Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:7/19/21

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


Digital Communications and Networks, Special Issue on Privacy Preserved Learning in Distributed Communication Systems, (Submission Due 15 August 2021) [posted here 5/3/21]
Guest Editors: Yipeng Zhou (Macquarie University, Australia), Keshav Sood (Deakin University, Australia), Abderrahim Benslimane (The Avignon University, France), and Shui Yu (University of Technology Sydney, Australia)

Recently, we have witnessed wide use of machine learning techniques in large-scale, distributed communication systems. These techniques empower the development of various intelligent applications, such as face recognition by distributed cameras, healthcare in Internet of Things (IoT) networks and object detection by moving vehicles/drones. However, concerns over security and privacy, especially the risk of data leakage, have proved critical barriers for extensive applications of machine learning in distributed communication systems. For example, the data curators collecting information from participating users may not be reliable. In addition, systems could be hacked. Given the complexity and scale of modern distributed communication systems, innovative research is urgently required to improve existing privacy protections, and discover new mathematical tools and techniques. This special issue will feature theoretical foundations and empirical studies on data privacy in distributed communication systems.


For more information, please see http://www.keaipublishing.com/en/journals/digital-communications-and-networks/call-for-papers/si-on-privacy-preserved-learning-in-distributed/.

Elsevier Computers & Security, Special Issue on Managing Multi-Party, Interdependent Privacy Risks, (Submission Due 15 August 2021) [posted here 6/28/21]
Guest Editors: Gergely Biczók (Budapest University of Technology and Economics, Hungary), Kevin Huguenin (University of Lausanne, Switzerland), Mathias Humbert (Cyber-Defence Campus, Switzerland), and Jens Grossklags (Technical University of Munich, Germany)

Privacy is a complex affair. One important facet of this complexity emerges via the many types of inherent connections among individuals, and, therefore, their personal data. These connections include friendship relations, geographic co-locations, familial ties, and many more. Given this interconnectedness, a person’s own privacy is not only affected by her own decisions but also by those of others, giving rise to the phenomenon referred to as interdependent privacy. Under interdependent privacy, personal information is shared without the knowledge and/or direct consent of the data subject. In economic terms, an externality arises that influences the welfare of the data subject negatively without a compensation being offered. In addition to being a fertile ground for academic study, interdependent privacy does have significant real impact on our everyday lives as evidenced by, e.g., the Cambridge Analytica debacle. Therefore, it is paramount that we discover further areas where interdependent privacy can emerge, to qualitatively understand its expressions and to quantify its impact. But we also need to offer concrete solution approaches to manage interdependent privacy in existing applications, and to apply engineering principles (such as privacy-by-design) to avoid its occurrence in future networked systems. Design choices at the provider-level are critical in further heightening the impact of interdependent privacy as the Cambridge Analytica scandal vividly illustrated. The purpose of this special issue in COSE is two-fold: (i) to build a unified and multidisciplinary research community around interdependent privacy that is currently scattered across research fields, such as privacy enhancing technologies, information systems, economics, marketing and data protection law; and (ii) to gather the latest advances in interdependent privacy research and to disseminate new ideas and results in this emerging field to a broad computing audience. We encourage the submission of papers from different scientific disciplines and multidisciplinary work covering new theoretical and experimental/empirical insights, policy research, and systems research on countermeasures with a dedicated focus on interdependent privacy. For submissions not primarily rooted in computing, authors should make an honest effort to relate their contribution to the technical/system design aspects of interdependent privacy.


For more information, please see https://www.journals.elsevier.com/computers-and-security/call-for-papers/managing-multi-party.

Elsevier Online Social Networks and Media, Special Issue on Information and Opinion Diffusion in Online Social Networks and Media, (Submission Due 31 August 2021) [posted here 6/28/21]
Guest Editors: Marco Conti (IIT-CNR, Italy) and Andrea Passarella (IIT-CNR, Italy)

Information diffusion in Online Social Networks and Media (OSNEM) has a major role, among many others, for recommendation systems, advertising, and political campaigns. Moverover, the way information circulates in OSNEM impacts on the formation of opinions and on the social roles of users and their influence on others. The OSNEM role in information and opinion diffusion has dramatically increased since the emergence of the COVID-19 pandemic, with many physical activities being "migrated" to the online world. OSNEM are extensively used for spreading information, opinions and ideas, but also to propagate fake news and rumors and these threats to trust in information are posing even more serious socio-economic challenges during the pandemic. Therefore, prevention of spam, bots and fake accounts, information leakage, trustworthiness of information and trust between users are relevant research issues associated with information diffusion. Investigating ways through which information and opinion spread can be controlled (e.g., by modifying the underlying network structure) is also fundamental. This special issue seeks contributions pushing the state of the art in all facets of information and opinion diffusion in Online Social Networks and Media. We solicit manuscripts where quantitative and/or data-driven approach is used to investigate information and opinion diffusion in OSNEM.


