This book constitutes the thoroughly refereed post-conference proceedings of the Third International Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2017, and the First International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017, held in Oslo, Norway, in September 2017, in conjunction with the 22nd European Symposium on Research in Computer Security, ESORICS 2017. The CyberICPS Workshop received 32 submissions from which 10 full and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.

This volume contains the papers presented at three workshops embedded in the 19th IFIP International Conference on Information Security (SEC2004), which was sponsored by the International Federation for Information Processing (IFIP) and held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The first workshop was organized by IFIP Working Group 11.1, which is itself dedicated to Information Security Management, i.e., not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems. The second workshop was organized by IFIP Working Group 11.8, dedicated to Information Security Education. This year, the workshop was aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security.The draft is based upon selected papers from individuals or groups (from academic, military and government organizations), and discussions at the workshop. This draft will be further refined and eventually published as an IFIP Report. Finally, the last workshop was organized by IFIP Working Group 11.4 on Network Security. The purpose of the workshop was to bring together privacy and anonymity experts from around the world to discuss recent advances and new perspectives on these topics that are increasingly important aspects in electronic services, especially in advanced distributed applications, such as m-commerce, agent-based systems, P2P, etc. The carefully selected papers gathered in this volume show the richness of the information security domain, as well as the liveliness of the working groups cooperating in the IFIP Technical Committee 11 on Security and Protection in Information Processing Systems. Information Security Management, Education and Privacy is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

Security is probably the most critical factor for the development of the "Information Society". E-government, e-commerce, e-healthcare and all other e-activities present challenging security requirements that cannot be satisfied with current technology, except maybe if the citizens accept to waive their privacy, which is unacceptable ethically and socially. New progress is needed in security and privacy-preserving technologies. On these foundations, the IFIP/SEC conference has been established from the eighties as one of the most important forums for presenting new scientific research results as well as best professional practice to improve the security of information systems. This balance between future technology improvements and day-to-day security management has contributed to better understanding between researchers, solution providers and practitioners, making this forum lively and fruitful. Security and Protection in Information Processing Systems contains the papers selected for presentation at the 19th IFIP International Conference on Information Security (SEC2004), which was held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The conference was sponsored by the International Federation for Information Processing (IFIP).This volume is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

This book constitutes the carefully refereed and revised selected papers of the 5th Canada-France ETS Symposium on Foundations and Practice of Security, FPS 2012, held in Montreal, QC, Canada, in October 2012. The book contains a revised version of 21 full papers, accompanied by 3 short papers. The papers were carefully reviewed and selected from 62 submissions. The papers are organized in topical section on cryptography and information theory, key management and cryptographic protocols, privacy and trust, policies and applications security, and network and adaptive security.

This book constitutes the refereed proceedings of the 26th IFIP WG 11.3 International Conference on Data and Applications Security and Privacy, DBSec 2012, held in Paris, France in July 2012. The 17 revised full and 15 short papers presented together with 1 invited paper were carefully reviewed and selected from 49 submissions. The papers are organized in topical sections on access control, confidentiality and privacy, smart cards security, privacy-preserving technologies, data management, intrusion and malware, probabilistic attacks and protection, and cloud computing.

This volume gathers the papers presented at three workshops that are embedded in the IFIP/Sec Conference in 2004, to enlighten specific topics that are currently particularly active in Security. The first one is the 10th IFIP Annual Working Conference on Information Security Management. It is organized by the IFIP WG 11. 1, which is itself dedicated to Information Security Management, i. e. , not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems. Matt Warren, from Deakin University, Australia, who is the current Chair of WG 11. 1, acted as the Program Chair. The second workshop is organized by the IFIP WG 11. 8, dedicated to Information Security Education. This workshop is a follow-up of three issues of the World Conference on Information Security Education (WISE) that were also organized by WG 11. 8. The first WISE was organized by Louise Yngstrom in 1999 in Stockholm, and the next one, WISE'4, will be held in Moscow, Russia, 18-20 May 2005. This year, the workshop is aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security.

his book presents the refereed proceedings of the 6th European Symposium on Research in Computer Security, ESORICS 2000, held in Toulouse, France in October 2000.The 19 revised full papers presented were carefully reviewed and selected from a total of 75 submissions. The papers are organized in sections on personal devices and smart cards, electronic commerce protocols, access control, protocol verification, Internet security, security property analysis, and mobile agents.

This book constitutes the proceedings of the 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2021, which took place during November 11-13, 2021. The conference was originally planned to take place in Ames, IA, USA, but had to change to an online format due to the COVID-19 pandemic. The 9 full and 3 short papers included in this volume were carefully reviewed and selected from 23 submissions. The papers were organized in topical sections named: CPS and hardware security; attacks, responses, and security management; network and data security.

This book constitutes the refereed post-conference proceedings of the 6th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2020, the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2020, and the Third International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2020, held in Guildford, UK, in September 2020 in conjunction with the 25th European Symposium on Research in Computer Security, ESORICS 2020. Due to COVID-19 pandemic the conference was held virtually The CyberICPS Workshop received 21 submissions from which 5 full papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyberattacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 4 full papers out of 7 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance. From the ADIoT Workshop 2 full papers and 2 short papers out of 12 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms.

This book constitutes the refereed post-conference proceedings of the 5th International Workshop on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2019, the Third International Workshop on Security and Privacy Requirements Engineering, SECPRE 2019, the First International Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2019, and the Second International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2019, held in Luxembourg City, Luxembourg, in September 2019, in conjunction with the 24th European Symposium on Research in Computer Security, ESORICS 2019. The CyberICPS Workshop received 13 submissions from which 5 full papers and 2 short papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 9 full papers out of 14 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling and to GDPR compliance. The SPOSE Workshop received 7 submissions from which 3 full papers and 1 demo paper were accepted for publication. They demonstrate the possible spectrum for fruitful research at the intersection of security, privacy, organizational science, and systems engineering. From the ADIoT Workshop 5 full papers and 2 short papers out of 16 submissions are included. The papers focus on IoT attacks and defenses and discuss either practical or theoretical solutions to identify IoT vulnerabilities and IoT security mechanisms.

