Category Archives: News Feed - Page 2



The 11th International Conference on Availability, Reliability and Security (ARES 2016)
August 31 – September 2, 2016, Salzburg, Austria

The 11th International Conference on Availability, Reliability and Security (“ARES”) will bring together researchers and practitioners in the area of dependability. ARES will highlight the various aspects of security – with special focus on the crucial linkage between availability, reliability and security.
ARES aims at a full and detailed discussion of the research issues of security as an integrative concept that covers amongst others availability, safety, confidentiality, integrity, maintainability and security in the different fields of applications.
ARES will emphasize the interplay between foundations and practical issues of security in emerging areas such as e-government, m-government, location-based applications, ubiquitous computing, autonomous computing, chances of grid computing etc. ARES is devoted to the critical examination and research challenges of the various aspects of Secure and Dependable Computing and the definition of a future road map.
Selected papers that are accepted by and presented at the ARES Conference will be published, after further revision, in special issues of international journals. The acceptance rate of the ARES 2015 conference was 29% (full papers only). The ARES conferences have been published by Conference Publishing Services (CPS).

General Chair
Dominik Engel, Salzburg University of Applied Sciences, Austria

Program Committee Chairs
Stephen B. Wicker, Cornell University, USA
Dominik Engel, Salzburg University of Applied Sciences, Austria

Submission Deadline: March 13, 2016
Author Notification: May 30, 2016
Proceedings Version: June 20, 2016
Conference: August 31 – September 2, 2016

The proceedings of ARES (including workshops) have been published by Conference Publishing Services (CPS) of IEEE. Authors of selected papers that are accepted by and presented at the ARES Conference (including workshops) will be invited to submit an extended version to special issues of international journals.
Authors are invited to submit research and application papers according the following guidelines: two columns, single-spaced, including figures and references, using 10 pt fonts and number each page.
For the main conference as well as the workshops submission papers are classified into 3 categorizes representing original, previously unpublished work:

full paper (10 pages)
short paper (6 pages)
workshop paper (8 pages, a maximum of 10 pages is tolerated)

Submitted papers will be carefully evaluated based on originality, significance, technical soundness, presentation and clarity of exposition.
Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. ARES, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them.
Double blind review: ARES requires anonymized submissions – please make sure that submitted papers contain no author names or obvious self-references.
The ARES submission system (EasyChair) is available here:

