2008 IEEE Symposium on
Security and Privacy
May 18-21, 2008
The Claremont Resort, Berkeley/Oakland, California, USA

Sponsored by
IEEE Computer Society Technical Committee on Security and Privacy
In cooperation with
The International Association for Cryptologic Research (IACR)

Symposium Committee:
General Chair: Yong Guan (Iowa State University, USA), oakland08-generalchair @
Registration and Publicity Chair: David Du (University of Minnesota/National Science Foundation, USA)
Treasurer: David Shambroom (Intersystems, USA)
Program Co-Chairs: Patrick McDaniel (Pennsylvania State University, USA)
Avi Rubin (Johns Hopkins University, USA)

Since 1980, the IEEE Symposium on Security and Privacy has been the
premier forum for the presentation of developments in computer
security and electronic privacy, and for bringing together researchers
and practitioners in the field.

Previously unpublished papers offering novel research contributions in
any aspect of computer security or electronic privacy are solicited
for submission to the 2008 symposium. Papers may represent advances in
the theory, design, implementation, analysis, or empirical evaluation
of secure systems, either for general use or for specific application
domains. The Symposium is also open to the submission of co-located
half-day or one-day workshops. See below for these and other program

Topics of interest include, but are not limited to, the following:
Access control and audit
Anonymity and pseudonymity
Application-level security
Cryptographic protocols
Database security
Denial of service
Distributed systems security
Formal methods for security
Information flow
Intrusion detection and prevention
Language-based security
Malicious code prevention
Network security
Operating system security
Peer-to-peer security
Risk analysis
Secure hardware and smartcards
Security engineering
Security policy
User authentication

Note: S&P is a general security and privacy conference. Papers without
concrete and demonstrated relation to security and/or privacy will be
rejected without review. For example, papers on topics in cryptography
without clear, executed application to security or privacy will not be

Program Committee:
William Aiello, University of British Columbia, Canada
Elisa Bertino, CERIAS and CS Department, Purdue University, USA
Matt Blaze, University of Pennsylvania, USA
Christian Cachin, IBM Zurich Research Lab, Switzerland
Crispin Cowan, Novell, USA
Robert Cunningham, MIT Lincoln, USA
Dave Evans, University of Virginia, USA
Kevin Fu, UMass, USA
Michael Franz, UCI, USA
Carl Landwehr, DTO, USA
Yingjiu Li, Singapore Management University, Singapore
Jonathon Giffin, Georgia Institute of Technology, USA
Virgil Gligor, University of Maryland, USA
Steve Gribble, University of Washington, USA
Susan Hohenberger, Johns Hopkins University, USA
Trent Jaeger, Penn State University, USA
Somesh Jha, University of Wisconsin, USA
Ari Juels, RSA, USA
Angelos Keromytis, Columbia University, USA
Yongdae Kim, University of Minnesota Twin Cities, USA
Tadayoshi Kohno, University of Washington, USA
Christopher Kruegel, Technical University Vienna, Austria
Andrew Myers, Cornell University, USA
Wenke Lee, Georgia Institute of Technology, USA
Ninghui Li, Purdue University, USA
Gary McGraw, Cigital, USA
Fabian Monrose, Johns Hopkins University, USA
Hilarie Orman, Purple Streak, USA
Vern Paxson, ICSI/Berkeley
Atul Prakash, University of Michigan, USA
Niels Provos, Google, USA
Steve Zdancewic, University of Pennsylvania, USA
R. Sekar, State University of New York at Stony Brook, USA
Dawn Song, CMU, USA
Sean Smith, Dartmouth College, USA
Adam Stubblefield, Independent Security Evaluators, USA
Gene Tsudik, UCI, USA
Dan Wallach, Rice University, USA
David Wagner, UCB, USA


This year we are reintroducing awards for the "best paper" and "best
student paper" from the accepted program. Judged by the chairs and
several representatives from the program committee, this award will be
given to the paper deemed to have the highest overall quality, as
measured by scientific contribution, depth, and impact. A student must
be the first author to be eligible for the best student paper.

In conjunction with the IEEE Security and Privacy magazine, the conference
organizers wish to introduce an award for the "most practical" paper
appearing in the conference. This award will be judged on the paper
most likely to immediately improve the security of current
environments and systems. In additional to the award presented at the
conference, this paper will be invited to appear in the IEEE Security
and Privacy Magazine.


All submissions MUST reflect original work and MUST adequately
document any overlap with previously published or simultaneously
submitted papers from any of the authors. Especially, simultaneous
submission of the same paper to another conference with proceedings or
a journal is not allowed. Failure to clearly document such overlaps
will lead to automatic rejection. If authors have any doubts regarding
such overlaps, they should contact the program chairs prior to

Papers should be submitted in Portable Document Format (.pdf) using an
11-point font, single column layout, standard interline spacing, and
reasonable margins. Papers must not exceed 15 pages, excluding the
bibliography and well-marked appendices. Committee members are not
required to read the appendices, so papers must be intelligible
without them. You can also consider using IEEE standard Latex template
(Note: please use onecolumn option), which can be found at .

We request that submissions be in US letter paper size (not A4) if
possible. We urge authors to follow the NSF "Fastlane" guidelines for
document preparation (,
and to pay special attention to unusual fonts.

Papers should be submitted in a form suitable for anonymous review:
remove author names and affiliations from the title page, and avoid
explicit self-referencing in the text. When referring to your previous
work, do so in the third person, as though it were written by someone
else. Only blind the reference itself if a third-person reference will
clearly not work.

Please submit your paper through the submissions website at in .pdf form only. If you have any
difficulty submitting a paper or have any questions about the
submission process, please contact the submission chair, Kevin Butler
(Pennsylvania State University) at

For any questions, contact the program chairs at
Paper submissions due: November 9, 2007, 23:59:00 EST (GMT-5).    (No extensions!)
Acceptance notification: January 25, 2008.
Final papers due: March 1, 2008.

Submissions received after the submission deadline or failing to
conform to the guidelines above risk rejection without consideration
of their merits. Authors are responsible for obtaining appropriate
clearances; authors of accepted papers will be asked to sign IEEE
copyright release forms. Where possible all further communications to
authors will be via email.


We are also encouraging the submissions of workshops to be associated
with IEEE SP 2008. A workshop call will be made available on the
symposium website in the near future.  


A continuing feature of the symposium is a session of 5-minute talks
where attendees can present preliminary research results or summaries
of works published elsewhere. Abstracts for 5-minute talks must fit on
one US letter or A4 page, including the title and all author names and
affiliations. Submit abstracts prior to the conference by email to
Dr. Jonathon Giffin (; or by Monday morning at
the conference by hardcopy given to the 5-minute talks chairs.

While the majority of these presentations will be accepted and
notified per the above dates, we will also review and accept a small
number of presentations prior to the meeting, with an early decision,
for those who require a decision in order to plan their travel. Due
dates for these presentation will be announced in the final symposium