to submit an expanded version to a special issue of the Journal of Cybersecurity honouring Ross’s scholarly contributions and legacy.

Submissions are limited to five pages in LNCS format (we did say short and punchy!) and will get an equally short presentation slot at the Rossfest. Let’s keep it snappy, as Ross himself would have liked. Five pages excluding bibliography and any appendices, that is, and maximum eight pages total.

Topic-wise, anything related to security, taking the word in its broadest sense, is fair game, from cryptography and systems to economics, psychology, policy and much more, spanning the wide spectrum of fields that Ross himself explored over the course of his career. But make it a scientific contribution rather than just an opinion piece.

Authors will grant us a licence to publish and distribute their articles in the Festschrift but will retain copyright and will be able to put their articles on their web pages or resubmit them wherever else they like. We won’t ask for article charges for publishing in the Festschrift. Bound copies of the Festschrift volume will be available to purchase at cost during the Rossfest Symposium, or later through print-on-demand. A DRM-free PDF will be available online at no charge.

Informal memories

We also solicit informal “cherished memories” contributions along the lines of those collected by Ahn Vu at anderson.love. These too will be collected in the volume and a selection of them will be presented orally at the event.

The Rossfest Symposium

The Rossfest Symposium will last the whole day and will take place at the Computer Laboratory (a.k.a. the Department of Computer Science and Technology of the University of Cambridge), where Ross taught, researched and originally obtained his own PhD. Street address: 15 JJ Thomson Avenue, Cambridge CB3 0FD, UK.

Attendance at the Rossfest Symposium is free and not conditional on the submission of a contribution, but registration will be required for us to manage numbers and catering.

In the evening there shall also be a formal celebration banquet at Trinity College. To attend, please purchase a ticket. Registration and payment links shall appear on this page in due course. Street address: Trinity Street, Cambridge CB2 1TQ, UK.

We have timed the Rossfest to be adjacent in time and space to the Security Protocols Workshop, an event that Ross regularly attended. The SPW will take place in Trinity College Cambridge on 26 and 27 March 2025. This will allow you to attend both events with a single trip to Cambridge. Note that attendance at SPW requires presenting a position paper: unlike the Rossfest, at SPW all attendees must also speak.

Accommodation in Cambridge

The chosen dates are out of term, meaning you might be able to book a room in one of the 31 colleges through www.universityrooms.com. Otherwise, consider www.airbnb.comwww.booking.comwww.expedia.com or your favourite online booking aggregator.

Sign up

To receive notifications (e.g. “the registration and payment links are now up”), sign up on this Google form. Self-service unsubscribe at any time.

Dates

25 November 2024: Deadline for submission of Festschrift articles
23 December 2024: Invitations to authors to present orally
13 January 2025: Early bird (discounted) registration deadline for banquet
10 February 2025: Final registration deadline for banquet and symposium
25 March 2025: Rossfest Symposium (and optional banquet)
26-27 March 2025: Security Protocols Workshop (unrelated but possibly of interest)

The Twenty-ninth International Workshop on Security Protocols will take place from Wednesday 26 March to Thursday 27 March 2025 in Cambridge, United Kingdom. It will be dedicated to the memory of Ross Anderson and preceded by the Rossfest Symposium, which will take place on Tuesday 25 March 2025, also in Cambridge, UK. Come to both!

As in previous years, attendance at the International Workshop on Security Protocols is by invitation only.  (How do I get invited? Submit a position paper.)

Theme

The theme of the 2025 workshop is: “Controversial Security – In honour of Ross Anderson”. In other words, “any security topic that Ross Anderson might have wanted to debate with you”, which leaves you with plenty of leeway.

This is a workshop for discussion of novel ideas, rather than a conference for finished work. We seek papers that are likely to stimulate an interesting discussion. New authors are encouraged to browse through past volumes of post-proceedings (search for Security Protocols Workshop in the Springer LNCS series) to get a flavour for the variety and diversity of topics that have been accepted in past years, as well as the lively discussion that has accompanied them.

Details

The long-running Security Protocols Workshop has hosted lively debates with many security luminaries (the late Robert Morris, chief scientist at the NSA and well known for his pioneering work on Unix passwords, used to be a regular) and continues to provide a formative event for young researchers. The post-proceedings, published in LNCS, contain not only the refereed papers but the curated transcripts of the ensuing discussions (see the website for pointers to past volumes).

Attendance is by invitation only. To be considered for invitation you must submit a position paper: it will not be possible to come along as just a member of the audience. Start writing now! “Writing the paper is how you develop the idea in the first place”, in the wise words of Simon Peyton-Jones.

