MAY 20-23, 2024 AT THE HILTON SAN FRANCISCO UNION SQUARE, SAN FRANCISCO, CA 45th IEEE Symposium on Security and Privacy https://sp2024.ieee-security.org/cfpapers.html Sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research Call For Papers Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include: Applied cryptography Attacks with novel insights, techniques, or results Authentication, access control, and authorization Blockchains and distributed ledger security Cloud computing security Cyber physical systems security Distributed systems security Economics of security and privacy Embedded systems security Formal methods and verification Hardware security Hate, Harassment, and Online Abuse Human-centered security and privacy Intrusion detection and prevention Machine learning and computer security Malware and unwanted software Network security and measurement Operating systems security Privacy-enhancing technologies, anonymity, and censorship Program and binary analysis Protocol security Security and privacy metrics Security and privacy policies Security architectures Security for at-risk populations Software supply chain security Systems security User studies for security and privacy Web security and privacy Wireless and mobile security/privacy This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/. Submission Deadlines & Decisions (Important Updates) Similar to 2023, there will be three submission deadlines this year. For each submission, one of the following decisions will be made: Accept : Papers in this category will be accepted for publication in the proceedings and presentation at the conference. Within one month of acceptance, all accepted papers must submit a camera-ready copy incorporating reviewer feedback. The papers will immediately be published, open access, in the Computer Society's Digital Library, and they may be cited as "To appear in the IEEE Symposium on Security & Privacy, May 2024". Reject : Papers in this category are declined for inclusion in the conference. Rejected papers must wait for one year, from the date of original submission, to resubmit to IEEE S&P. A paper will be judged to be a resubmit (as opposed to a new submission) if the paper is from the same or similar authors, and a reviewer could write a substantially similar summary of the paper compared with the original submission. As a rule of thumb, if there is more than 40% overlap between the original submission and the new paper, it will be considered a resubmission. Public Meta-Reviews: All accepted papers will be published alongside a meta-review (< 500 words) that lists (a) the reasons the PC decided to accept the paper and (b) concerns the PC has with the paper. Authors will be given the option to write a response to the meta-review (< 500 words) which will be published as part of the meta-review. Authors will be given a draft meta-review at the time of acceptance. Authors will be given the option of addressing some or all of the concerns within one review cycle. A shepherd will remove concerns from the meta-review if they are sufficiently addressed by the revisions. Authors of papers accepted to the third submission cycle will be given the option to have their paper appear in the 2025 proceedings if they are not able to complete revisions in time for the final camera ready deadline. The goal of this process is to provide greater transparency and to better scope change requests made by reviewers. More information about the reasons behind this change can be found here. Re-Submission of Major Revisions from Prior Years: Authors resubmitting papers that received Major Revision decisions in 2023 will also be published with the public meta-reviews as described above. More information about the reasons behind the above changes can be found here: https://sp2024.ieee-security.org/changes-cfp.html Important Dates All deadlines are 23:59:59 AoE (UTC-12). First deadline Paper submission deadline: April 13, 2023 Early-reject notification: May 22, 2023 Rebuttal period (interactive): June 19 - June 30, 2023 Rebuttal text due: June 26, 2023 Acceptance notification: July 10, 2023 Camera-ready deadline: August 18, 2023 Second deadline Paper submission deadline: August 3, 2023 Early-reject notification: September 11, 2023 Rebuttal period (interactive): October 9 - October 20, 2023 Rebuttal text due: October 16, 2023 Acceptance notification: October 27, 2023 Camera-ready deadline: December 8, 2023 Third deadline Paper submission deadline: December 6, 2023 Early-reject notification: January 22, 2024 Rebuttal period (interactive): February 19 - March 1, 2024 Rebuttal text due: February 