CALL FOR PAPERS

   First IEEE Cybersecurity Development Conference (SecDev)

                   Boston, MA, USA, November 3-4, 2016
                    Submission deadline: June 21, 2016



SecDev is a new venue for presenting ideas, research, and experience
about how to develop secure systems.

SecDev is distinguished by its focus on how to "build security in"
(and not simply discover the absence of security). Its goal is to
encourage and disseminate ideas for secure system development among
both academia and industry. Developers have valuable experiences and
ideas that can inform academic research, and researchers have
concepts, studies, and even code and tools that could benefit
developers. We anticipate that attendees from academic conferences
like IEEE S&P, USENIX Security, PLDI, FSE, ISSTA, SOUPS, and many
others could contribute ideas to SecDev, as could attendees of
industrial conferences like AppSec, RSA, Black Hat, and Shmoocon.

In this first year, SecDev is soliciting short papers that present
innovations, experience-based insights, or a vision. Papers have the
option of appearing in the conference's formal proceedings, or
not. SecDev is also interested in tutorials on processes, frameworks,
languages, and tools. The goal is to propose useful and thought
provoking ideas, and to share knowledge on the art and science of
secure system development. In future years, the academic portion of
SecDev will expand to include more in-depth articles.

Areas of interest include (but are not limited to):

- Security engineering processes, from requirements to maintenance
- Dynamic/static analysis and runtime approaches towards application security
- Programming languages and frameworks supporting security
- Testing strategies to ensure security
- Explorations of formal verification and other high-assurance methods
  for security
- Code reviews, red teams, and other human-centered assurance
- Security-focused system (HW/SW/architecture) designs 
- Human-centered design for systems security
- Distributed systems design and implementation for security

What makes SecDev different than other conferences?

SecDev is interested in work that has a demonstrated connection to
building systems that are more secure. It is not enough to show that
an existing system, however prominent, is insecure. Nor is it enough
to propose a new cryptosystem or formal security model with nice
mathematical properties but no concrete exploration of how it would be
used to build systems more securely. Instead, papers should be about
(as a few examples) how a development library, tool, or process can
produce systems resilient against certain attacks; how a formal
foundation could underpin a language, tool, or testing strategy that
can help produce stronger systems; and experience, designs, or
applications showing how cryptography can be used effectively to
secure systems.

A good SecDev paper may resemble an elaborated vision statement, a
grant proposal, or a mini-keynote summarizing prior work and
directions. We are not interested in complete works that manage to fit
in a few pages; rather we want bigger ideas (previously published or
not) that will lead to a stimulating, thoughtful, and perhaps (gently)
provocative discussion. A good SecDev tutorial will introduce
interested practitioners and researchers to technologies (e.g.,
languages, tools, frameworks) that show promise in aiding the
development of secure systems.

Submission Details

Submit your papers here: https://secdev16.hotcrp.com/

Papers must be submitted using the two-column IEEE Proceedings style
available for various document preparation systems at the IEEE
Conference Publishing Services page at
http://www.ieee.org/conferences_events/conferences/publishing/templates.html. Submissions
may be one of three categories:

- (Up to) 5-page papers. These must be well-argued and worthy of
  publication and citation, on the topics above. They may present new
  work or ideas, or draw substantially from the authors' previously
  published results. Authors of accepted papers will present their
  work at the conference (likely in a 20 minute slot), and their
  papers may optionally appear in the conference's formal
  proceedings. The page count does not include bibliographic

- One-page abstracts. Abstracts will be reviewed lightly and all
  accepted abstracts will be published on the SecDev 2016 web
  page. Authors of accepted abstracts will be invited to give a talk
  during a "5-minute madness" session at the conference.

- Tutorial proposals. Tutorials should aim to be 90 minutes
  long. Preference will be given to tutorials that are hands-on,
  rather than simply slide presentations. Proposals should be 1 page
  and cover (a) the topic; (b) a summary of the tutorial format with
  possible pointers to relevant materials; (c) the expected audience
  and expected learning outcomes; (d) prior tutorials or talks on
  similar topics by the authors (and audience size), if any.

We are seeking broad representation in the program, and may take this
into account when reviewing multiple submissions from the same
authors. We prefer experienced presenters and each submission must
indicate on the submission site which co-author will present the paper
at the meeting. Accepted papers will appear in the conference

This call for papers is inspired by SNAPL (http://snapl.org/2015/cfp.html).

If you have any questions about submissions, send an email to

If you have any questions about tutorials, send an email to

Important Dates

Submission: Jun 21, 2016
Decisions announced: Aug. 1, 2016
Final versions due: Sep. 1, 2016
Conference: Nov. 3-4, 2016

Program Committee

June Andronick, Data61/CSIRO (formerly NICTA) and UNSW
Ivan Arce, Sadosky Foundation
Stephen Chong, Harvard
Andy Chou, Co-founded of Coverity
Michael D. Ernst, University of Washington
Michael Hicks, University of Maryland (PC Chair)
Jaeyeon Jung, Microsoft Research
Boris Koepf, IMDEA Software Institute
Ben Livshits, Microsoft Research
Milo Martin, Google
Gary McGraw, Cigital
Andrew Myers, Cornell University
Chris Palmer, Google
Daniele Perito, Square
Bart Preneel, KU Leuven
Tamara Rezk, INRIA
Elaine Shi, Cornell University
Stelios Sidiroglou-Douskos, MIT (Tutorials Chair)
Merrielle Spain, MIT Lincoln Laboratory
Deian Stefan, UCSD and Intrinsic
Sam Weber, CMU Software Engineering Institute
Chris Wysopal, Veracode
Danfeng Zhang, Penn State University