The Security Protocols Workshop is, and has always been, highly interactive. We actively encourage participants to interrupt and challenge the speaker. The presented position papers will be revised and enhanced before publication as a consequence of such debates. We believe the interactive debates during the presentations, and the spontaneous technical discussions during breaks, meals and the formal dinner, are part of the DNA of our workshop. We encourage you to present stimulating and disruptive ideas that are still at an initial stage, rather than “done and dusted” completed papers of the kind that a top-tier conference would expect. We are interested in eliciting interesting discussion rather than collecting archival material.

Submissions

Short indicative submissions are preferred. You will have the opportunity to extend and revise your paper both before the pre-proceedings are issued, and again after the workshop. At the workshop, you will be expected to spend a few minutes introducing the idea of your paper, in a way that facilitates a longer more general discussion. Pre-proceedings will be provided at the workshop. See the Submission page for more details.

Committee

• Fabio Massacci (Program Chair), University of Trento / Vrije Universiteit Amsterdam
• Frank Stajano (General Chair), University of Cambridge
• Vashek (Vaclav) Matyas, Masaryk University
• Jonathan Anderson, Memorial University
• Mark Lomas, Capgemini

Accommodation in Cambridge

The chosen dates are out of term, meaning you might be able to book a room in one of the 31 colleges through www.universityrooms.com. Otherwise, consider www.airbnb.comwww.booking.comwww.expedia.com or your favourite online booking aggregator.

Dates

25 November 2024: Submission of position papers
23 December 2024: Invitations to authors
13 January 2025: Early bird (discounted) registration deadline
3 February 2025: Revised papers due
10 February 2025: Final registration deadline
25 March 2025: Rossfest Symposium (unrelated but possibly of interest)
26-27 March 2025: Security Protocols Workshop

For further details visit the web page at the top of this message. To be notified when the registration and paper submission pages open, , sign up on this Google form. Self-service unsubscribe at any time.

WEIS 2022 call for papers

The 2022 Workshop on the Economics of Information Security will be held at Tulsa, Oklahoma, on 21-22 June 2022. Paper submissions are due by 28 February 2022. After two virtual events we’re eager to get back to meeting in person if we possibly can.

The program chairs for 2022 are Sadia Afroz and Laura Brandimarte, and here is the call for papers.

We originally set this as 20-21, being unaware that June 20 is the Juneteenth holiday in the USA. Sorry about that.

Anyway, we hope to see lots of you in Tulsa!

CfP: BSides London 2017

====================================================================
BSides London 2017
7th June 2017
ILEC Conference Centre, 47 Lillie Road London, SW6 1UD
https://www.securitybsides.org.uk/
====================================================================

We invite proposals for BSides London 2017, to be held on the 7th June, 2017 in London, UK.

Please note that all submissions must be submitted at: https://bit.ly/BSidesLDN2017CFP

———————————————————

Important dates

CfP opens – February 14th
CfP closes – March 27th
Voting on CFP Open – March 30th
Voting on CFP Close – April 13th
email notification to proposers – April 14th
Deadline for speakers to confirm attendance – April 21st
BSides London schedule published – May 1st
BSides London! – June 7th, 2017

(All deadlines are 11:59pm GMT)

———————————————————

What is BSides?

Each BSides is a community-driven framework for building events for and by information security community members.  The goal is to expand the spectrum of conversation beyond the traditional confines of space and time.  It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening.

———————————————————

Scope

This year our focus will be on a theme that is a fundamental to InfoSec: “Sharing is Caring: Disclosure, leaks as well as knowledge transfer it is all about sharing”. We seek original contributions that present attacks, analyses, designs, applications, protocols, systems, practical experiences, and theory. As usual the theme is not prescriptive, and proposals may include (but are not limited to) the following topics:

* Information technology
* Network security & Cryptography
* Web Application security
* Mobile security
* Usable security
* Virtualization and cloud computing
* Innovative attack / defense strategies
* Forensics / Malware
* Embedded device security / IoT
* Physical security and lockpicking
* Biometrics
* Hardware hacking
* Biohacking and modification
* Open source software
* Robotics (bonus points for bringing an actual robot)
* Massive abuse of technology
* Evolutionary computing
* Ethical and philosophical implications of hacking

———————————————————

Advice to  presenters

PRESENTATIONS should describe novel technical contributions within the scope of the call. The presentations will be subjected to open (non-blind) peer review by the organising committee.  The allotted time for each presentation will typically be between 45 minutes to 1 hour (including Q&A); though shorter presentations are also welcome.