26, 2024 Acceptance notification: March 8, 2024 Camera-ready deadline: April 19, 2024 (see https://sp2024.ieee-security.org/cfpapers.html for all requirements and caveats for paper submittion) Program Committee PC Chairs Patrick Traynor University of Florida William Enck North Carolina State University Associate Chairs Aanjhan Ranganathan Northeastern University Adam Bates University of Illinois Urbana-Champaign Andrew Paverd Microsoft Hamed Okhravi MIT Lincoln Laboratory Matt Fredrikson Carnegie Mellon University Matteo Maffei TU Wein Micah Sherr Georgetown University Sascha Fahl CISPA Tiffany Bao Arizona State University Yuan Tian University of California, Los Angelos REC Chair René Mayrhofer Johannes Kepler University Linz PC Members Abbas Acar Florida International University AbdelRahman Abdou Carleton University Abhishek Jain Johns Hopkins University Adam Oest Paypal, Inc. Adam Doupé Arizona State University Adam Bates University of Illinois at Urbana-Champaign Adwait Nadkarni William & Mary Ajith Suresh Technology Innovation Institute (TII) Alena Naiakshina Ruhr University Bochum Alessandra Scafuro NCSU Alexander Block Georgetown University & University of Maryland, College Park Alfred Chen University of California, Irvine Alina Oprea Northeastern University Allison McDonald Boston University Amit Kumar Sikder Georgia Institute of Technology Andrei Sabelfeld Chalmers University of Technology Ang Chen Rice University Angelos Stavrou Virginia Tech Aniket Kate Purdue University / Supra Anindya Maiti University of Oklahoma Anupam Das North Carolina State University Apu Kapadia Indiana University Bloomington Aravind Machiry Purdue University Aurélien Francillon EURECOM Ben Stock CISPA Helmholtz Center for Information Security Benjamin Ujcich Georgetown University Benjamin Dowling The University of Sheffield Blaine Hoak University of Wisconsin-Madison Blase Ur University of Chicago Bogdan Groza Universitatea Politehnica Timisoara Brad Reaves North Carolina State University Brendan Saltaformaggio Georgia Tech Byoungyoung Lee Seoul National University Carrie Gates Bank of America Carter Yagemann The Ohio State University Casey Meehan Vector Institute Chaowei Xiao Arizona State University Chengyu Song UC Riverside Christian Wressnegger Karlsruhe Institute of Technology (KIT) Christian Peeters Harbor Labs Christina Garman Purdue University Christina Pöpper New York University Abu Dhabi Christopher A. Choquette-Choo Google Research, Brain Team Claudio Soriente NEC laboratories Europe Cristian-Alexandru Staicu CISPA Helmholtz Center for Information Security Daniel Genkin Georgia Tech Daniel Votipka Tufts University Dave (Jing) Tian Purdue University David Barrera Carleton University David Cash University of Chicago Debajyoti Das KU Leuven Deepak Kumar Stanford University Derrick McKee MIT Lincoln Laboratory Dimitrios Papadopoulos The Hong Kong University of Science and Technology Dominik Wermke CISPA Drew Davidson University of Kansas Earlence Fernandes UC San Diego Eleonora Losiouk University of Padua Emily Wenger University of Chicago and Meta AI Eric Pauley University of Wisconsin-Madison Ethan Cecchetti University of Maryland / University of Wisconsin - Madison Evgenios Kornaropoulos George Mason University Eyal Ronen Tel Aviv University Eyal Ronen Tel Aviv University Fabio Pierazzi King's College London Faysal Shezan University of Texas at Arlington Fengwei Zhang Southern University of Science and Technology (SUStech) Florian Schaub University of Michigan Florian Kerschbaum University of Waterloo Florian Tramèr ETH Zürich Fnu Suya University of Maryland Frank Li Georgia Institute of Technology Frank Piessens KU Leuven Franziska Boenisch Vector Institute Furkan Alaca Queen's University Gang Wang University of Illinois at Urbana-Champaign Gary Tan The Pennsylvania State University Georgios Portokalidis IMDEA Software Institute Ghassan Karame Ruhr-University Bochum Giancarlo Pellegrino CISPA Helmholtz Center for Information Security Giovanni Camurati ETH Zurich Grant Ho UCSD and UChicago Guevara Noubir Northeastern University Guillermo Suarez-Tangil IMDEA Networks Institute Habiba Farrukh Purdue University Hang Zhang Georgia Institute of Technology Haya Shulman Goethe-Universität Frankfurt | Fraunhofer SIT | ATHENE Heather Zheng University of Chicago Heng Yin University of California Riverside Hovav Shacham The University of Texas at Austin Hyungjoon Koo Sungkyunkwan University Insu Yun KAIST Ioana Boureanu Univ. of Surrey, Surrey Centre for Cybersecurity Jason Nieh Columbia University Jeremiah Blocki Purdue University Jianjun Chen Tsinghua University Jiarong Xing