This volume contains the papers presented at three workshops embedded in the 19th IFIP International Conference on Information Security (SEC2004), which was sponsored by the International Federation for Information Processing (IFIP) and held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The first workshop was organized by IFIP Working Group 11.1, which is itself dedicated to Information Security Management, i.e., not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems. The second workshop was organized by IFIP Working Group 11.8, dedicated to Information Security Education. This year, the workshop was aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security.The draft is based upon selected papers from individuals or groups (from academic, military and government organizations), and discussions at the workshop. This draft will be further refined and eventually published as an IFIP Report. Finally, the last workshop was organized by IFIP Working Group 11.4 on Network Security. The purpose of the workshop was to bring together privacy and anonymity experts from around the world to discuss recent advances and new perspectives on these topics that are increasingly important aspects in electronic services, especially in advanced distributed applications, such as m-commerce, agent-based systems, P2P, etc. The carefully selected papers gathered in this volume show the richness of the information security domain, as well as the liveliness of the working groups cooperating in the IFIP Technical Committee 11 on Security and Protection in Information Processing Systems. Information Security Management, Education and Privacy is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

Security is probably the most critical factor for the development of the "Information Society". E-government, e-commerce, e-healthcare and all other e-activities present challenging security requirements that cannot be satisfied with current technology, except maybe if the citizens accept to waive their privacy, which is unacceptable ethically and socially. New progress is needed in security and privacy-preserving technologies. On these foundations, the IFIP/SEC conference has been established from the eighties as one of the most important forums for presenting new scientific research results as well as best professional practice to improve the security of information systems. This balance between future technology improvements and day-to-day security management has contributed to better understanding between researchers, solution providers and practitioners, making this forum lively and fruitful. Security and Protection in Information Processing Systems contains the papers selected for presentation at the 19th IFIP International Conference on Information Security (SEC2004), which was held in August 2004 as a co-located conference of the 18th IFIP World Computer Congress in Toulouse, France. The conference was sponsored by the International Federation for Information Processing (IFIP).This volume is essential reading for scholars, researchers, and practitioners interested in keeping pace with the ever-growing field of information security.

In the Information Society, the smart card, or smart device with its processing power and link to its owner, will be the potential human representation or delegate in Ambient Intelligence (Pervasive Computing), where every appliance or computer will be connected, and where control and trust of the personal environment will be the next decade challenge. Smart card research is of increasing importance as the need for information security grows rapidly. Smart cards will play a very large role in ID management in secure systems. In many computer science areas, smart cards introduce new dimensions and opportunities. Disciplines like hardware design, operating systems, modeling systems, cryptography and distributed systems find new areas of applications or issues; smart cards also create new challenges for these domains. CARDIS, the IFIP Conference on Smart Card Research and Advanced Applications, gathers researchers and technologists who are focused in all aspects of the design, development, deployment, validation and application of smart cards or smart personal devices.This volume contains the 20 papers that have been selected by the CARDIS Program Committee for presentation at the 6th International Conference on Smart Card Research and Advanced Applications (CARDIS 2004), which was held in conjunction with the IFIP 18th World Computer Congress in Toulouse, France in August 2004 and sponsored by the International Federation for Information Processing (IFIP). With 20% of the papers coming from Asia, 20% from America, and 60% from Europe, the competition was particularly severe this year, with only 20 papers selected out of 45 very good submissions. Smart Card Research and Advanced Applications VI presents the latest advances in smart card research and applications, and will be essential reading for developers of smart cards and smart card applications, as well as for computer science researchers in computer architecture, computer security, and cryptography.

This volume gathers the papers presented at three workshops that are embedded in the IFIP/Sec Conference in 2004, to enlighten specific topics that are currently particularly active in Security. The first one is the 10th IFIP Annual Working Conference on Information Security Management. It is organized by the IFIP WG 11. 1, which is itself dedicated to Information Security Management, i. e. , not only to the practical implementation of new security technology issued from recent research and development, but also and mostly to the improvement of security practice in all organizations, from multinational corporations to small enterprises. Methods and techniques are developed to increase personal awareness and education in security, analyze and manage risks, identify security policies, evaluate and certify products, processes and systems. Matt Warren, from Deakin University, Australia, who is the current Chair of WG 11. 1, acted as the Program Chair. The second workshop is organized by the IFIP WG 11. 8, dedicated to Information Security Education. This workshop is a follow-up of three issues of the World Conference on Information Security Education (WISE) that were also organized by WG 11. 8. The first WISE was organized by Louise Yngstrom in 1999 in Stockholm, and the next one, WISE'4, will be held in Moscow, Russia, 18-20 May 2005. This year, the workshop is aimed at developing a first draft of an international doctorate program allowing a specialization in IT Security.

his book presents the refereed proceedings of the 6th European Symposium on Research in Computer Security, ESORICS 2000, held in Toulouse, France in October 2000.The 19 revised full papers presented were carefully reviewed and selected from a total of 75 submissions. The papers are organized in sections on personal devices and smart cards, electronic commerce protocols, access control, protocol verification, Internet security, security property analysis, and mobile agents.

This book constitutes the refereed proceedings of the 5th European Symposium on Research in Computer Security, ESORICS 98, held in Louvain-la-Neuve, Belgium, in September 1998.
The 24 revised full papers presented were carefully reviewed and selected from a total of 57 submissions. The papers provide current results from research and development in design and specification of security policies, access control modelling and protocol analysis, mobile systems and anonymity, Java and mobile code, watermarking, intrusion detection and prevention, and specific threads.

This volume presents the proceedings of the second European Symposium on Research in Computer Security (ESORICS 92), held in Toulouse in November 1992. The aim of this symposium is to further the progress of research in computer security by bringing together researchers in this area, by promoting the exchange of ideas with system developers, and by encouraging links with researchers in areas related to computer science, informationtheory, and artificial intelligence. The volume contains 24 papers organizedinto sections on access control, formal methods, authentication, distributed systems, database security, system architectures, and applications. ESORICS 92 was organized by AFCET (Association francaise des sciences et technologies de l'information et des syst mes) in cooperation with a large number of national and international societies and institutes.