SECURWARE 2012, The Sixth International Conference on Emerging Security Information Systems and Technologies, is an event covering related topics on theory and practice on security, cryptography, secure protocols, trust, privacy, confidentiality, vulnerability, intrusion detection and other areas related to low enforcement, security data mining, malware models, etc.

Security, defined for ensuring protected communication among terminals and user applications across public and private networks, is the core for guaranteeing confidentiality, privacy, and data protection. Security affects business and individuals, raises the business risk, and requires a corporate and individual culture. In the open business space offered by Internet, it is a need to improve defences against hackers, disgruntled employees, and commercial rivals. There is a required balance between the effort and resources spent on security versus security achievements. Some vulnerability can be addressed using the rule of 80:20, meaning 80% of the vulnerabilities can be addressed for 20% of the costs. Other technical aspects are related to the communication speed versus complex and time consuming cryptography/security mechanisms and protocols.

Digital Ecosystem is defined as an open decentralized information infrastructure where different networked agents, such as enterprises (especially SMEs), intermediate actors, public bodies and end users, cooperate and compete enabling the creation of new complex structures. In digital ecosystems, the actors, their products and services can be seen as different organisms and species that are able to evolve and adapt dynamically to changing market conditions.

Digital Ecosystems lie at the intersection between different disciplines and fields: industry, business, social sciences, biology, and cutting edge ICT and its application driven research. They are supported by several underlying technologies such as semantic web and ontology-based knowledge sharing, self-organizing intelligent agents, peer-to-peer overlay networks, web services-based information platforms, and recommender systems.

To enable safe digital ecosystem functioning, security and trust mechanisms become essential components across all the technological layers. The aim is to bring together multidisciplinary research that ranges from technical aspects to socio-economic models.

As a multi-track event, SECURWARE 2012 will serve as a forum for researchers from the academia and the industry, professionals, standard developers, policy makers and practitioners to exchange ideas. The topics could be on techniques and applications, best practices, awareness and experiences as well as future trends and needs (both in research and practices) related to all aspects of information security, security systems and technologies.

SECURWARE 2012 has the following tracks:

ARCH: Security frameworks, architectures and protocols
METRICS: Security, trust and privacy measurement
SECMAN: Security management
SECTECH: Security technologies
SYSSEC: System security
INFOSEC: Information security
RISK: Risk and security
MALWA: Malware and Anti-malware
ANTIFO: Anti-forensics
PRODAM: Profiling data mining
SECHOME: Smart home security
SECDYN: Security and privacy in dynamic environments
ECOSEC: Ecosystem security and trust
CRYPTO: Cryptography
CYBER-Threat

We solicit both academic, research, and industrial contributions. We welcome technical papers presenting research and practical results, position papers addressing the pros and cons of specific proposals, such as those being discussed in the standard fora or in industry consortia, survey papers addressing the key problems and solutions on any of the above topics short papers on work in progress, and panel proposals.

Industrial presentations are not subject to the format and content constraints of regular submissions. We expect short and long presentations that express industrial position and status.

Tutorials on specific related topics and panels on challenging areas are encouraged.

The topics suggested by the conference can be discussed in term of concepts, state of the art, research, standards, implementations, running experiments, applications, and industrial case studies. Authors are invited to submit complete unpublished papers, which are not under review in any other conference or journal in the following, but not limited to, topic areas.

All topics and submission formats are open to both research and industry contributions.

ARCH: Security frameworks, architectures and protocols

Formal aspects of security
Security analysis methodologies
Security verification
Security protocols
Security architectures and formalisms
Security and design vulnerability
Security and privacy protection
Performance and security
Secure group communication/multicast
Software design security
Middleware security
Security for nomadic code
Intrusion detection systems
Static analysis for software security
Security modeling

METRICS: Security, trust and privacy measurement

Security, trust and privacy metrics;
Security assurance metrics
Security measurement architectures
Metrics for adaptive security systems
Taxonomical and ontological support of security metrics
Experiments and benchmarks for security measurements
Embedding security measurability in software and service architectures
Risk-driven assessment of security
Assessment of effectiveness, efficiency and correctness of security
Mapping security metrics and security assurance metrics
Mapping security measurements and non-functional requirements

SECMAN: Security management

Identity management
Security law enforcement
PKI
PKI Key management
Incident response planning
Intrusion detection and event correlation
Firewalls
Trust management
Software security assurance

SECTECH: Security technologies

Secure protocols
Applied cryptography
Smart cards
Biometrics
Digital rights management
Electronic surveillance
Database security

SYSSEC: System security

Internet security
Security in wireless
Sensor/cellular network security
Ad hoc network security
Security in peer-to-peer networks
Security in wireless multimedia systems
Security in different networks (mesh, personal, local, metropolitan, GSM, Bluetooth, WiMax, IEEE 802.x, etc.)
Security of emergency services

