It will be fascinating to see what effects the Snowden revelations will have on the community’s thinking about security standards and regulation, the incentives for information sharing and cooperation, and the economics of privacy, to mention only three of the workshop’s usual topics. Now that we’ve had six months to think things through, how do you think the security game has changed, and why? Do we need minor changes to our models, or major ones? Are we in the same policy world, or a quite different one? WEIS could be particularly interesting next year. Get writing!
The 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI ’13) seeks to bring together researchers and practitioners from technology, law, and policy who are working on means to study, detect, or circumvent practices that inhibit free and open communications on the Internet. We invite two distinct tracks for papers: a technical track for technically-focused position papers or works-in-progress; and a social science track for papers focused on policy, law, regulation, economics or related fields of study.
FOCI will favor interesting and new ideas and early results that lead to well-founded position papers. We envision that work presented at FOCI will ultimately be published at relevant, high-quality conferences. Papers will be selected primarily based on originality, with additional consideration given to their potential to generate discussion at the workshop. Papers in the technical track will also be evaluated based on technical merit. As with other USENIX events, papers accepted for FOCI ’13 will be made freely available on the USENIX website.
I am on the award committee for the 2013 PET Award and we are looking for nominations of papers which have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology.
The 2013 award will be presented at Privacy Enhancing Technologies Symposium (PETS) and carries a prize of $3,000 USD thanks to the generous support of Microsoft. The crystal prize itself is offered by the Office of the Information and Privacy Commissioner of Ontario, Canada.
Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with proceedings published in the period from 16 April 2011 until 31 March 2013.
To submit a nomination, please see the instructions on the award page.
This year, we presented two papers at RESoLVE 2012 relating to the structure of operating systems and hardware, one focused on CPU instruction set security features out of our CTSRD project, and another on efficient and reconfigurable communications in data centres out of our MRC2 project.
I’m pleased to announce the Call for Papers for RESoLVE 2013, a workshop (co-located with ASPLOS 2013) that brings together researchers in both the OS and language level virtual machine communities to exchange ideas and experiences, and to discuss how these separate layers can take advantage of each others’ services. This has a particular interest to the security community, who both want to build, and build on, security properties spanning hardware protection (e.g., VMs) and language-level protection.
Runtime Environments, Systems, Layering and Virtualized Environments
ASPLOS 2013 Workshop, Houston, Texas, USA
March 16, 2013
Today’s applications typically target high-level runtime systems and frameworks. At the same time, the operating systems on which they run are themselves increasingly being deployed on top of (hardware) virtual machines. These trends are enabling applications to be written, tested, and deployed more quickly, while simplifying tasks such as checkpointing, providing fault-tolerance, enabling data and computation migration, and making better, more power-efficient use of hardware infrastructure.
However, much current work on virtualization still focuses on running unmodified legacy systems and most higher-level runtime systems ignore the fact that they are deployed in virtual environments. The workshop on Runtime Environments, Systems, Layering, and Virtualized Environments (RESoLVE 2013) aims to brings together researchers in both the OS and language level virtual machine communities to exchange ideas and experiences and to discuss how these separate layers can take advantage of each others’ services.
I am co-editing a special edition of IEEE Internet Computing on Internet Censorship and Control. We are looking for short (up to 5,000 words) articles on the technical, social, and political mechanisms and impacts of Internet censorship and control. We’re soliciting both technical and social science articles, and especially encourage those that combine the two. Appropriate topics include
- explorations of how the Internet’s technical, social, and political structures impact its censorship and control;
- evaluations of how existing technologies and policies affect Internet censorship and control;
- proposals for new technologies and policies;
- discussions on how proposed technical, legal, or governance changes to the Internet will impact censorship and control;
- analysis of techniques, methodologies, and results of monitoring Internet censorship and control; and
- examinations of trade-offs between control and freedom, and how these sides can be balanced.
Please email the guest editors a brief description of the article you plan to submit by 15 August 2012. For further details, see the full CFP. Please distribute this CFP, and use this printable flyer if you wish.
I have the privilege of serving as co-chair of the program committee for the Anti-Phishing Working Group’s eCrime Researchers Summit, to be held October 23-24 in Las Croabas, Puerto Rico. This has long been one of my favorite conferences to participate in, because it is held in conjunction with the APWG general meeting. This ensures that participation in the conference is evenly split between academia and industry, which leads to in-depth discussions of the latest trends in online crime. It also provides a unique audience for academic researchers to discuss their work, which can foster future collaboration.
