Call For Papers

38th IEEE Symposium on Security and Privacy 
May 22-24, 2017 
The Fairmont Hotel, San Jose, Ca

Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has
been the premier forum for computer security research, presenting the
latest developments and bringing together researchers and
practitioners. We solicit previously unpublished papers offering novel
research contributions in any aspect of security or privacy. Papers
may present advances in the theory, design, implementation, analysis,
verification, or empirical evaluation and measurement of secure

Topics of interest include:

    Access control and authorization
    Application security
    Attacks and defenses
    Censorship resistance
    Cloud security
    Distributed systems security
    Economics of security and privacy
    Embedded systems security
    Hardware security
    Intrusion detection and prevention
    Malware and unwanted software
    Mobile and Web security and privacy
    Language-based security
    Network and systems security
    Privacy technologies and mechanisms
    Protocol security
    Secure information flow
    Security and privacy for the Internet of Things
    Security and privacy metrics
    Security and privacy policies
    Security architectures
    Usable security and privacy

This topic list is not meant to be exhaustive; S&P is interested in
all aspects of computer security and privacy. Papers without a clear
application to security or privacy, however, will be considered out of
scope and may be rejected without full review.  Systematization of
Knowledge Papers

As in past years, we solicit systematization of knowledge (SoK) papers
that evaluate, systematize, and contextualize existing knowledge, as
such papers can provide a high value to our community. Suitable papers
are those that provide an important new viewpoint on an established,
major research area, support or challenge long-held beliefs in such an
area with compelling evidence, or present a convincing, comprehensive
new taxonomy of such an area. Survey papers without such insights are
not appropriate. Submissions will be distinguished by the prefix
"SoK:" in the title and a checkbox on the submission form. They will
be reviewed by the full PC and held to the same standards as
traditional research papers, but they will be accepted based on their
treatment of existing work and value to the community, and not based
on any new research results they may contain. Accepted papers will be
presented at the symposium and included in the proceedings.  


The Symposium is also soliciting submissions for co-located
workshops. Further details on submissions can be found at .  

Important Dates

All deadlines are 23:59:59 EST (UTC-5).
Abstract submission deadline 	November 4, 2016  No Extensions
Paper submission deadline 	November 11, 2016  No Extensions
Early-reject notification and author appeal period 	January 13, 2017
Acceptance notification 	February 9, 2017
Camera-ready deadline 	TBD
Student Program Committee

Following a successful model used at last year's conference, as well
as other premier technical conferences, some paper submissions will be
reviewed by a "shadow PC" of students and junior researchers, this
year chaired by William Enck of North Carolina State University. For
more information see  

Instructions for Paper Submission

These instructions apply to both the research papers and
systematization of knowledge papers.

All submissions must be original work; the submitter must clearly
document any overlap with previously published or simultaneously
submitted papers from any of the authors. Failure to point out and
explain overlap will be grounds for rejection. Simultaneous submission
of the same paper to another venue with proceedings or a journal is
not allowed and will be grounds for automatic rejection. Contact the
program committee chairs if there are questions about this policy.

New this year: Submitted papers must submit an abstract by the
Abstract Deadline. This new process is designed to facilitate a faster
and more efficient bidding process. Only papers that have had
abstracts submitted by the deadline will be eligible for review.

Reviews from Prior Submissions (New this Year)
Based on USENIX Security 2015 CFP

The rapidly increasing number of papers being submitted to security
conferences has put a strain on both authors' and reviewers' time,
with both sides concerned about the implications on the fairness of
the process. Concerned reviewers worry that authors will give in to
the temptation to resubmit rejected papers without addressing prior
reviewers' concerns, hoping that different reviewers will lead to a
different outcome. Authors are concerned that reviewers who helped to
reject an earlier draft of a paper will not read an improved draft as
diligently as they would read an unfamiliar submission and may miss or
disregard improvements.