INFOSEC: Information security

Information hiding
Anonymity
Authentication
Data Integrity
Security data mining
Data confidentiality and integrity
Information flow protection
Trustworthy networks: authentication, privacy and security models
Secure service discovery
Secure location-based service
Information survivability

RISK: Risk and security

Operational risk (opRisk)
OpRisk and field studies
Reputation risk
Risk and security-awareness
Business continuity and disaster recovery
Privacy-awareness
Security and trust

MALWA: Malware and Anti-malware

Threat taxonomies and modeling
Security threats
Threats propagation
Anti-malware technologies
Engineering anti-malware
Anti-virus, anti-spyware, anti-phishing
Malware propagation models
Profiling security information
Vulnerability analysis and countermeasures
Denial of service attacks
Measurements and metrics
Testing samples and techniques
Quarantine/reuse decisions
Anti-malware tool performance
Anti-malware tool suites
Open-source anti-malware
Host-based anti-malware
On-line anti-malware scanning

Messaging, viruses, spyware

Advanced misuse detection techniques /machine learning, natural language processing, challenge-response, etc./
Message filtering, blocking, authentication
Digital signatures
Generalized spamming /over email, Internet telephony, instant messaging, mobile phone, phishing, etc. /
Spam compression and recognition
Learning misuse patterns
Payment schemes
Economics of generalized spam
Tracking abuse tactics and patterns
Protecting legitimate use patterns
Methods for testing protection robustness
Costs and benefits of messaging use and misuse
Standards for messaging and misuse reporting
Legal aspects /identity theft, privacy, freedom of speech, etc./

ANTIFO: Anti-forensics

Advanced anti-forensics mechanisms
Smart anti-forensics
e-discovery industry and anti-forensics
Overwriting data and metadata
Data hiding approaches
Detecting forensics analysis
Anti-forensics tools
Unix-, Windows-, and Linux anti-forensics techniques
Open source anti-forensics tools
Network anti-forensics tools

PRODAM: Profiling data mining

User and traffic profiling
Data mining and visualization
Profile mining and knowledge discovery
Mining lifecycle for profile collections
Profile warehouse construction
Profile portfolio and profile discovery
Profiling game users and game traffic
Profiling transactions
Simpson'd paradox
Real-time profiling mechanisms
Patterns for information profiling
Profiling engines
Profiling metrics
Forensics
Profiling applications (banks, on-line shopping, etc.)
Data mining-based user profile prediction

SECHOME: Smart home security

Fundamentals for SHS
Privacy and protection for SHS
Identify and location management in SHS
Authentication and authorization in SHS
Access control and security policies in SHS
Trust and reputation management
Security context-based interfaces for SHS
SHS for accessibility and elderly/disabled people
Real-time challenges for SHS in eHealth environments
Architectures and systems for SHS
Network technologies and protocols for SHS
Ubiquitous/pervasive platform and middleware for SHS
Services and applications for SHS
SHS on campuses and hotels
SHS for mission critical laboratories
Content protection and digital rights management for SHS
Intelligent devices, sensor network/RFID for SHS
Intrusion detection and computer forensics for SHS
SHS and Homeland security
Personal data privacy and protection in SHS
Emerging standards and technologies for SHS
Commercial and industrial for SHS
Case studies, prototypes and experience

SECDYN: Security and privacy in dynamic environments

Fundamentals on highly dynamic environments
Privacy and predefined access control dilemma
Privacy police, provisions and obligations
Dependability in dynamic environments
Protection of digital documents in dynamic environments,
On-line activities in high dynamic systems
Law enforcement in high dynamic systems
Personalization
Privacy and transparency
Distributed usage control
Privacy compliance
Secure ambient intelligence
Secure embedded microprocessor architectures
Secure compilation techniques

ECOSEC: Ecosystem security and trust

Secure and trusted service compositions in peer-to-peer networks
Secure data management in collaborative peer-to-peer networks
Security and reputation models for self-adaptive overlay networks
Identity and trust management in dynamic, self-organizing environments
Social institutional-based trust models for self-evolving communities

CRYPTO: Cryptography

Foundations of cryptography
Applied cryptography
Cryptanalysis
Signatures schemes and trust models
Cryptographic algorithms
Electronic payment systems
High-performance encryption methods
Group-oriented cryptography
Identity-based cryptography
Anonymous authentication
Cryptography for multi-user environments
Cryptography and secure localization systems
Attacks on cryptosystems

CYBER-Threat

e-Crime
Epidemiological models for warware and cyber-crime propagation
Record and retrieval of cyber-crimes
Cyber-crime prevention
Cyber-crime vulnerabilities
Cyber-counterattack at source
Distributed cyber-attacks
Orchestrated cyber-attacks
Recursion attacks
Cyber-storm attacks
Cyber-pranks, hoaxes
Phishing/Pharming and anti-phishing
Cyber-terrorism
Online cyber-crime reporting
Accuracy and security of cyber-reports
Fighting cyber-crimes
Cyber-crime laws