For more information, please see https://www.journals.elsevier.com/online-social-networks-and-media/call-for-papers/online-social-networks-and-media.

Secure Smart World, Special Issue on Concurrency and Computation: Practice and Experience, (Submission Due 1 September 2021) [posted here 5/17/21]
Guest Editors: Guojun Wang (Guangzhou University, China), Qin Liu (Hunan University, China), Richard Hill (University of Huddersfield, UK), and Jiankun Hu (The University of New South Wales, Australia)

This smart world is set to be the next important stage in human history, where numerous smart things communicate and collaborate so that many tasks and processes could be simplified, more efficient, and enjoyable. As the cornerstone technologies enabling a smart world, Internet of things (IoT) and artificial intelligence (AI) have been interacting with each other to stitch everything smart towards smart life. However, a myriad of sensitive data is generated, processed, and exchanged through the IoT devices and AI technologies, one of the fundamental problems is how to organically integrate IoT and AI to provide intelligent services in smart world without compromising security and privacy. This special issue aims to bring together researchers and practitioners in IoT, AI, and network security to share their novel ideas and latest findings to show how IoT and AI can work together to enable a secure smart world.

This special issue will tackle the enabling technologies of a smart world. Original research articles are solicited, which include (but not limited to), the following topics:
- Novel IoT devices and infrastructure platforms in secure smart worlds
- Trust evaluation and management in smart worlds
- Secure smart city applications, including secure IoT/AI applications
- Authentication and access control in secure smart worlds
- Secure policies, models and architectures for IoT and AI
- Novel cryptographic mechanisms for IoT and AI
- Threat intelligence for IoT and AI
- Intrusion detection theories and techniques for IoT and AI
- Secure experiments, test-beds and prototyping systems for IoT and AI
- Software security for IoT and AI
- Secure communication technologies and their optimisation for IoT
- Secure multi-party computation techniques for ML
- Privacy-preserving ML
- Adaptive side-channel attacks
- Security and privacy in data mining and analytics
- Event alert and prediction in smart world
- Privacy and anonymity techniques for IoT and AI
- Security protocols for IoT and AI
- Privacy-preserving crowdsensing
- Biometrics security

For more information, please see https://onlinelibrary.wiley.com/pb-assets/assets/15320634/Secure%20Smart%20World%20SI%202.0%20-1620390879547.pdf.

International Journal of Ad Hoc and Ubiquitous Computing, Special Issue on Recent Advances in Wearable Devices for Emerging Expert Systems, (Submission Due 30 October 2021) [posted here 2/1/21]
Guest Editors: Maheswar Rajagopal (VIT Bhopal University, India) and Jaime Lloret (Universidad Politecnica de Valencia, Spain).

Wearable devices are electronic devices worn by consumers ubiquitously and continually to capture or track biometric information related to health or fitness. Wearable devices range from smartwatches and fitness trackers to virtual reality (VR) headsets, physiological and real-time health monitoring, navigation systems, advanced textiles, military personnel wear and so on. Research into wearable devices a hot area, specifically for researchers working in personal and ubiquitous computing. Several challenges with wearable devices exist due to limited display area, battery life, renewable battery power, miniaturisation and integration, safety, security and privacy. Further important issues include reliability, software bugs and failure modes. But advancements in electronic product design, fabrication techniques, artificial intelligence, machine learning, deep learning and signal processing techniques facilitate the overcoming of the aforementioned challenging issues. Numerous research projects are in progress to provide solutions for limited memory, battery size, device shapes, data reliability, security concerns, and communication and networking protocols.