In the long-term, we aim to address these concerns by changing the submission process. (See the draft plan and discussion at In the short-term, for SP2017, authors may optionally document:

    the complete reviews they received from prior submission(s) and

    a page of up to 500 words documenting the improvements made since
    the prior submission(s)

Also starting this year, if a submission is derived in any way from a
submission submitted to another venue (conference, journal, etc.) in
the past twelve months, we require that the authors provide the name
of the most recent venue to which it was submitted. This information
will not be shared with reviewers. It will only be used (1) for
aggregate statistics to understand the percent of resubmissions among
the set of submitted (and accepted) papers; (2) at the Chairs'
discretion, to identify dual submissions and verify the accuracy of
prior reviews provided by authors regarding previously rejected

Early Rejection and Appeals

There will be no conventional rebuttal process. Papers that receive
substantially negative initial reviews will be rejected early. The
authors of early-rejected papers, and only such papers, will receive a
copy of their initial reviews. Authors who substantively disagree with
the reviews can appeal to the PC chairs. Authors' appeals must clearly
and explicitly identify concrete disagreements with factual statements
in the initial reviews that should be adjudicated by a special
arbitration reviewer who may be recruited by the PC chairs. Appealing
a submission that was rejected early will keep it under consideration,
and it cannot be withdrawn or resubmitted elsewhere until the final
notification of acceptance or rejection.

Anonymous Submission

Papers must be submitted in a form suitable for anonymous review: no
author names or affiliations may appear on the title page, and papers
should avoid revealing their identity in the text. When referring to
your previous work, do so in the third person, as though it were
written by someone else. Only blind the reference itself in the
(unusual) case that a third-person reference is
infeasible. Publication as a technical report or in an online
repository does not constitute a violation of this policy. Contact the
program chairs if you have any questions. Papers that are not properly
anonymized may be rejected without review.

Conflicts of Interest
Drawn from the ACM SIGMOD 2015 CFP

During submission of a research paper, the submission site will
request information about conflicts of interest of the paper's authors
with program committee (PC) members. It is the full responsibility of
all authors of a paper to identify all and only their potential
conflict-of-interest PC members, according to the following
definition. A paper author has a conflict of interest with a PC member
when and only when one or more of the following conditions holds:

    The PC member is a co-author of the paper.

    The PC member has been a co-worker in the same company or
    university within the past two years.

    The PC member has been a collaborator within the past two years.

    The PC member is or was the author's primary thesis advisor, no
    matter how long ago.

    The author is or was the PC member's primary thesis advisor, no
    matter how long ago.

    The PC member is a relative or close personal friend of the author.

Papers with incorrect or incomplete conflict of interest information
as of the submission closing time are subject to immediate rejection.

Human Subjects and Ethical Considerations
Drawn from the USENIX Security 2016 CFP

Submissions that describe experiments on human subjects, that analyze
data derived from human subjects (even anonymized data), or that
otherwise may put humans at risk should:

    Disclose whether the research received an approval or waiver from
    each of the authors' institutional ethics review boards (IRB) if

    Discuss steps taken to ensure that participants and others who
    might have been affected by an experiment were treated ethically
    and with respect.

If the submission deals with vulnerabilities (e.g., software
vulnerabilities in a given program or design weaknesses in a hardware
system), the authors need to discuss in detail the steps they have
taken or plan to take to address these vulnerabilities (e.g., by
disclosing vulnerabilities to the vendors). The same applies if the
submission deals with personal identifiable information (PII) or other
kinds of sensitive data. If a paper raises significant ethical and
legal concerns, it might be rejected based on these concerns.

Authors seeking ways to reduce the ethical risks of their experiments
may optionally consider reaching out to the Ethics Feedback Panel for
Networking and Security. The panel's mission is to help researchers
identify ethics-related risks, find prior research that provides
precedent or data to inform ethical decision making, to suggest ways
to improve experimental designs to reduce ethical risks, and provide
any other information that may assist the researchers in meeting their
ethical obligations. The best time to reach out to this panel is
before conducting your experiments, but they may be able to assist if
concerns arise during an experiment. Contact the program co-chairs if
you have any questions.  Page Limit and Formatting

Submitted papers may include up to 15 pages of text and up to 5 pages
for references and appendices, totaling no more than 20 pages. The
same applies to camera-ready papers, although, at the PC chairs'
discretion, additional pages may be allowed for references and
appendices. Reviewers are not required to read appendices.

