CSF 2017 Call for Papers
30th IEEE Computer Security Foundations Symposium

August 22-25, 2017
Santa Barbara, California, USA
Co-located with CRYPTO

The Computer Security Foundations Symposium is an annual conference
for researchers in computer security. CSF seeks papers on foundational
aspects of computer security, such as formal security models,
relationships between security properties and defenses, principled
techniques and tools for design and analysis of security mechanisms,
as well as their application to practice. While CSF welcomes
submissions beyond the topics listed below, the main focus of CSF is
foundational security: submissions that lack foundational aspects risk

This year, CSF will use a light form of double-blind reviewing; see below.

New results in computer security are welcome. We also encourage
challenge/vision papers, which may describe open questions and raise
fundamental concerns about security. Possible topics for all papers
include, but are not limited to:

        access control,
        anonymity and privacy,
        computer-aided cryptography,
        data and system integrity,
        database security,
        decidability and complexity,
        distributed systems security,
        electronic voting,
        formal methods and verification,
        decision theory,
        hardware-based security,
        information flow,
        intrusion detection,
        language-based security,
        network security,
        data provenance,
        mobile security,
        security metrics,
        security protocols,
        software security,
        socio-technical security,
        trust management,
        usable security,
        web security.

Special Sessions 
This year, we strongly encourage papers in three foundational areas of
research we would like to promote at CSF:

PRIVACY (Chair: Paul Syverson).  CSF 2017 will include a special
session on privacy foundations and invites submissions on innovations
in privacy theory or practice; definitions, models, and frameworks for
both communications privacy and data privacy; principled analysis of
deployed or proposed privacy protection mechanisms; and foundational
aspects of theoretical or practical privacy technologies.
SECURITY ECONOMICS (Chair: Yevgeniy Vorobeychik).  There is an
interplay between important system properties including privacy,
security, efficiency, flexibility, and usability. Diverse systems
balance these properties differently, and as such provide varied
benefits (for users) for different costs (for builders and
attackers). In short, securing systems is ultimately an economic
question. CSF 2017 will include a special session on security
economics, where we invite submissions on foundational work in this
area. Topics include, but are not limited to, risk management and
cyber-insurance, investments in information security, security
metrics, decision and game theory for security, and cryptocurrencies.

COMPUTER-AIDED CRYPTOGRAPHY (Chair: Peter Schwabe).  Modern
cryptography is built on firm theoretical foundations. However,
cryptography proofs are often intricate and the gap from model to code
is usually large, which opens the door to bugs and
vulnerabilities. Computer-aided formal methods can provide assurance
of the security of cryptographic protocols, primitives and their
implementations in software and hardware. We invite submissions on
foundational work in this area. Topics include, but are not limited
to, verification of cryptographic protocols and primitives,
verification of cryptographic software and hardware, tools to automate
formal verification, and formal proofs of side-channel
countermeasures. CSF 2017 is co-located with CRYPTO 2017, making this
special session of interest to many attendees.

These papers will be reviewed under the supervision of the special
session chairs. They will be presented at the conference, and will
appear in the CSF proceedings, without any distinction from the other

Proceedings, published by the IEEE Computer Society Press (pending
approval), will be available at the symposium, and selected papers
will be invited for submission to the Journal of Computer Security.


Papers due:             February 17, 2017
Author response period: April 5-8, 2017
Notification:           April 21, 2017
Final papers due:       May 26, 2017
Symposium:              August 22-25, 2017


Nataliia Bielova, Inria
Jeremiah Blocki, Purdue University
Stefano Calzavara, Università Ca' Foscari Venezia
Kostas Chatzikokolakis, CNRS & École Polytechnique
Adam Chlipala, MIT
Stephen Chong, Harvard University (Program Co-Chair)
Mads Dam, KTH
Stéphanie Delaune, CNRS, IRISA
Bill Harris, Georgia Institute of Technology 
Limin Jia, Carnegie Mellon University 
Aniket Kate, Purdue University
Boris Koepf, IMDEA Software Institute (Program Co-Chair)
Markulf Kohlweiss, Microsoft Research
Ralf Kuesters, University of Trier
Pasquale Malacaria, Queen Mary University of London
Catherine Meadows, US Naval Research Laboratory
Daniel Le Métayer, Inria
Carroll Morgan, University of New South Wales and Data61
Toby Murray, University of Melbourne and Data61
Peter Schwabe, Radboud University (Session chair, Computer-Aided Cryptography)
Zhong Shao, Yale University
Ben Smyth, Huawei
Alley Stoughton
Pierre-Yves Strub, École Polytechnique
Paul Syverson, Naval Research Laboratory (Session chair, Privacy)
Peter Thiemann, University of Freiburg
Yevgeniy Vorobeychik, Vanderbilt University (Session chair, Security Economics)


Submitted papers must not substantially overlap with papers that have
been published or that are simultaneously submitted to a journal or a
conference with published proceedings.

Papers must be submitted using the two-column IEEE Proceedings style
available for various document preparation systems at the IEEE
Conference Publishing Services page. All papers should be at most 12
pages long, not counting bibliography and well-marked
appendices. Committee members are not required to read appendices, and
so the paper must be intelligible without them.

Following the recent history of other top-quality conferences and
symposia in security, CSF'17 will employ a light form of double-blind
reviewing. To facilitate this, submitted papers must (a) omit any
reference to the authors' names or the names of their institutions,
and (b) reference the authors' own related work in the third person
(e.g., not "We build on our previous work ..." but rather "We build on
the work of ..."). Nothing should be done in the name of anonymity
that weakens the submission or makes the job of reviewing the paper
more difficult (e.g., important background references should not be
omitted or anonymized). Please see the conference site for answers to
frequently asked questions (FAQ) that address many common
concerns. When in doubt, contact the program chairs.

Papers failing to adhere to any of the instructions above will be
rejected without consideration of their merits.

Papers intended for one of the special sessions should select the
"Privacy", "Security Economics", or "Computer-Aided Cryptography"
option, as appropriate.

At least one coauthor of each accepted paper is required to attend CSF
to present the paper.

Please see http://csf2017.tecnico.ulisboa.pt/ for a link to the
submission website.


PC Chairs 
Boris Koepf, IMDEA Software Institute
Stephen Chong, Harvard University

General Chair 
Pedro Adao, University of Lisbon

Publications Chair 
Deepak Garg, Max Planck Institute for Software Systems

Publicity Chair 
Matteo Maffei, TU Vienna