Cipher
Calls for Papers



IEEE Computer Society's Technical Committee on Security and Privacy


 

Last Modified:5/31/21

Note: Please send new calls to cipher-cfp@ieee-security.org and take a moment to read the submission guidelines. And please see the Cipher Calendar for events sorted in date order. For all other questions, please contact cipher-cfp@ieee-security.org by email.

Contents

 

Special Issues of Journals and Handbooks


IEEE Security & Privacy, Special Issue on Security and Privacy Issues of Home Globalization, (Submission Due 31 May 2021) [posted here 5/17/21]
Guest Editors: Luca Caviglione (IMATI, National Research Council of Italy, Italy), Steffen Wendzel (Worms University of Applied Sciences & Fraunhofer FKIE, Germany), Simon Vrhovec (University of Maribor, Slovenia), and Aleksandra Mileva (University Goce Delcev, Republic of N. Macedonia)

In recent years, people have been reshaping their homes into smart homes by using a wide array of home-based Internet of Things (IoT) devices, including inter-connected lights, locks, sensors, actuators, wearables, and appliances accessible through the Internet and controlled locally (e.g., via voice) or remotely (e.g., via mobile phone). These smart home devices are complemented by laptops, mobile phones, game consoles, electronical health equipment, and many other consumer IoT nodes, which are constantly used at home for work, pleasure, health, and entertainment, just to mention the most common purposes. The emerging pervasiveness of IoT technologies is transforming homes into globalized homes in which devices supporting everyday activities can be accessed from anywhere. Although home globalization has its benefits, it also covertly renders homes more insecure and less private places where individuals are exposed to more and more varying threats from the outside world. Despite the benefits, home globalization and the used technologies have led to many security threats and privacy breaches. In fact, home-based IoT technologies at the basis of globalized homes are becoming prone to abuses including adaptations of well-known cyber-attacks leveraging the variety of data and devices populating modern apartments and houses. In addition, both home-based and consumer IoT frameworks collect and manage information that is tightly coupled with the everyday life of individuals and can thus be considered a source of sensitive data that is of interest for profiling or reconnaissance attempts. Therefore, the resulting home globalization requires us to face new threats and risks leading to different challenges. In fact, modern homes are technologically balkanized with services provided via different technologies (IEEE 802.15.4, home/consumer IoT, voice-based assistants) and by multiple vendors (device and software) often by using a cloud- or fog-based scheme. Additional challenges stem from the relatively covert introduction of new risks during home globalization, as people tend to put more focus on functionalities of new smart devices than the security and privacy implications of their use. In this perspective, enforcing security and privacy in such a scenario requires rethinking and developing new defenses and solutions, as well as addressing new social challenges for law enforcement agencies, policy makers, and forensics professionals. This special issue aims at collecting the most relevant ongoing research efforts in the security and privacy field concerning home globalization. Topics include, but are not limited to:
- Security management of home-based and consumer IoT
- Network security of globalized homes
- Adoption of cybersecurity measures in globalized homes, including child safety
- Surveillance, interception, blocking, and sovereignty in home-based IoT environments
- De-anonymization, AI-based social inference, integrity, and privacy leaks
- Stealth communication, information hiding threats, and their detection in home-based IoT environments
- Cybercrime investigation, law, jurisdiction, and ethics in home-based IoT environments

For more information, please see https://www.computer.org/digital-library/magazines/sp/call-for-papers-special-issue-on-security-and-privacy-issues-of-home-globalization.

Digital Communications and Networks, Special Issue on Privacy Preserved Learning in Distributed Communication Systems, (Submission Due 15 August 2021) [posted here 5/3/21]
Guest Editors: Yipeng Zhou (Macquarie University, Australia), Keshav Sood (Deakin University, Australia), Abderrahim Benslimane (The Avignon University, France), and Shui Yu (University of Technology Sydney, Australia)

Recently, we have witnessed wide use of machine learning techniques in large-scale, distributed communication systems. These techniques empower the development of various intelligent applications, such as face recognition by distributed cameras, healthcare in Internet of Things (IoT) networks and object detection by moving vehicles/drones. However, concerns over security and privacy, especially the risk of data leakage, have proved critical barriers for extensive applications of machine learning in distributed communication systems. For example, the data curators collecting information from participating users may not be reliable. In addition, systems could be hacked. Given the complexity and scale of modern distributed communication systems, innovative research is urgently required to improve existing privacy protections, and discover new mathematical tools and techniques. This special issue will feature theoretical foundations and empirical studies on data privacy in distributed communication systems.


