IEEE Security & Privacy CFP

[Sharif Torpis <faust () grift com>]

http://www.computer.org/security/cfp.htm

Attacking Systems (July/August 2004)

Submissions due 4 April 2004

Guest editors: Ivn Arce and Gary McGraw
ivan.arce-AT-coresecurity.com, gem-AT-cigital.com

Some security practitioners believe that the only way to know how to
protect a system against attack is to know how attacks really work. Such
people advocate teaching about attacks when building security expertise,
carrying out attacks as part of testing, and thinking and writing
creatively about attacks. Others feel that discussing, publishing, and
teaching attacks is irresponsible. Where do you stand?

This special issue is devoted to the idea of attacking systems in order to
better understand how to defend them. We're looking for a set of papers
exploring the following ideas:

    * exploiting software
    * attack categories: bugs and flaws
    * worms, viruses, and malicious code as an attack vector
    * attacking modern extensible systems: Java and .NET
    * rootkits, injection vectors, and networked machines
    * the politics of breaking systems
    * teaching students to break systems (pros and cons)
    * ethical hacking, red teaming, and penetration testing
    * attack modeling

---
"note that i hold the single-author record for total CERT advisories,
proving that in my copious youth i knew how to sling code but not how to
manage risk." - paul vixie, 26 feb 2002