This book constitutes the revised selected papers from the 14th International Conference on Risks and Security of Internet and Systems, CRiSIS 2019, held in Hammamet, Tunisia, in October 2019. The 20 full papers and 4 short papers presented in this volume were carefully reviewed and selected from 64 submissions. They cover diverse research themes that range from classic topics, such as risk analysis and management; access control and permission; secure embedded systems; network and cloud security; information security policy; data protection and machine learning for security; distributed detection system and blockchain.

This book constitutes the thoroughly refereed post-conference proceedings of the 4th International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2018, and the Second International Workshop on Security and Privacy Requirements Engineering, SECPRE 2018, held in Barcelona, Spain, in September 2018, in conjunction with the 23rd European Symposium on Research in Computer Security, ESORICS 2018. The CyberICPS Workshop received 15 submissions from which 8 full papers were selected for presentation. They cover topics related to threats, vulnerabilities and risks that cyber-physical systems and industrial control systems face; cyber attacks that may be launched against such systems; and ways of detecting and responding to such attacks. From the SECPRE Workshop 5 full papers out of 11 submissions are included. The selected papers deal with aspects of security and privacy requirements assurance and evaluation; and security requirements elicitation and modelling.

This book constitutes the revised selected papers from the 13th International Conference on Risks and Security of Internet and Systems, CRiSIS 2018, held in Arcachon, France, in October 2018. The 12 full papers and 6 short papers presented in this volume were carefully reviewed and selected from 34 submissions. They cover diverse research themes that range from classic topics, such as vulnerability analysis and classification; apps security; access control and filtering; cloud security; cyber-insurance and cyber threat intelligence; human-centric security and trust; and risk analysis.

This book constitutes the refereed post-conference proceedings of the Third International Conference on Interoperability, InterIoT 2017, which was collocated with SaSeIoT 2017, and took place in Valencia, Spain, in November 2017. The 14 revised full papers were carefully reviewed and selected from 22 submissions and cover all aspects of the latest research findings in the area of Internet of Things (IoT).

This book constitutes the revised selected papers from the 12th International Conference on Risk and Security of Internet and Systems, CRISIS 2017, held in Dinard, France, in September 2017.The 12 full papers and 5 short papers presented in this volume were carefully reviewed and selected from 42 submissions. They cover diverse research themes, ranging from classic topics, such as vulnerability analysis and classification; apps security; access control and filtering; cloud security; cyber-insurance and cyber threat intelligence; human-centric security and trust; and risk analysis.

This book constitutes the refereed proceedings of the Second Conference on Security of Industrial Control Systems and Cyber-Physical Systems, CyberICPS 2016, held in Crete, Greece, in September 2016 in conjunction with ESORICS 2016, the 21st annual European Symposium on Research in Computer Security. The 5 revised full papers 2 invited papers presented were carefully reviewed and selected from 18 initial submissions. CyberICPS 2016 focuses on topics related to the management of cyber security in industrial control systems and cyber-physical systems, including security monitoring, trust management, security policies and measures.

This book constitutes the revised selected papers from the 11th International Conference on Risk and Security of Internet and Systems, CRISIS 2016, held in Roscoff, France, in September 2016. The 17 full papers presented in this volume were carefully reviewed and selected from 24 submissions. They cover diverse research themes, ranging from classic topics, such as intrusion detection, applied cryptography, formal methods and methodology for risk and security analysis, to emerging issues, such as ransomware and security of software defined networking or virtualization techniques.

This book constitutes the refereed proceedings of the First Conference on Cybersecurity of Industrial Control Systems, CyberICS 2015, and the First Workshop on the Security of Cyber Physical Systems, WOS-CPS 2015, held in Vienna, Austria, in September 2015 in conjunction with ESORICS 2015, the 20th annual European Symposium on Research in Computer Security. The 6 revised full papers and 2 short papers of CyberICS 2015 presented together with 3 revised full papers of WOS-CPS 2015 were carefully reviewed and selected from 28 initial submissions. CyberICS 2015 focuses on topics covering ICSs, including cyber protection and cyber defense of SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers, PLCs, and other industrial control system. WOS-CPS 2015 deals with the Security of Cyber Physical Systems, that exist everywhere around us, and range in size, complexity and criticality, from embedded systems used in smart vehicles, to SCADA systems in smart grids to control systems in water distribution systems, to smart transportation systems etc.

This book constitutes the thoroughly refereed post-conference proceedings of the 9th International Symposium on Foundations and Practice of Security, FPS 2016, held in Quebec City, QC, Canada, in October 2016. The 18 revised regular papers presented together with 5 short papers and 3 invited talks were carefully reviewed and selected from 34 submissions. The accepted papers cover diverse research themes, ranging from classic topics, such as malware, anomaly detection, and privacy, to emerging issues, such as security and privacy in mobile computing and cloud.

This book constitutes the thoroughly refereed post-proceedings of the 7th Symposium on Foundations and Practice of Security, FPS 2014, held in Montreal, QC, Canada, in November 2014. The 18 revised full papers presented together with 5 short papers and 2 position papers were carefully reviewed and selected from 48 submissions. The papers are organized in topical sections on privacy; software security and malware analysis; network security and protocols; access control models and policy analysis; protocol verification; and cryptographic technologies.