For more information, please see http://www.keaipublishing.com/en/journals/digital-communications-and-networks/call-for-papers/si-on-privacy-preserved-learning-in-distributed/.

Secure Smart World, Special Issue on Concurrency and Computation: Practice and Experience, (Submission Due 1 September 2021) [posted here 5/17/21]
Guest Editors: Guojun Wang (Guangzhou University, China), Qin Liu (Hunan University, China), Richard Hill (University of Huddersfield, UK), and Jiankun Hu (The University of New South Wales, Australia)

This smart world is set to be the next important stage in human history, where numerous smart things communicate and collaborate so that many tasks and processes could be simplified, more efficient, and enjoyable. As the cornerstone technologies enabling a smart world, Internet of things (IoT) and artificial intelligence (AI) have been interacting with each other to stitch everything smart towards smart life. However, a myriad of sensitive data is generated, processed, and exchanged through the IoT devices and AI technologies, one of the fundamental problems is how to organically integrate IoT and AI to provide intelligent services in smart world without compromising security and privacy. This special issue aims to bring together researchers and practitioners in IoT, AI, and network security to share their novel ideas and latest findings to show how IoT and AI can work together to enable a secure smart world.

This special issue will tackle the enabling technologies of a smart world. Original research articles are solicited, which include (but not limited to), the following topics:
- Novel IoT devices and infrastructure platforms in secure smart worlds
- Trust evaluation and management in smart worlds
- Secure smart city applications, including secure IoT/AI applications
- Authentication and access control in secure smart worlds
- Secure policies, models and architectures for IoT and AI
- Novel cryptographic mechanisms for IoT and AI
- Threat intelligence for IoT and AI
- Intrusion detection theories and techniques for IoT and AI
- Secure experiments, test-beds and prototyping systems for IoT and AI
- Software security for IoT and AI
- Secure communication technologies and their optimisation for IoT
- Secure multi-party computation techniques for ML
- Privacy-preserving ML
- Adaptive side-channel attacks
- Security and privacy in data mining and analytics
- Event alert and prediction in smart world
- Privacy and anonymity techniques for IoT and AI
- Security protocols for IoT and AI
- Privacy-preserving crowdsensing
- Biometrics security

For more information, please see https://onlinelibrary.wiley.com/pb-assets/assets/15320634/Secure%20Smart%20World%20SI%202.0%20-1620390879547.pdf.

International Journal of Ad Hoc and Ubiquitous Computing, Special Issue on Recent Advances in Wearable Devices for Emerging Expert Systems, (Submission Due 30 October 2021) [posted here 2/1/21]
Guest Editors: Maheswar Rajagopal (VIT Bhopal University, India) and Jaime Lloret (Universidad Politecnica de Valencia, Spain).

Wearable devices are electronic devices worn by consumers ubiquitously and continually to capture or track biometric information related to health or fitness. Wearable devices range from smartwatches and fitness trackers to virtual reality (VR) headsets, physiological and real-time health monitoring, navigation systems, advanced textiles, military personnel wear and so on. Research into wearable devices a hot area, specifically for researchers working in personal and ubiquitous computing. Several challenges with wearable devices exist due to limited display area, battery life, renewable battery power, miniaturisation and integration, safety, security and privacy. Further important issues include reliability, software bugs and failure modes. But advancements in electronic product design, fabrication techniques, artificial intelligence, machine learning, deep learning and signal processing techniques facilitate the overcoming of the aforementioned challenging issues. Numerous research projects are in progress to provide solutions for limited memory, battery size, device shapes, data reliability, security concerns, and communication and networking protocols.