Some of my joint work with Richard Clayton appearing at this conference has been discussed on this blog, from measuring the effectiveness of website take-down in fighting phishing to uncovering the frequent lack of cooperation between security firms. As you will see from the call for papers, the conference seeks submissions on all aspects of online crime, not just phishing. Paper submissions are due August 3, so get to work so we can meet up in Puerto Rico this October!
Continue reading Call for Papers: eCrime Researchers Summit
Stu Wagner, Bob Laddaga, and I are pleased to announce the call for papers for a new Workshop on Adaptive Host and Network Security, to take place at the Sixth IEEE Conference on Self-Adaptive and Self-Organizing Systems in September 2012 in Lyon, France.
Over the past decade the threat of cyber attacks on critical commercial and government infrastructure has been growing at an alarming rate to a point where it is now considered to be a major threat in the world. Current approaches to cyber security involve building fast-growing multi-million line systems that attempt to detect and remove attacking software. Meanwhile, cyber exploits continue to multiply in number, but their size continues to be a couple of hundred lines of code. This disparity of effort means that the current defensive approaches to cyber security can at best fight a holding action. The workshop is intended to explore game-changing approaches to cyber security that focus on adaptation. There is a clear need to develop systems at both the host level and the network level to actively adapt to cyber attacks and to provide greater protection for networked computation at all levels. Topic of interest include:
- Protecting the host
- New OS models for secure hosts
- Combining proof, model checking and dynamic monitoring techniques for host security
- Meta-level control and monitoring of networks
- Use of feedback mechanisms in network operations
- Self-monitoring and self-explaining network systems
- Self-adaptive and autonomic networking
- Centralized versus distributed network control
- Measurement of network properties in support of self evaluation
- Programming language abstractions to support security
- Computational models of network security
- Self healing networks
- Learning in adaptive networks
- Dynamically reprogrammable switches
- The use of a Policy-based Network Management system to build self-adaptively secure networks
Nominations are invited for the 2012 PET Award by 31 March 2012.
The PET Award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology. It is awarded at the annual Privacy Enhancing Technologies Symposium (PETS).
The PET Award carries a prize of 3000 USD thanks to the generous support of Microsoft. The crystal prize itself is offered by the Office of the Information and Privacy Commissioner of Ontario, Canada.
Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with proceedings published in the period from 1 June 2010 until 31 March 2012.
For eligibility requirements, refer to the award rules.
Anyone can nominate a paper by sending an email message containing the following to firstname.lastname@example.org:
- Paper title
- Author(s) contact information
- Publication venue and full reference
- Link to an available online version of the paper
- A nomination statement of no more than 500 words.
All nominations must be submitted by 31 March 2012. The Award Committee will select one or two winners among the nominations received. Winners must be present at the 2012 PET Symposium in order to receive the Award. This requirement can be waived only at the discretion of the PET Advisory board.
More information about the PET award (including past winners) is see the award website.
Privacy and anonymity are increasingly important in the online world. Corporations, governments, and other organizations are realizing and exploiting their power to track users and their behavior. Approaches to protecting individuals, groups, but also companies and governments, from profiling and censorship include decentralization, encryption, distributed trust, and automated policy disclosure.
The 12th Privacy Enhancing Technologies Symposium addresses the design and realization of such privacy services for the Internet and other data systems and communication networks by bringing together anonymity and privacy experts from around the world to discuss recent advances and new perspectives.
The symposium seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of privacy technologies, as well as experimental studies of fielded systems. We encourage submissions with novel technical contributions from other communities such as law, business, and data protection authorities, that present their perspectives on technological issues.
Submissions are due 20 February 2012, 23:59 UTC. Further details can be found in the full Call for Papers.
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The 21st USENIX Security Symposium will be held August 8–10, 2012, in Bellevue, WA.
All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. Submissions are due on Thursday, 16 February 2012, 11:59 p.m. PST. The Symposium will span three days, with a technical program including refereed papers, invited talks, posters, panel discussions, and Birds-of-a-Feather sessions. Workshops will precede the symposium on August 6 and 7. Further details can be found in the full Call for Papers.
In common with other USENIX conferences, the proceedings of USENIX Security 2012 will be open access, and made available for free to everyone from the first day of the event.