Papers must be formatted for US letter (not A4) size paper. The text
must be formatted in a two-column layout, with columns no more than
9.5 in. tall and 3.5 in. wide. The text must be in Times font,
10-point or larger, with 11-point or larger line spacing. Authors are
encouraged to use the IEEE conference proceedings templates. LaTeX
submissions should use IEEEtran.cls version 1.8. All submissions will
be automatically checked for conformance to these
requirements. Failure to adhere to the page limit and formatting
requirements are grounds for rejection without review.  


Submissions must be in Portable Document Format (.pdf). Authors should
pay special attention to unusual fonts, images, and figures that might
create problems for reviewers. Your document should render correctly
in Adobe Reader 9 and when printed in black and white.  

Bulk Submissions

Special rules apply to all submissions by authors who submit more than
3 non-SoK papers. The title of every submission from such an author
must start with "BULK SUBMISSION:". If the paper has been previously
considered at other conferences, journals, or workshops, the submitted
version must include an appendix that lists:

    the year and full name of those venues,

    the complete set of reviews, and
    detailed description of the changes made since.

This appendix does not count towards the page limit. By their
submission, the authors of these papers acknowledge and accept that
the PC chairs may solicit further information about them (e.g., to
verify the contents of the appendix) and pass such information on to
the PC. Failure to comply with these rules will result in automatic
rejection of the bulk submissions without consideration.  

Conference Submission Server

Papers must be submitted at and may be
updated at any time until the submission deadline. The submission site
will open October 10, 2016.

Publication and Presentation

Authors are responsible for obtaining appropriate publication
clearances. One of the authors of the accepted paper is expected to
present the paper at the conference.

For more information, contact the program co-chairs at: if you have any questions.

Program Committee
Úlfar Erlingsson 	Google
Bryan Parno 	Microsoft Research
Michael Backes 	CISPA, Saarland University, and MPI-SWS
Davide Balzarotti 	EURECOM
Gilles Barthe 	IMDEA
Lujo Bauer 	CMU
Karthikeyan Bhargavan 	INRIA
Joseph Bonneau 	Stanford
Nikita Borisov 	UIUC
Herbert Bos 	VU University
Kevin Butler 	University of Florida
Srdjan Capkun 	ETH Zurich
Stephen Checkoway 	UIC
Haibo Chen 	SJTU
Manuel Costa 	MSR
Cas Cremers 	Oxford
Srini Devadas 	MIT
Tudor Dumitras 	University of Maryland
David Evans 	University of Virginia
Cedric Fournet 	MSR
Matt Fredrikson 	CMU
Roxana Geambasu 	Columbia
Saikat Guha 	MSR
Andreas Haeberlen 	University of Pennsylvania
Matthew Hicks 	University of Michigan
Michael Hicks 	University of Maryland
Jason Hong 	CMU
Amir Houmansadr 	UMass
Rob Johnson 	Stony Brook
Brent Kang 	KAIST
Brad Karp 	UCL
Jay Lorch 	MSR
Matteo Maffei 	CISPA Saarland
Sergio Maffeis 	Imperial
Michelle Mazurek 	University of Maryland
James Mickens 	Harvard
Andrew Miller 	UIUC
Ilya Mironov 	Google
Cristina Nita-Rotaru 	Northeastern
Alina Oprea 	Northeastern
Marcus Peinado 	MSR
Frank Piessens 	KU Leuven
Niels Provos 	Google
Mariana Raykova 	Yale
Franziska Roesner 	University of Washington
Ulrich Rührmair 	Munich
Andrei Sabelfeld 	Chalmers
Vyas Sekar 	CMU
Simha Sethumadhavan 	Chip Scan/Columbia
Nigel Smart 	University of Bristol
Alex Snoeren 	UCSD
Nikhil Swamy 	MSR
Gang Tan 	Penn State
Abhradeep Thakurta 	Apple
Kurt Thomas 	Google
Carmela Troncoso 	IMDEA
Giovanni Vigna 	UCSB
Bogdan Warinschi 	University of Bristol
Robert Watson 	Cambridge
Emmett Witchel 	UT Austin
Tao Xie 	UIUC
Yinqian Zhang 	Ohio State