Isaac Agudo, University of Malaga, Spain
Esma Aimeur, University of Montreal, Canada
Philipp Amann, Europol, EC3, Netherlands
Todd R. Andel, University of South Alabama, US
Amin Anjomshoaa, Massachusetts Institute of Technology (MIT), US
Francesco Buccafurri, University of Reggio Calabria, Italy
Luanne Burns Goldrich, The Johns Hopkins University Applied Physics Laboratory, US
Mario Cagalj, University of Split, Croatia
Jordi Castellà-Roca,Rovira i Virgili University of Tarragona, Spain
Lorenzo Cavallaro, Royal Holloway, University of London, UK
David Chadwick, University of Kent, UK
Soon Ae Chun, City University of New York, US
Nathan Clarke, Plymouth University, UK
Marijke Coetzee, University of Johannesburg, South Africa
Mark Dillon, International Criminal Court, NL
Adam Doupé, Arizona State University, US
Pavlos Efraimidis, Democritus University of Thrace, Greece
Christian Engelmann, Oak Ridge National Laboratory, US
Luis Enrique Sánchez Crespo, University of Castilla-la Mancha, Spain
Zekeriya Erkin, TU Delft, Netherlands
Aristide Fattori, Università degli Studi di Milano, Italy
Christophe Feltus, Luxembourg Institute of Science and Technology, Luxembourg
José Maria de Fuentes, Carlos III University of Madrid, Spain
Steven Furnell, Plymouth University, UK
Nico Golde, Qualcomm Research Germany, Germany
Bogdan Groza, Politehnica University of Timisoara, Romania
Dominik Herrmann, University Hamburg, Germany
Martin Gilje Jaatun, SINTEF, Norway
Hai Jin, Huazhong University of Science and Technology, China
Jan Jürjens, TU Dortmund and Fraunhofer ISST, Germany
Sokratis K. Katsikas, University of Piraeus, Greece
Peter Kieseberg, SBA Research, Austria
Ezzat Kirmani, St. Cloud State University, US
Thomas Korak, TU Graz, Austria
Thorsten Kramp, IBM Research Zurich, Switzerland
Ralf Kuesters, University of Trier, Germany
Costas Lambrinoudakis, University of Piraeus, Greece
Shujun Li University of Surrey, UK
Giovanni Livraga, Universita‘ degli Studi di Milano, Italy
Javier Lopez, University of Malaga, Spain
Konstantinos Markantonakis, Royal Holloway, University of London, UK
Keith Martin, Royal Holloway, University of London, UK
Ioannis Mavridis, University of Macedonia, Greece
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Jeffrey McDonald, University of South Alabama, US
Mattia Monga, Universita` degli Studi di Milano, Italy
Haralambos Mouratidis, University of Brighton, UK
Thomas Moyer, MIT Lincoln Laboratory, US
Alexios Mylonas, Staffordshire University, UK
Thomas Nowey, Krones AG, Germany
Christoforos Ntantogian, University of Piraeus, Greece
Rolf Oppliger, eSECURITY Technologies, Switzerland
Jaehong Park, University of Alabama in Huntsville, US
Günther Pernul, University of Regensburg, Germany
Andreas Peter, University of Twente, Netherlands
Stefanie Rinderle-Ma, Vienna University, Austria
Stefanie Roos, TU Dresden, Germany
Domenico Rosaci, University „Mediterranea“ of Reggio Calabria, Italy
Volker Roth, Freie Universität Berlin, Germany
Giovanni Russello, University of Auckland, New Zealand
Mark Scanlon, University College Dublin, Ireland
Sebastian Schinzel, FH Münster, Germany
Jörn-Marc Schmidt, secunet, Germany
Max Schuchard, University of Minnesota, US
Stefan Schulte Vienna University of Technology, Austria
Dimitris Simos, SBA Research, Austria
Jon A. Solworth, University of Illinois at Chicago, US
Mark Strembeck, WU Vienna, Austria
Jakub Szefer, Yale School of Engineering & Applied Science, US
Oliver Theel, Carl von Ossietzky Universität Oldenburg, Germany
Simon Tjoa, St. Pölten University of Applied Sciences, Austria
Andreas Unterweger, Salzburg University of Applied Sciences, Austria
Umberto Villano, Universita‘ del Sannio, Italy
Artemios Voyiatzis, SBA Research, Austria
Xiao Wang, Carnegie Mellon University, US
Jinpeng Wei, Florida International University, US
Christos Xenakis, University of Piraeus, Greece
Fabian Yamaguchi, Göttingen University, Germany
Alec Yasinsac, University of South Alabama, US
Nicola Zannone, Eindhoven University of Technology, Netherlands

TOPCIS of interest include, but are not limited to:
Authorization and Authentication
Availability and Reliability
Business Continuity & Resilience
Cost/Benefit Analysis
Dependability Aspects for Special Applications (e.g. ERP-Systems, Logistics)
Dependability Aspects of Electronic Government (e-Government)
Dependability Administration
Dependability in Open Source Software
Designing Security Requirements
Digital Forensics
E-Commerce Dependability
Failure Prevention
Identity Management
IPR of Security Technology
Incident Response and Prevention
Information Flow Control
Information Hiding
Internet Dependability
Interoperability Aspects
Intrusion Detection and Fraud Detection
Legal Issues
Mobile Security
Network and Organizational Vulnerability Analysis
Network Security Privacy-Enhancing Technologies
Process based Security Models and Methods
RFID Security and Privacy
Risk planning, Analysis & Awareness
Safety Critical Systems
Secure Enterprise Architectures
Security Issues for Ubiquitous Systems
Security and Privacy in E-Health
Security and Trust Management in P2P and Grid applications
Security and Privacy for Sensor Networks, Wireless/Mobile Devices and Applications
Security and Usability
Security as Quality of Service
Security in Distributed Systems / Distributed Databases
Security in Electronic Payments
Security in Electronic Voting
Software Engineering of Dependable Systems
Software Security
Standards, Guidelines and Certification
Survivability of Computing Systems
Temporal Aspects of Dependability
Threats and Attack Modelling
Trusted Computing
Tools for Dependable System Design and Evaluation
Trust Models and Trust Management
VOIP, Wireless Security

XcodeGhost threat still remains

XcodeGhost is a malware on Apple’s iOS appeared in September 2015. Chinese cybercriminals exploited the fact that official Xcode developer’s kit, almost 3 GB, take long time to be downloaded by Apple’s servers. They offered an easier and faster way to download the Xcode package from cloud file sharing service Baidu. However the offered version proved to be the malicious XcodeGhost as the Chinese cybercriminals planted malware in the original Xcode package. The malware didn’t show off in the developer’s computer but it indirectly infected all the applications compiled with the XcodeGhost compiler. Consequently it made it to the App store and it was detected in more than 300 apps. Infected applications sent information to the XcodeGhost command and control servers (CnC) through http protocol. Additionally according to paloalto security company ([1], [2]) XcodeGhost could be used for phishing passwords by prompt deceptive alert dialog with built-in remote control functionalities. Apple responded quickly to this threat and on 22th of September announced [3] that the infected apps were removed from the App Store. Also pointed out that Xcode should be directly downloaded from Apple and that in other case the package should be assessed for its validity with the «spctl –assess –verbose /Applications/» terminal command on a Gatekeeper enabled system.

