IEEE Security Development Conference (SecDev) 2018
Call for Papers
Sponsored by the IEEE Computer Society 
  Technical Committee on Security and Privacy
September 30-October 2, 2018 at the Hyatt Regency, Cambridge, MA


SecDev is a venue for presenting ideas, research, and experience about
how to develop secure systems. SecDev is distinguished by its focus on
the theory, techniques, and tools for how to "build security in" to
computing systems, and not simply discover the absence of
security. Its goal is to encourage and disseminate ideas for secure
system development among academia, industry, and
government. Developers have valuable experiences and ideas that can
inform academic research, and researchers have concepts, studies, and
even code and tools that could benefit developers. Great SecDev
contributions could come from attendees of industrial conferences like
AppSec, RSA, Black Hat, and Shmoocon; from attendees of academic
conferences like IEEE S&P, IEEE CSF, USENIX Security, PLDI, FSE,
ISSTA, SOUPS, and others; and from newcomers.

SecDev solicits four types of contributions. First, SecDev is a forum
for novel research papers that present innovations, experience-based
insights, or a vision about how to "build security in" to existing and
new computing systems. Position papers with exceptional visions will
also be considered. Second, SecDev seeks Best Practices (BP) papers
that provide an in-depth clarification and integration of solutions on
a major security area. The paper needs to provide new perspectives and
insights, although it could draw upon prior work. Third, SecDev seeks
hands-on and interactive tutorials on processes, frameworks,
languages, and tools for building security in. The goal is to share
knowledge on the art and science of secure systems
development. Fourth, SecDev seeks abstracts from practitioners to
share their practical experiences and challenges in security

Areas of interest include (but are not limited to):
 -  Security engineering processes, from requirements to maintenance
 -  Security-focused system designs (HW/SW/architecture)
 -  Distributed systems design and implementation for security
 -  Human-centered design for systems security
 -  Tools and methodology for secure code development
 -  Programming languages, development tools, and ecosystems supporting security
 -  Risk management and testing strategies to improve security
 -  Static program analysis for software security
 -  Dynamic analysis and runtime approaches for software security
 -  Explorations of formal verification and other high-assurance methods for 
 -  Automation of programming, deployment, and maintenance tasks for security
 -  Code reviews, red teams, and other human-centered assurance
 -  Security assistance for software developers and security analysts

What makes SecDev different from other conferences?

SecDev is interested in work that can demonstrate a practical
connection to building systems that are more secure. It is not enough
to show that an existing system, however prominent, is insecure. Nor
is it enough to propose a new cryptosystem or formal security model
with nice mathematical properties, but with no concrete experience of
how it would be used to build systems more securely. Examples of
topics that are in scope include: how a development library, tool, or
process can produce systems resilient to certain attacks; how a formal
foundation can underpin a language, tool, or testing strategy that
improves security; techniques that drastically improve the scalability
of security solutions for practical deployment; and experience,
designs, or applications showing how to apply cryptographic techniques
effectively to secure systems.

SecDev provides an integrated forum for researchers and practitioners
to share their experiences. It aims at bridging the gap between
constructive security research and the practice and enabling
real-world impact in the long run.

Submission Details
Papers must be submitted using the two-column IEEE Proceedings style:

Submissions must be one of the four categories:

 - Research papers , up to 8 pages. These must be well-argued and
    worthy of publication and citation, on the topics above. The
    research papers must present new work or ideas. Position papers
    with exceptional visions will also be considered. Authors of
    accepted papers will present their work at the conference (likely
    in a 30-minute slot) and their papers will appear in the
    conference's formal IEEE proceedings.

 - Best Practices (BP) papers , up to 10 pages. Suitable papers are
    those that provide an integration and clarification of ideas on an
    established, major research area, support or challenge long-held
    beliefs in such an area with compelling evidence, or present a
    convincing, comprehensive new taxonomy of some aspect of secure
    development. Such a paper would be marked with the prefix " BP: "
    in the title, and would need to provide new insights, although it
    could draw upon prior work. Authors of accepted papers will
    present their work at the conference (likely in a 30-minute slot)
    and their papers will appear in the conference's formal IEEE

 - Tutorial proposals . Tutorials should aim to be either 90 minutes
    or 180 minutes long. We strongly encourage tutorials to have
    hands-on components and audience interactions. We do not recommend
    simply slide presentations. Tutorial proposals should be 2 pages
    and cover (a) the topic; (b) a summary of the tutorial format with
    possible pointers to relevant materials; (c) the expected audience
    and expected learning outcomes; (d) prior tutorials or talks on
    similar topics by the authors (and audience size), if
    any. Accepted tutorials may provide an abstract that will appear
    in the conference's formal IEEE proceedings. Tutorials will occur
    on the first day of the conference and will be included as part of
    the conference registration. Note that if an accepted tutorial
    requires special materials or environments for the hands-on
    participation, we expect the authors to provide necessary
    preparation instructions for the attendees.

 - Practitioners session abstracts , up to one page. The abstracts
    will be lightly reviewed.

We strongly encourage practitioners from the industry and government
to submit, to share their security experiences and insights,
challenges and obstacles encountered.  Authors of accepted abstracts
will be invited to give a short talk during the practitioners sessions
at the conference. The abstracts will be included in the conference's
IEEE proceedings.

We are devoted to seeking broad representation in the program, and may
take this into account when reviewing multiple submissions from the
same authors. We prefer experienced presenters and each submission
must indicate on the submission site which co-author will present the
paper at the meeting.

SecDev also seeks poster submissions. The 1-page poster abstracts will
be included in the conference's IEEE proceedings. More details will be
on the Call For Poster page.

If you have any questions submissions, send an email to

Important Dates:
Paper and tutorial submission: March 5, 2018
Paper and tutorial notification: May 15, 2018
Practitioners session abstract submission: July 20, 2018
Practitioners session notification: August 10, 2018
Camera-ready versions due: August 17, 2018
Conference: Sept. 30 - Oct. 2, 2018

IEEESec Dev 2018 Program Committee: