9th IEEE European Symposium on Security and Privacy Vienna, July 8-12, 2024 https://eurosp2024.ieee-security.org/cfp.html (Self-)Nomination Form for PC EuroS&P welcomes (self-)nominations of volunteers to serve on the Program Committee for 2024. Please fill out the form to nominate yourself or others. Please ensure to check out the mentoring program description before filling out the form. Call For Papers The IEEE European Symposium on Security and Privacy (Euro S&P) is the younger, more adventurous, and tastier sibling conference of the IEEE Symposium on Security and Privacy (“Oakland” or “NorCal S&P”) conference. It is a premier forum for computer security and privacy research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in security or privacy, as well as Systematization of Knowledge papers that systematize previous results. EuroS&P is interested in all aspects of applied computer security and privacy. We especially encourage papers that are far-reaching and risky, provided those papers show sufficient promise for creating interesting discussions and usefully questioning widely-held beliefs. Papers without a clear connection to security or privacy will be considered out of scope and may be rejected without full review. Conference Expectations We are committed to maintaining the engagement and sense-of-community benefits that come from a single-track conference, while avoiding any arbitrary limits on the number of papers that can be accepted. We aim for a review process that will be rigorous and thorough, resulting in the acceptance of every paper with scientific merit and sufficient value to the community, and incorporate a one-month revision opportunity in which the PC assists authors to try to get as many papers as possible to the level needed. In order to support substantive presentations within the single-track constraint, though, this means that we are not promising that all accepted papers will be given the same presentation opportunity. What this means in practice will depend on the number of papers accepted, the nature of particular papers, and the architecture of the venue, and we are not committed to a particular presentation format or method for deciding how different accepted papers will be presented. We will endeavor to provide the authors of every accepted paper with a meaningful way to share their work with the community, but this may mean different things for different papers, such as poster sessions, videos and blogs, extended seminars, and live presentations in the main conference track. Revision Option Authors of papers that are not accepted may be invited to revise and resubmit their paper for a second round of reviews. Papers will be invited for revision if the program committee sees a path for revision that is likely to lead to acceptance, even though the initial submission was not considered acceptable. If authors who are invited to do so wish to submit a revised paper, they must do so within four weeks of the notification. Revised papers will be re-reviewed by the same reviewers who reviewed the original submission. Neither acceptance with shepherding nor an invitation to submit a revised paper implies that eventual acceptance is certain. New in 2024: Meta Reviews The discussions about individual papers are conducted “behind closed doors” within the set of reviewers. In the best case, reviewers will leave a summary of the discussion visible exclusively to the authors. To facilitate more transparency in the process of accepting papers, EuroS&P 2024 will feature a publicly available meta review (accessible through the EuroS&P website) for each accepted paper. This meta review will outline the PC’s main reasons for accepting the paper and may also contain limitations the PC identified. Systematization of Knowledge Papers We solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area; support or challenge long-held beliefs in such an area with compelling evidence; or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate. Submissions will be distinguished by the prefix "SoK:" in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, except instead of emphasizing novel research contributions, the emphasis will be on their value to the community. Accepted papers will be presented at the symposium and included in the proceedings. Paper Awards Outstanding papers will be selected by the program committee for paper awards. The award finalists will be announced before the symposium, and the award winners announced at the symposium. Important Dates All deadlines are Anywhere on Earth (AoE = UTC-12h). Research Papers Registration deadline (incl. topics and abstracts) 30 October 2023 (Monday) Submission deadline 2 November 2023 (Thursday) Early rejection notification 20 December 2023 (Wednesday) Rebuttal period 29 January - 1 February 2024 (Monday to Thursday) Author Notification 22 February 2024 (Thursday) Submission of revised papers 21 March 2024 (Thursday) Revision Decisions 4 April 2024 (Thursday) Conference Vienna, Austria 8 - 12 July 2024 Proactive Prevention of Harm We expect authors to carefully consider and address the potential harms associated with carrying out their research, as well as the potential negative consequences that could stem from publishing their work. Failure to adequately discuss such potential harms within the body of the submission may result in rejection of a submission, regardless of its quality and scientific value. Although risking to cause harm is sometimes a necessary and legitimate aspect of scientific research in computer security and privacy, authors are expected to document how they addressed and mitigated such risks. This includes, but is not limited to, considering the impact of the research on deployed systems, understanding the costs the research imposes on others, safely and appropriately collecting data, and following responsible disclosure practices. Papers should include a clear