Remember that our participants’ backgrounds and experience are varied. There must be something for everyone, so when choosing a subject go with something you are comfortable with no matter the difficulty level. Your presentation should tell us a story:

– Here is a problem
– It’s an interesting problem
– It’s an unsolved problem
– Here is my idea
– My idea works (details, data)
– Here’s how my idea compares to other people’s approaches

If your talk is not selected, please keep in mind that we aim to provide a “lighting talks” track where speakers can present their topics on a first come/first served basis.

Best of luck and thanks for being part of Security BSides London! For additional information or questions regarding the process please email cfp at securitybsides.org.uk

———————————————————

Organization

As in previous years, the schedule for BSides London 2017 will be selected by public vote.

CFP: Passwords 2016

====================================================================
Call for Papers
The 11th International Conference on Passwords
PASSWORDS 2016

5-7 December 2016
Ruhr-University Bochum, Germany

https://passwords2016.rub.de/
https://passwordscon.org/
====================================================================

The Passwords conference was launched in 2010 as a response to
the lack of robustness and usability of current personal
authentication practices and solutions. Annual participation has
doubled over the past three years. Since 2014, the conference
accepts peer-reviewed papers.

* IMPORTANT DATES *

Research papers and short papers:
– Title and abstract submission: EXTENDED TO 2016-08-22 2016-07-04  (23:59 UTC-11)
– Paper submission: EXTENDED TO 2016-08-29 2016-07-11 (23:59 UTC-11)
– Notification of acceptance: 2016-10-17 2016-09-05
– Camera-ready from authors: 2016-10-31 2016-09-19

Hacker Talks:
– Talk proposal submission: 2016-09-15 (23:59 UTC-11)
– Notification of acceptance: 2016-09-30

* CONFERENCE AIM *

More than half a billion user passwords have been compromised
over the last five years, including breaches at internet
companies such as Target, Adobe, Heartland, Forbes, LinkedIn,
Yahoo, and LivingSocial. Yet passwords, PIN codes, and similar
remain the most prevalent method of personal
authentication. Clearly, we have a systemic problem.

This conference gathers researchers, password crackers, and
enthusiastic experts from around the globe, aiming to better
understand the challenges surrounding the methods personal
authentication and passwords, and how to adequately solve these
problems. The Passwords conference series seek to provide a
friendly environment for participants with plenty opportunity to
communicate with the speakers before, during, and after their
presentations.

* SCOPE *

We seek original contributions that present attacks, analyses,
designs, applications, protocols, systems, practical experiences,
and theory. Submitted papers may include, but are not limited to,
the following topics, all related to passwords and
authentication:

– Technical challenges and issues:
– Cryptanalytic attacks
– Formal attack models
– Cryptographic protocols
– Dictionary attacks
– Digital forensics
– Online attacks/Rate-limiting
– Side-channel attacks
– Administrative challenges:
– Account lifecycle management
– User identification
– Password resets
– Cross-domain and multi-enterprise system access
– Hardware token administration
– Password “replacements”:
– 2FA and multifactor authentication
– Risk-based authentication
– Password managers
– Costs and economy
– Biometrics
– Continous authentication
– FIDO – U2F
– Deployed systems:
– Best practice reports
– Incident reports/Lessons learned
– Human factors:
– Usability
– Design & UX
– Social Engineering
– Memorability
– Accessibility
– Pattern predictability
– Gestures and graphical patterns
– Psychology
– Statistics (languages, age, demographics…)
– Ethics

* INSTRUCTIONS FOR AUTHORS *

Papers must be submitted as PDF using the Springer LNCS format
for Latex. Abstract and title must be submitted one week ahead of
the paper deadline.

We seek submissions for review in the following three categories:

– Research Papers
– Short Papers
– “Hacker Talks” (talks without academic papers attached)

RESEARCH PAPERS should describe novel, previously unpublished
technical contributions within the scope of the call. The papers
will be subjected to double-blind peer review by the program
committee. Paper length is limited to 16 pages (LNCS format)
excluding references and well-marked appendices. The paper
submitted for review must be anonymous, hence author names,
affiliations, acknowledgements, or obvious references must be
temporarily edited out for the review process. The program
committee may reject non-anonymized papers without reading
them. The submitted paper (in PDF format) must follow the
template described by Springer at
http://www.springer.de/comp/lncs/authors.html.

SHORT PAPERS will also be subject to peer review, where the
emphasis will be put on work in progress, hacker achievements,
industrial experiences, and incidents explained, aiming at
novelty and promising directions. Short paper submissions should
not be more than 6 pages in standard LNCS format in total. A
short paper must be labeled by the subtitle “Short
Paper”. Accepted short paper submissions may be included in the
conference proceedings. Short papers do not need to be
anonymous. The program committee may accept full research papers
as short papers.