However the XcodeGhost threat seems persistent. Quite some time after the disclosure of the threat, some users are sticked to the old infected versions of the apps and the iOS. Additionally, having developers, who had the malicious XcodeGhost version, refresh and validate their Xcode installation is not enough. Most of the developers use third-party components in their programs which can be considered a risk as they cannot be sure if the third-party libraries or sub-programs are infected or not.
Moreover the Fireeye security company [4] monitored customers’ networks and came in some interesting deductions: XcodeGhost has entered into U.S. enterprises and a variant of XcodeGhost is around. In only a month time, 210 enterprises were found to be infected that generated 28.000 attempts to connect to XcodeGhost CnC. Enterprises’ efforts to block the XcodeGhost DNS query inside their networks in order to prevent communication between iPhones and CnCs is not effective when their users are outside their domain.

Besides FireEye identified a new version of malware called XcodeGhost S. XcodeGhost S intends to infect iOS 9 applications and allow them to bypass Apple’s detection. Specifically Apple in a new approach introduced in iOS 9 has made obligatory the use of secure connections through https. This breaks the communications of XcodeGhost infected apps with its CnCs servers that use http. To circulate this problem cybercriminals used an Apple’s feature that allows developers to add exceptions in app’s configuration files (info.plist) to allow http connections. Moreover new XcodeGhost malware concatenates character by character the strings to bypass a simple detection scheme.

Unfortunately there is no feature provided by Apple that automatically inspects iOS devices for XcodeGhost malware. Though SANS researchers [6] suggested that end users should check applications’ logs for suspicious http traffic to «» and the IP addresses,,,,

[1] XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps – paloalto networks
[2] More Details on the XcodeGhost Malware and Affected iOS Apps – paloalto networks
[3] – FireEye
[4] – Apple Developer
[6] – SANS ISC InfoSec Forums

Last CFP CLOSER 2016 – Int’l Conf. on Cloud Computing and Services Science (Rome/Italy)

The 6th International Conference on Cloud Computing and Services Science (CLOSER 2016 – steering committee cordially invites you to submit a paper to the CLOSER 2016 Conference, to be held in Rome, Italy. The deadline for paper submission is scheduled for October 27, 2015.

CLOSER 2016 will be held in Rome, Italy, April 23 – 25, 2016.

The conference will be sponsored by the Institute for Systems and Technologies of Information, Control and Communication (INSTICC) and held in cooperation with the ACM Special Interest Group on Management Information Systems (ACM SIGMIS). The conference is also technically co-sponsored by the IEEE CS CC STC and IEEE STC Cloud Computing. INSTICC is Member of the Workflow Management Coalition (WfMC) and Object Management Group (OMG).

We would like to highlight the presence of the following keynote speakers:
– Pierangela Samarati, Università degli Studi di Milano, Italy
– Frank Leymann, University of Stuttgart, Germany
– Peter Sloot, University of Amsterdam, Netherlands; Complexity Institute Singapore, Singapore; ITMO St. Petersburg, Russian Federation
– Verena Kantere, University of Geneva, Switzerland

Submitted papers will be subject to a double-blind review process. All accepted papers will be published in the conference proceedings, under an ISBN reference, on paper and on CD-ROM support.
The proceedings will be submitted for indexation by Thomson Reuters Conference Proceedings Citation Index (ISI), INSPEC, DBLP, EI (Elsevier Index) and Scopus.
All papers presented at the conference venue will be available at the SCITEPRESS Digital Library ( SCITEPRESS is a member of CrossRef (

Best paper awards will be distributed during the conference closing session. Please check the website for further information (

Workshops, Special sessions, Tutorials as well as Demonstrations dedicated to other technical/scientific topics are also envisaged: companies interested in presenting their products/methodologies or researchers interested in holding a tutorial are invited to contact the conference secretariat. Workshop chairs and Special Session chairs will benefit from logistics support and other types of support, including secretariat and financial support, to facilitate the development of a valid idea.