Rice University Jiska Classen TU Darmstadt, SEEMOO Johanna Ullrich SBA Research/University of Vienna Jon McCune Google LLC Jun Han Yonsei University Kangjie Lu University of Minnesota Karen Sowon Postdoctoral research associate, Carnegie Mellon University Kartik Nayak Duke University Kassem Fawaz University of Wisconsin-Madison Kavita Kumari Technical University of Darmstadt Kelsey Fulton Colorado School of Mines Kevin Borgolte Ruhr University Bochum Kevin Butler University of Florida Kexin Pei Columbia University Kovila P.L. Coopamootoo King's College London Lejla Batina Radboud University Leonardo Babun Johns Hopkins Applied Physics Laboratory Liang Wang Princeton University Lianying Zhao Carleton University Liqun Chen University of Surrey Liz Izhikevich Stanford University Luis Vargas Harbor Labs Lujo Bauer Carnegie Mellon University Mahmood Sharif Tel Aviv University Marco Squarcina TU Wien Mariana Raykova Google Markus Miettinen Technical University of Darmstadt Marshini Chetty University of Chicago Mathy Vanhoef KU Leuven Matthew Lentz Duke University Mauro Conti University of Padua Michael Reiter Duke University Michael Waidner Technische Universität Darmstadt Michail Maniatakos NYU Abu Dhabi Michalis Polychronakis Stony Brook University Mridula Singh CISPA Helmholtz Center for Information Security Murtuza Jadliwala University of Texas at San Antonio Nick Nikiforakis Stony Brook University Nicolas Papernot University of Toronto and Vector Institute and Google Nikita Borisov University of Illinois at Urbana-Champaign Nikos Vasilakis Brown University Ning Zhang Washington University in St. Louis Noel Warford University of Maryland Olivier Levillain Télécom SudParis Olya Ohrimenko The University of Melbourne Omar Chowdhury Stony Brook University Omer Akgul University of Maryland Panos Papadimitratos KTH Royal Institute of Technology Pardis Emami-Naeini Duke University Patrick McDaniel University of Wisconsin-Madison Paul Pearce Georgia Institute of Technology Paul Martin Harbor Labs Peter Snyder Brave Software Pratyush Mishra University of Pennsylvania Qiushi Wu University of Minnesota Quinn Burke University of Wisconsin-Madison Rahul Chatterjee University of Wisconsin-Madison Rakibul Hasan Arizona State University Ramakrishnan Sundara Raman University of Michigan Ramya Jayaram Masti Ampere Computing Reza Shokri National University of Singapore Ruoyu “Fish” Wang Arizona State University Ryan Wails Georgetown University & U.S. Naval Research Laboratory Ryan Sheatsley University of Wisconsin-Madison Saba Eskandarian University of North Carolina at Chapel Hill Saman Zonouz Georgia Tech Santiago Torres-Arias Purdue University Sara Rampazzi University of Florida Sathvik Prasad North Carolina State University Sazzadur Rahaman University of Arizona Sebastian Roth TU Wien Selcuk Uluagac Florida International University Serge Egelman UC Berkeley / ICSI / AppCensus, Inc. Shamaria Engram MIT Lincoln Laboratory Shitong Zhu Meta Platforms, Inc. Shruti Tople Microsoft Shuai Wang HKUST Sisi Duan Tsinghua University Sofia Celi Brave Software Soheil Khodayari CISPA Helmholtz Center for Information Security Srdjan Capkun ETH Zurich Suman Jana Columbia University Sunil Manandhar IBM Research Sven Bugiel CISPA Helmholtz Center for Information Security Sze Yiu Chau The Chinese University of Hong Kong Takeshi Sugawara The University of Electro-Communications Tianhao Wang University of Virginia Tobias Fiebig Max-Planck-Institut für Informatik Tushar Jois Johns Hopkins University Tyler Kaczmarek MIT Lincoln Laboratory Vasileios Kemerlis Brown University Vincent Bindschaedler University of Florida Vipul Goyal NTT Research and CMU Wajih Ul Hassan University of Virginia Wei Meng The Chinese University of Hong Kong Weiteng Chen Microsoft Research, Redmond Wenjing Lou Virginia Tech William Robertson Northeastern University Xiaojing Liao Indiana University Bloomington Xiapu Luo The Hong Kong Polytechnic University Xinlei He CISPA Helmholtz Center for Information Security Xusheng Xiao Arizona State University Yan Chen Northwestern University Yang Zhang CISPA Helmholtz Center for Information Security Yanick Fratantonio Google Yasemin Acar Paderborn University & George Washington University Yasemin Acar Paderborn University Yinzhi Cao Johns Hopkins University Yixin Sun University of Virginia Yongdae Kim KAIST Yuval Yarom University of Adelaide Z. Berkay Celik Purdue University Zakir Durumeric Stanford University Zane Ma Georgia Institute of Technology Zhen Huang DePaul University Zhiqiang Lin Ohio State University Zhiyun Qian University of California, Riverside Ziqiao Zhou Microsoft Research