HACKER TALKS are presentations without an academic paper
attached. They will typically explain new methods, techniques,
tools, systems, or services within the Passwords scope. Proposals
for Hacker Talks can be submitted by anybody (“hackers”,
academics, students, enthusiasts, etc.) in any format, but
typically will include a brief (2-3 paragraphs) description of
the talk’s content and the person presenting. They will be
evaluated by a separate subcommittee led by Per Thorsheim,
according to different criteria than those used for the refereed
papers.

At least one of the authors of each accepted paper must register
and present the paper at the workshop. Papers without a full
registration will be withdrawn from the proceedings and from the
workshop programme.

Papers that pass the peer review process and that are presented
at the workshop will be included in the event proceedings,
published by Springer in the Lecture Notes in Computer
Science (LNCS) series.

Papers must be unpublished and not being considered elsewhere for
publication. Plagiarism and self-plagiarism will be treated as a
serious offense.  Program committee members may submit papers but
program chairs may not.  The time frame for each presentation
will be either 30 or 45 minutes, including Q&A. Publication will
be by streaming, video and web.

* ORGANIZERS *

– General chair: Per Thorsheim, God Praksis AS (N)
– Program co-chair and host: Markus Dürmuth, Ruhr-University Bochum (DE)
– Program co-chair: Frank Stajano, University of Cambridge (UK)

* PROGRAM COMMITTEE *

– Adam Aviv, United States Naval Academy (USA)
– Lujo Bauer, Carnegie Mellon University (USA)
– Jeremiah Blocki, Microsoft Research/Purdue University (USA)
– Joseph Bonneau, Stanford University (USA)
– Heather Crawford, Florida Institute of Technology (USA)
– Bruno Crispo, KU Leuven (B) and University of Trento (IT)
– Serge Egelman, ICSI and University of California at Berkeley (USA)
– David Freeman, LinkedIn (USA)
– Simson Garfinkel, NIST (USA)
– Tor Helleseth, University of Bergen (N)
– Cormac Herley, Microsoft Research (USA)
– Graeme Jenkinson, University of Cambridge (UK)
– Mike Just, Heriot-Watt University (UK)
– Stefan Lucks, Bauhaus-University Weimar (D)
– Paul van Oorschot, Carleton University (CA)
– Angela Sasse, University College London (UK)
– Elizabeth Stobert, ETH Zurich (CH)

* STEERING COMMITTEE *

– Per Thorsheim, God Praksis AS (N)
– Stig F. Mjolsnes, Norwegian University of Science and Technology (N)
– Frank Stajano, University of Cambridge (UK)

More and updated information can be found at the conference website
https://passwords2016.rub.de/

A dubious cyber security conference

I’ve written before about dubious “academic” journals… and today I’m going to discuss a dubious “academic” conference (which is associated with some dubious journals, but it’s the conference that’s my focus today).

Fordham University has been running the “International Conference on Cyber Security” since 2009 and ICCS 2016 (labelled “Sixth” because they skipped 2011 and 2014) will take place in New York in July. This conference has an extremely reputable program committee and is run by Fordham and the Federal Bureau of Investigation (I expect you’ve heard of them … they investigate cybercrime in the USA…).

There’s also another “International Conference on Cyber Security (ICCS 2016)” running this year as well … it will take place in Zurich in July and is run by WASET (the World Academy of Science, Engineering and Technology). The program committee for this one is somewhat less prestigious (I sorry to say that I have not heard of any of them … and to my mind the most reputable looking person is “Wei Yan of Trend Micro” … except he’s currently on his fourth job since he left Trend Micro in 2010, so that makes me wonder how many of the people on the list know that they’re mentioned ?

There’s other reasons for feeling this conference might be a little dubious, not least that this is apparently the “Eighteenth ICCS”. That might lead you to believe that there have been seventeen previous ICCS events … but I did a lot of searches and failed to find any of them !

My searches did turn up the “2nd International Conference on Cyber Security (ICCS) 2016” which will take place at the Rajasthan Technical University, India — this one looks pretty respectable, with PC members from India and the USA.

So if you fancy going to Cyber Security Conference in 2016 then you are spoilt for choice, but I would not myself recommend travelling to Zurich. A key reason is that you may find that the Dorint Airport-Hotel, where ICCS 2016 is to be held may turn out to be a little crowded… the same hotel is hosting no fewer than 160 other International conferences at exactly the same time: click here for the full list!