This special issue is primarily focused on wearable devices in terms of different sensing mechanisms, materials for sensing (including energy harvesting) and how artificial intelligence, machine learning, deep learning and signal processing can be employed for ubiquitous computing in wearable devices. Suitable topics include, but are not limited, to the following:
- Physical layer design in wearable devices
- Interfacing circuits for wearable devices
- Antennas for wearable devices
- Networking algorithms and protocols for wearable devices
- Device to device (D2D) communication protocols for wearable devices
- Cross-layer design issues in wearable devices
- Mobility effects in wearable devices
- Channel interference issues in wearable device networks
- RFID technology in wearable devices
- Integration of wearable and medical sensors with network infrastructures
- Energy harvesting and optimisation in wearable devices
- Security and privacy issues in wearable devices
- Reliability issues in wearable devices
- Intelligent and expert systems for wearable devices
- Information fusion for wearable devices
- Health data privacy in wearable devices
- Modelling and simulation of wearable device network

For more information, please see https://www.researchgate.net/publication/350387566_CFP_International_Journal_of_Ad_Hoc_and_Ubiquitous_Computing_Special_Issue_on_Recent_Advances_in_Wearable_Devices_for_Emerging_Expert_Systems.

Conference and Workshop Call-for-papers

July 2021

NDSS 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 21 May 2021 and 23 July 2021) [posted here 5/24/21]
The Network and Distributed System Security Symposium (NDSS) is a top venue that fosters information exchange among researchers and practitioners of computer, network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of practical security technologies.

Technical papers and panel proposals are solicited. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2022. The Proceedings will be made freely accessible from the Internet Society web pages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent.

For more information, please see https://www.ndss-symposium.org/ndss2022/call-for-papers/.

ASHES 2021 5th Workshop on Attacks and Solutions in Hardware Security, Co-located with ACM CCS 2021, Seoul, South Korea, November 19, 2021. (Submission Due 23 July 2021) [posted here 7/12/21]
ASHES deals with any aspects of hardware security, and welcomes any contributions in this area, including practical, implementation-related, or theoretical works. Among others, ASHES particularly highlights emerging methods and application areas. This includes new attack vectors, novel designs and materials, lightweight security primitives, nanotechnology, and PUFs on the methodological side, as well as the internet of things, automotive security, smart homes, pervasive and wearable computing on the applications side.

For more information, please see http://ashesworkshop.org/.

CCSW 2021 ACM Cloud Computing Security Workshop, Co-located with ACM CCS 2021, Seoul, South Korea, November 14, 2021. (Submission Due 26 July 2021) [posted here 6/14/21]
Clouds and massive-scale computing infrastructures are starting to dominate computing and will likely continue to do so for the foreseeable future. Major cloud operators are now comprising millions of cores hosting substantial fractions of corporate and government IT infrastructure. CCSW is the world's premier forum bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including but not limited to:
- side channel attacks
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
- machine learning for cloud protection

For more information, please see https://ccsw.io.

AsianHOST 2021 Asian Hardware Oriented Security and Trust Symposium, Pudong, Shanghai, China, December 16-18, 2021. (Submission Due 26 July 2021) [posted here 6/21/21]
Historically, cybersecurity community believed that the underlying hardware is secure and trustworthy. However, the globalization of the IC supply chain invalidates the illusion of an isolated and trusted supply chain; the wide connection of computing devices also exposes new and powerful attack surfaces. Heavy reliance on third-party resources/services renders hardware security and trust a concern. With the advances in artificial intelligence and internet of things, the threat landscape is evolving with relentless new problems and challenges awaiting the hardware security community to address. Multi-disciplinary research and multi-pronged approaches are sought for the development of fully operational software and hardware platforms with enhanced security targeting different phases in the entire IC life cycle. Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware.

For more information, please see http://asianhost.org/2021/.

WPES 2021 20th Workshop on Privacy in the Electronic Society, Co-located with ACM CCS 2021, Seoul, South Korea, November 15, 2021. (Submission Due 27 July 2021) [posted here 5/24/21]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2021 Workshop, held in conjunction with the ACM CCS conference, is the twentieth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.

For more information, please see http://wpes2021.di.unimi.it.

August 2021

SP 2022 43rd IEEE Symposium on Security and Privacy, May 22-26, 2022. (Submission Due 15 April 2021, 19 August 2021, and 2 December 2021) [posted here 5/24/21]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include:
- Applied cryptography
- Attacks with novel insights, techniques, or results
- Authentication, access control, and authorization
- Blockchains and distributed ledger security
- Cloud computing security
- Cyber physical systems security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Formal methods and verification
- Hardware security
- Hate, Harassment, and Online Abuse
- Intrusion detection and prevention
- Machine learning and computer security
- Malware and unwanted software
- Network security
- Operating systems security
- Privacy-enhancing technologies, anonymity, and censorship
- Program and binary analysis
- Protocol security
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Security foundations
- Systems security
- Usable security and privacy
- Web security
- Wireless and mobile security/privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/. Ethical Considerations for Vulnerability Disclosure: Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions. Ethical Considerations for Human Subjects Research: Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
- Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
- Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

For more information, please see https://www.ieee-security.org/TC/SP2022/cfpapers.html.