This special issue is primarily focused on wearable devices in terms of different sensing mechanisms, materials for sensing (including energy harvesting) and how artificial intelligence, machine learning, deep learning and signal processing can be employed for ubiquitous computing in wearable devices. Suitable topics include, but are not limited, to the following:
- Physical layer design in wearable devices
- Interfacing circuits for wearable devices
- Antennas for wearable devices
- Networking algorithms and protocols for wearable devices
- Device to device (D2D) communication protocols for wearable devices
- Cross-layer design issues in wearable devices
- Mobility effects in wearable devices
- Channel interference issues in wearable device networks
- RFID technology in wearable devices
- Integration of wearable and medical sensors with network infrastructures
- Energy harvesting and optimisation in wearable devices
- Security and privacy issues in wearable devices
- Reliability issues in wearable devices
- Intelligent and expert systems for wearable devices
- Information fusion for wearable devices
- Health data privacy in wearable devices
- Modelling and simulation of wearable device network

For more information, please see https://www.researchgate.net/publication/350387566_CFP_International_Journal_of_Ad_Hoc_and_Ubiquitous_Computing_Special_Issue_on_Recent_Advances_in_Wearable_Devices_for_Emerging_Expert_Systems.

Conference and Workshop Call-for-papers

June 2021

TrustData 2021 12th International Workshop on Trust, Security and Privacy for Big Data, New York, NY, USA, October 1-3, 2021. (Submission Due 1 June 2021) [posted here 4/26/21]
The proliferation of new technologies such as Internet of Things and cloud computing calls for innovative ideas to retrieve, filter, and integrate data from a large number of diverse data sources. Big Data is an emerging paradigm applied to datasets whose volume/velocity/variability is beyond the ability of commonly used software tools to manage and process the data within a tolerable period of time. More importantly, Big Data has to be of high value, and should be protected in an efficient way. Since Big Data involves a huge amount of data that is of high-dimensionality and inter-linkage, existing trust, security, and privacy measures for traditional databases and infrastructures cannot satisfy its requirements. Novel technologies for protecting Big Data are attracting researchers and practitioners with more and more attention. The 12th International Workshop on Trust, Security and Privacy for Big Data (TrustData 2021) aims to bring together people from both academia and industry to present their most recent work related to trust, security and privacy issues in Big Data, and exchange ideas and thoughts in order to identify emerging research topics and define the future of Big Data.

For more information, please see http://www.spaccs.org/trustdata/trustdata2021/.

SEED 2021 IEEE International Symposium on Secure and Private Execution Environment Design, Virtual, September 20-21, 2021. (Submission Due 4 June 2021) [posted here 5/3/21]
The IEEE International Symposium on Secure and Private Execution Environment Design (SEED) is a forum which brings together researchers from the computer architecture and computer security communities into one venue that focuses on the design of architectural and system primitives which provide secure and private execution environments for applications, containers, or virtual machines. SEED primarily focuses on research topics spanning across the boundaries of computer architecture, systems, and security. Papers are solicited on a range of topics, including (but not limited to):
- Architecture, operating systems, and programming models and language for supporting secure and private execution
- Novel Designs for secure and private execution environments for GPUs, accelerators, and FPGAs
- Architectural support for new security primitives
- Novel cryptographic hardware designs for secure and private execution
- Models and analysis of performance-security trade-offs in the design of a secure execution environment
- Evaluation of security vulnerabilities in post-Moore’s Law technologies, e.g. persistent memory, quantum computing
- Demonstration and mitigation of architectural side channels, covert channels and other security vulnerabilities
- Metrics for measuring architecture-related security vulnerabilities
- Compiler and code generation techniques for mitigating architecture-induced side and covert channels and other vulnerabilities

For more information, please see https://seed-symposium.org.

USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10-12, 2022. (Submission Due 8 June 2021, 12 October 2021, and 1 February 2022) [posted here 5/24/21]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- System security
- Network security
- Security analysis
- Machine learning security and privacy
- Data-driven security and measurement studies
- Privacy-enhancing technologies and anonymity
- Usable security and privacy
- Language-based security
- Hardware security
- Research on surveillance and censorship
- Social issues and security
- Applications of cryptography

For more information, please see https://www.usenix.org/conference/usenixsecurity22/call-for-papers.

EUROUSEC 2021 European Symposium on Usable Security, Virtual, October 11-12, 2021. (Submission Due 11 June 2021) [posted here 4/12/21]
We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches. We accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions, which started with EuroUSEC 2019, aims to include researchers at all stages of their career and at all stages of their projects. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- accessible cyber privacy and security
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- psychological, sociological, and economic aspects of security and privacy
- the impact of organizational policy or procurement decisions
- methodologies for usable security and privacy research
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see https://eurousec2021.secuso.org/.