Alternatively, if you can’t make it this year, put a note in your diary. The “31st International Conference on Cyber Security (ICCS 2029)” is planned to take place in Zurich on July 21–22 2029… Wei Jan is on the PC for that one too … and the submission deadline is as soon as March 31, 2029, so best to get a move on with finishing that paper!

As a final note, invited papers from ICCS 2016 (the Zurich version) are to be published in a special issue of “Advances in Cyber Security”. Now you might cynically think that this was an open access journal from WASEC, but no they have no journal with that title (and in fact neither does anyone else)… but what do you know, “Advances in Cyber Security” is a fine looking book published in December 2012 by none other than Fordham University Press. Small world, isn’t it!

CFP: Learning from Authoritative Security Experiment Results (LASER 2016)

This year, I’m on the PC for LASER 2016: the Oakland-attached workshop on Learning from Authoritative Security Experiment Results. The LASER 2016 CFP is now online, with a focus on methodologies for computer security experimentation, new experimental approaches, unexpected results or failed experiments, and, more generally, consideration of how to standardise scientific approaches to security research. Please consider submitting a paper — especially if you are pushing the boundaries on how we conduct experiments in the field of computer-security research!

The deadline is 29 January 2016. A limited number of student scholarships will be available to attend.

Continue reading CFP: Learning from Authoritative Security Experiment Results (LASER 2016)

Double bill: Password Hashing Competition + KeyboardPrivacy

Two interesting items from Per Thorsheim, founder of the PasswordsCon conference that we’re hosting here in Cambridge this December (you still have one month to submit papers, BTW).

First, the Password Hashing Competition “have selected Argon2 as a basis for the final PHC winner”, which will be “finalized by end of Q3 2015”. This is about selecting a new password hashing scheme to improve on the state of the art and make brute force password cracking harder. Hopefully we’ll have some good presentations about this topic at the conference.

Second, and unrelated: Per Thorsheim and Paul Moore have launched a privacy-protecting Chrome plugin called Keyboard Privacy to guard your anonymity against websites that look at keystroke dynamics to identify users. So, you might go through Tor, but the site recognizes you by your typing pattern and builds a typing profile that “can be used to identify you at other sites you’re using, were identifiable information is available about you”. Their plugin intercepts your keystrokes, batches them up and delivers them to the website at a constant pace, interfering with the site’s ability to build a profile that identifies you.

Passwords 2015 call for papers

The  9th International Conference on Passwords will be held at Cambridge, UK on 7-9 December 2015.

Launched in 2010 by Per Thorsheim,  Passwordscon is a lively and entertaining conference series dedicated solely to passwords. Passwordscon’s unique mix of refereed papers and hacker talks encourages a kind of cross-fertilization that I’m sure you’ll find both entertaining and fruitful.

Paper submissions are due by 7 September 2015. Selected papers will be included in the event proceedings, published by Springer in the Lecture Notes in Computer Science (LNCS) series.

We hope to see lots of you there!

Graeme Jenkinson, Local arrangements chair

Decepticon: International Conference on Deceptive Behavior

Call for papers

We are proud to present DECEPTICON 2015 – International Conference on Deceptive Behavior, to be held 24-26 August 2015 at the University of Cambridge, UK. Decepticon brings together researchers, practitioners, and like-minded individuals with a taste for interdisciplinary science in the detection and prevention of deception.

We are organising two panel sessions; one on Future Directions in Lie Detection Research with Aldert Vrij, Par-Anders Granhag, Steven Porter and Timothy Levine, and one on Technology Assisted Lie Detection with Jeff Hancock, Judee Burgoon, Bruno Verschuere and Giorgio Ganis. We broadly and warmly welcome people with varying scientific backgrounds. To cover the diversity of approaches to deception research, our scientific committee members are experts in fields from psychology to computer science, and from philosophy to behavioral economics. For example, scientific committee members from the University of Cambridge are Ross Anderson, Nicholas Humphrey, Peter Robinson and Sophie Van Der Zee.

We strongly encourage practitioners, academics and students alike to submit abstracts that touch on the topic of deception. The extended deadline for abstract submissions (max. 300 words) for an oral, panel or poster presentation is 8 APRIL 2015. Interested in attending, but don’t feel like presenting? You can register for the conference here.

Please visit our webpage for more information. We are happy to answer any questions!

We hope to see you in Cambridge,

DECEPTICON TEAM

 

WEIS 2015 call for papers

The 2015 Workshop on the Economics of Information Security will be held at Delft, the Netherlands, on 22-23 June 2015. Paper submissions are due by 27 February 2015. Selected papers will be invited for publication in a special issue of the Journal of Cybersecurity, a new, interdisciplinary, open-source journal published by Oxford University Press.

We hope to see lots of you in Delft!