CLOSER 2016 will be held in conjunction with CSEDU (8th International Conference on Computer Supported Education –, SMARTGREENS (5th International Conference on Smart Cities and Green ICT Systems –, WEBIST (12th International Conference on Web Information Systems and Technologies –, VEHITS (2nd International Conference on Vehicle Technology and Intelligent Transport Systems –, IoTBD (International Conference on Internet of Things and Big Data) and COMPLEXIS (International Conference on Complex Information Systems- in Rome, Italy. Registration to CLOSER will enable free attendance to any sessions of CSEDU, SMARTGREENS, WEBIST, VEHITS, IoTBD, COMPLEXIS conferences  as a non-speaker.

Please check further details at the CLOSER conference website (

Second call for papers for the 15th European Conference on Cyber Warfare and Security ECCWS-2016

This is the Second call for papers for the 15th European Conference on Cyber Warfare and Security ECCWS-2016, being hosted by Bundeswehr University, Munich, Germany on the 7-8 July 2016.

This call will close on the 3rd of December 2015.

The 15th European Conference on Cyber Warfare and Security (ECCWS) is an opportunity for academics, practitioners and consultants from Europe and elsewhere who are involved in the study, management, development and implementation of systems and concepts to combat cyber warfare or to improve information systems security to come together and exchange ideas. There are several strong strands of research and interest that are developing in the area including the understanding of threats and risks to information systems, the development of a strong security culture, as well as incident detection and post incident investigation. This conference is continuing to establish itself as a key event for individuals working in the field from around the world.

For more information please go to:

3rd International Conference on Cloud Security and Management ICCSM-2015

Preparations for the 3rd International Conference on Cloud Security and Management ICCSM-2015 are now well underway.

 You can see the latest programme at:

Please note that the timetable is subject to change and will be updated as necessary until  mid October 2015.

There are a number of registration options available, details of which can be found at:

Follow the conference on LinkedIn   Facebook and Twitter

Securing Email Communications from Facebook

To enhance the privacy of  email content, Facebook is gradually rolling out an experimental new feature that enables people to add OpenPGP public keys to their profile; these keys can be used to “end-to-end” encrypt notification emails sent from Facebook to email accounts. People may also choose to share OpenPGP keys from their profile, with or without enabling encrypted notifications.

Users will be able to update their own public key, using a desktop browser, at:


Where encrypted notifications are enabled, Facebook will sign outbound messages using their own key to provide greater assurance that the contents of inbound emails are genuine. The Facebook key can be checked at keyservers such as SKS and MIT.

More info:

(Greek) Πρόσκληση Συμμετοχής στο ICT Security World – Τετάρτη 4 Μαρτίου 2015

Sorry, this entry is only available in Greek.

Regin, new computer spying bug

Symantec says it has discovered one of the most sophisticated pieces of malicious software ever seen.

Symantec says the bug, named Regin, was probably created by a government and has been used for six years against a range of targets around the world.

Researchers say the sophistication of the software indicates that it is a cyber-espionage tool developed by a nation state.

Symantec has drawn parallels with Stuxnet, a computer worm thought to have been developed by the US and Israel to target Iran’s nuclear program.

Read more here

Beta Version of Access Control Policy Tool (ACPT)

Ανακοινώθηκε η νέα έκδοση του εργαλείου ACPT του οργανισμού NIST, η οποία ενσωματώνει, μεταξύ άλλων, το αποτέλεσμα της μέχρι στιγμής συνεργασίας με την ερευνητική ομάδα InfoSec του Πανεπιστημίου Μακεδονίας.

H νέα έκδοση βρίσκεται σε στάδιο Beta και περιλαμβάνει ένα συνοπτικό οδηγό χρήσης, παραδείγματα και κώδικα Java. Για περισσότερες πληροοφορίες δείτε εδώ. Μπορείτε να αποκτήσετε την τελευταία έκδοση του εργαλείου  ACPT απο εδώ, καθώς και τον πηγαίο κώδικα από εδώ. Για για να αποκτήσετε το συνθηματικό του συμπιεσμένου αρχείου επικοινωνήστε με: Vincent Hu,

Το εργαλείο ACPT ενσωματώνει μοντέλα πολιτικών ελέγχου πρόσβασης, όπως RBAC, RBAC, MLS, Work-Flow. Μπορείτε να ενημερωθείτε σχετικά απο την παρουσίαση, καθώς και απο τον σχετικό ιστότοπο

Gradually sunsetting SHA-1

SHA-1’s use on the Internet has been deprecated since 2011, when the CA/Browser Forum, an industry group of leading web browsers and certificate authorities (CAs) working together to establish basic security requirements for SSL certificates, published their Baseline Requirements for SSL. These Requirements recommended that all CAs transition away from SHA-1 as soon as possible, and followed similar events in other industries and sectors, such as NIST deprecating SHA-1 for government use in 2010.

That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface.

More info here