VizSec 2021 18th IEEE Symposium on Visualization for Cyber Security, Virtual, October 27, 2021. (Submission Due 21 June 2021) [posted here 5/3/21]
The 18th IEEE Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. The purpose of VizSec is to explore effective and scalable visual interfaces for security domains such as network security, computer forensics, reverse engineering, insider threat detection, cryptography, privacy, user assisted attacks prevention, compliance management, wireless security, secure coding, and penetration testing.

For more information, please see https://vizsec.org/vizsec2021/.

WiMob 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications, Bologna, Italy, October 11-13, 2021. (Submission Due 21 June 2021) [posted here 3/8/21]
The WiMob conference is an international forum for the exchange of experience and knowledge among researchers and developers concerned with wireless and mobile technology. For thirteen years, the International WiMob conference has provided unique opportunities for researchers to interact, share new results, show live demonstrations, and discuss emerging directions in - Wireless Communication, - Wireless Networking, Mobility and Nomadicity, - Ubiquitous Computing, Services and Applications, - Green and sustainable communications and network computing and - Security on Wireless and mobile Networks. WiMob 2021 is soliciting high quality technical papers addressing research challenges in the areas of wireless communications, wireless networking, mobility, nomadicity, ubiquitous computing, services and applications. Papers should present original work validated via analysis, simulation or experimentation. Practical experiences and Testbed trials also are welcome.

For more information, please see http://wimob.org/wimob2021/.

ASHES 2021 5th Workshop on Attacks and Solutions in Hardware Security, Co-located with ACM CCS 2021, Seoul, South Korea, November 19, 2021. (Submission Due 25 June 2021) [posted here 5/31/21]
The purpose of the ASHES workshop is to foster solutions for these and any other impending issues in hardware security, and to provide the CCS-community with a rapid and dedicated forum for general secure hardware research, including both theory and practice. Among other things, ASHES is especially devoted to fostering and shaping new problems at an early stage. This is not limited to the above IoT-topics, but also includes any other acute problems in the area as well. Given its workshop format and quick reaction times, ASHES tries to constructively use the strong opportunities for guiding and shaping research during its initial phase. ASHES therefore welcomes any convincing contributions to the area, be they foundational, theoretical, or practical in nature. This is also reflected in the four tailor-made paper categories offered by ASHES, namely: SoK-papers; long and short research papers; as well as wild-and-crazy papers, which allow dissemination of promising ideas to the community at an early stage. In the four-year history of ASHES from 2017 to 2020, authors were making intense use of all three categories. We would hope to see this trend continuing this year.

For more information, please see http://ashesworkshop.org.

July 2021

WPES 2021 20th Workshop on Privacy in the Electronic Society, Co-located with ACM CCS 2021, Seoul, South Korea, November 15, 2021. (Submission Due 16 July 2021) [posted here 5/24/21]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2021 Workshop, held in conjunction with the ACM CCS conference, is the twentieth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.

For more information, please see http://wpes2021.di.unimi.it.

NDSS 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 21 May 2021 and 23 July 2021) [posted here 5/24/21]
The Network and Distributed System Security Symposium (NDSS) is a top venue that fosters information exchange among researchers and practitioners of computer, network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of practical security technologies.

Technical papers and panel proposals are solicited. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2022. The Proceedings will be made freely accessible from the Internet Society web pages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent.

For more information, please see https://www.ndss-symposium.org/ndss2022/call-for-papers/.

August 2021

SP 2022 43rd IEEE Symposium on Security and Privacy, May 22-26, 2022. (Submission Due 15 April 2021, 19 August 2021, and 2 December 2021) [posted here 5/24/21]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include:
- Applied cryptography
- Attacks with novel insights, techniques, or results
- Authentication, access control, and authorization
- Blockchains and distributed ledger security
- Cloud computing security
- Cyber physical systems security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Formal methods and verification
- Hardware security
- Hate, Harassment, and Online Abuse
- Intrusion detection and prevention
- Machine learning and computer security
- Malware and unwanted software
- Network security
- Operating systems security
- Privacy-enhancing technologies, anonymity, and censorship
- Program and binary analysis
- Protocol security
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Security foundations
- Systems security
- Usable security and privacy
- Web security
- Wireless and mobile security/privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/.