September 2021

DependSys 2021 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, Haikou, China, December 17-19, 2021. (Submission Due 1 September 2021) [posted here 7/12/21]
DependSys 2021 conference provides a forum for individuals, academics, practitioners, and organizations who are developing or procuring sophisticated computer systems on whose dependability of services they need to place great confidence. Future systems need to close the dependability gap in face of challenges in different circumstances. The emphasis will be on differing properties of such services, e.g., continuity, effective performance, real-time responsiveness, ability to overcome data fault, corruption, anomaly, ability to avoid catastrophic failures, prevention of deliberate privacy intrusions, reliability, availability, sustainability, adaptability, heterogeneity, security, safety, and so on.

For more information, please see http://www.ieee-cybermatics.org/2021/dependsys/.

Euro S&P 2022 7th IEEE European Symposium on Security and Privacy, Genoa, Italy, June 6 - 10, 2022. (Submission Due 22 September 2021) [posted here 7/19/21]
The IEEE European Symposium on Security and Privacy (Euro S&P) is the European sibling conference of the IEEE Symposium on Security and Privacy (“Oakland”) conference. It is a premier forum for computer security and privacy research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in security or privacy, as well as Systematization of Knowledge papers that systematize previous results. EuroS&P is interested in all aspects of applied computer security and privacy. We especially encourage papers that are far-reaching and risky, provided those papers show sufficient promise for creating interesting discussions and usefully questioning widely-held beliefs. This year we are expanding the scope of the symposium to include economic, ethical, legal, and social aspects and interdependencies of computer security and privacy, and especially encourage submissions that address global aspects of computer security and privacy, including issues particular to parts of the world and communities that are often neglected. We are including experts in these areas in the program committee to ensure that such papers will receive high-quality reviews from well-qualified reviewers.

For more information, please see https://www.ieee-security.org/TC/EuroSP2022/cfp.html.

October 2021

USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 8 June 2021, 12 October 2021, and 1 February 2022) [posted here 5/24/21]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- System security
- Network security
- Security analysis
- Machine learning security and privacy
- Data-driven security and measurement studies
- Privacy-enhancing technologies and anonymity
- Usable security and privacy
- Language-based security
- Hardware security
- Research on surveillance and censorship
- Social issues and security
- Applications of cryptography

For more information, please see https://www.usenix.org/conference/usenixsecurity22/call-for-papers.

IFIP 11.9 Digital Forensics 2022 18th Annual IFIP WG 11.9 International Conference on Digital Forensics, New Delhi, India, January 3-5, 2022. (Submission Due 15 October 2021) [posted here 7/19/21]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Eighteenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Enterprise and cloud forensics
- Embedded device forensics
- Internet of Things forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics
For more information, please see http://www.ifip119.org/Conferences/WG11-9-CFP-2022.pdf.

November 2021
December 2021

SP 2022 43rd IEEE Symposium on Security and Privacy, May 22-26, 2022. (Submission Due 15 April 2021, 19 August 2021, and 2 December 2021) [posted here 5/24/21]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include:
- Applied cryptography
- Attacks with novel insights, techniques, or results
- Authentication, access control, and authorization
- Blockchains and distributed ledger security
- Cloud computing security
- Cyber physical systems security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Formal methods and verification
- Hardware security
- Hate, Harassment, and Online Abuse
- Intrusion detection and prevention
- Machine learning and computer security
- Malware and unwanted software
- Network security
- Operating systems security
- Privacy-enhancing technologies, anonymity, and censorship
- Program and binary analysis
- Protocol security
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Security foundations
- Systems security
- Usable security and privacy
- Web security
- Wireless and mobile security/privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/. Ethical Considerations for Vulnerability Disclosure: Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions. Ethical Considerations for Human Subjects Research: Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
- Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
- Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

For more information, please see https://www.ieee-security.org/TC/SP2022/cfpapers.html.

January 2022
February 2022

USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 8 June 2021, 12 October 2021, and 1 February 2022) [posted here 5/24/21]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- System security
- Network security
- Security analysis
- Machine learning security and privacy
- Data-driven security and measurement studies
- Privacy-enhancing technologies and anonymity
- Usable security and privacy
- Language-based security
- Hardware security
- Research on surveillance and censorship
- Social issues and security
- Applications of cryptography

For more information, please see https://www.usenix.org/conference/usenixsecurity22/call-for-papers.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.