statement as to how the benefit of the research outweighs the potential harms, and how the authors have taken measures and followed best practices to ensure safety and minimize the potential harms caused by their research. If the submitted research has potential to cause harm, and authors have access to an Institutional Review Board (IRB), we expect that this IRB was consulted appropriately and that its approval and recommendations are documented in the paper. We note that IRBs are not necessarily well-versed in computer security research and may not know the best practices and community norms in our field, so IRB approval does not absolve researchers from considering ethical aspects of their work. In particular, IRB approval is not sufficient to guarantee that the PC will not have additional concerns with respect to harms associated with the research. We encourage authors to consult existing documentation, e.g., Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them or the Menlo Report and existing Safety consultation entities, e.g., the Tor Safety Research Board. These can help in thinking about potential harms, and in designing the safest experiments and disclosure processes. Open Science Expectations Our expectation for Euro S&P is that researchers will maximize the scientific and community value of their work by making it as open as possible. This means that, by default, all of the code, data, and other materials (such as survey instruments) needed to reproduce your work described in an accepted paper will be released publicly under an open source license. Sometimes it is not possible to share work this openly, such as when it involves malware samples, data from human subjects that must be protected, or proprietary data obtained under agreement that preclude publishing the data itself. All submissions should therefore include a clear statement on Data Availability that explains how the artifacts needed to reproduce their work will be shared, or an explanation of why they will not be shared. The Program Chairs will hold authors to the commitments made in their submissions, and papers that fail to satisfy these commitments may be removed from the conference. Plagiarism and Duplicate Submission All submissions must be original work. Plagiarism (whether of others or self) will be grounds for rejection. The submission must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same or substantially similar paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Anonymous Submission Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing their identity in the text. When referring to your previous work, do so in the third person, as though it were written by someone else. References should only be blinded in the (unusual) case that a third-person reference is infeasible. Contact the program chairs if you have any questions. Papers that are not properly anonymized may be rejected without review. The purpose of anonymous submissions is to give reviewers the chance to read the paper without being biased by knowing the authors. Hence authors are required to ensure that the paper they submit does not, within reason, leak their identity. However, the process of anonymous submission is considered to be cooperative, not adversarial. Authors should not put explicit clues to their identity in the paper or otherwise purposefully deanonymize themselves to reviewers. Authors who think disclosing revealing aspects of their identities or setting would be important for positioning the paper, should consult with the PC chairs on how to do this in their submission. Reviewers are trusted to not actively look for the identity of authors, for instance by searching the internet for the paper title. By policy, authors may post their paper to public “preprint” archives (including arxiv) before, during, or after the review period. The Program Chairs will reject papers that, in their sole judgment, blatantly violate the requirement for author anonymity. Reviews from Prior Submissions For papers that were previously submitted to, and rejected from, another conference, authors are required to submit a separate document containing the (anonymized, but otherwise unedited) prior reviews along with a description of how those reviews were addressed in the current version of the paper. Authors are only required to include reviews from the last time the paper was submitted. Authors who try to circumvent this rule (e.g., by changing the title of the paper without significantly changing the contents) may have their papers rejected without further consideration, at the discretion of the PC chairs. To avoid biasing reviewers, reviewers will only see the provided supplementary material after submitting their own review. Then, reviewers will be able to see the submitted previous reviews, and may revise their review as a result. Page Limit and Formatting Papers shall not exceed 13 pages of body text, with unlimited additional pages for references and appendices. Reviewers are explicitly not expected to read the appendices while deciding whether to accept or reject the paper. Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp2023-template.zip Please do not use other IEEE templates. Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white. Failure to adhere to the page limit and formatting requirements can be grounds for rejection without review. Conference Submission Server Papers must be submitted at https://hotcrp.eurosp2024.ieee-security.org and may be updated at any time until the submission deadline expires. Publication and Presentation Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper at the conference. We are expecting to hold an in person conference and that authors will be able to travel to the conference to present their paper, but may make allowances for remote presentation in cases where all authors of a paper have legitimate reasons they are unable to attend in person.