Ethical Considerations for Vulnerability Disclosure: Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research: Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
- Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
- Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

For more information, please see https://www.ieee-security.org/TC/SP2022/cfpapers.html.

September 2021
October 2021

USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 8 June 2021, 12 October 2021, and 1 February 2022) [posted here 5/24/21]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- System security
- Network security
- Security analysis
- Machine learning security and privacy
- Data-driven security and measurement studies
- Privacy-enhancing technologies and anonymity
- Usable security and privacy
- Language-based security
- Hardware security
- Research on surveillance and censorship
- Social issues and security
- Applications of cryptography

For more information, please see https://www.usenix.org/conference/usenixsecurity22/call-for-papers.

November 2021
December 2021

SP 2022 43rd IEEE Symposium on Security and Privacy, May 22-26, 2022. (Submission Due 15 April 2021, 19 August 2021, and 2 December 2021) [posted here 5/24/21]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include:
- Applied cryptography
- Attacks with novel insights, techniques, or results
- Authentication, access control, and authorization
- Blockchains and distributed ledger security
- Cloud computing security
- Cyber physical systems security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Formal methods and verification
- Hardware security
- Hate, Harassment, and Online Abuse
- Intrusion detection and prevention
- Machine learning and computer security
- Malware and unwanted software
- Network security
- Operating systems security
- Privacy-enhancing technologies, anonymity, and censorship
- Program and binary analysis
- Protocol security
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Security foundations
- Systems security
- Usable security and privacy
- Web security
- Wireless and mobile security/privacy

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/.

Ethical Considerations for Vulnerability Disclosure: Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research: Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
- Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
- Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

For more information, please see https://www.ieee-security.org/TC/SP2022/cfpapers.html.

January 2022
February 2022

USENIX-Security 2022 31st USENIX Security Symposium, Boston, MA, USA, August 10–12, 2022. (Submission Due 8 June 2021, 12 October 2021, and 1 February 2022) [posted here 5/24/21]
The USENIX Security Symposium brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks. Refereed paper submissions are solicited in all areas relating to systems research in security and privacy, including but not limited to:
- System security
- Network security
- Security analysis
- Machine learning security and privacy
- Data-driven security and measurement studies
- Privacy-enhancing technologies and anonymity
- Usable security and privacy
- Language-based security
- Hardware security
- Research on surveillance and censorship
- Social issues and security
- Applications of cryptography

For more information, please see https://www.usenix.org/conference/usenixsecurity22/call-for-papers.

Archival Journals Regularly Specializing in Security and Privacy

Journal of Privacy Technology (JOPT),   Editor-in-Chief:  Latanya Sweeney
This online-only Journal, started in 2004 and  operated by Carnegie Mellon University, is a forum for the publication of original current research in privacy technology. It encourages the submission of any material dealing primarily with the technological aspects of privacy or with the privacy aspects of technology, which may include analysis of the interaction between policy and technology or the technological implications of legal decisions.  More information can be found at http://www.jopt.org/.

IEEE Security and Privacy Magazine,   Editor-in-Chief: Shari Lawrence Pfleeger
IEEE Security & Privacy provides a unique combination of research articles, case studies, tutorials, and regular departments covering diverse aspects of information assurance such as legal and ethical issues, privacy concerns, tools to help secure information, analysis of vulnerabilities and attacks, trends and new developments, pedagogical and curricular issues in educating the next generation of security professionals, secure operating systems and applications, security issues in wireless networks, design and test strategies for secure and survivable systems, and cryptology.  More information can be found at http://www.computer.org/portal/web/computingnow/securityandprivacy.

ACM Transactions on Information and System Security,   Editor-in-Chief: Gene Tsudik
ACM invites submissions for its Transactions on Information and System Security, inaugurated in November 1998. TISSEC publishes original archival-quality research papers and technical notes in all areas of information and system security including technologies, systems, applications, and policies. Papers should have practical relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers will be accepted only if there is convincing argument for the practical significance of the results. Theory must be justified by convincing examples illustrating its application. More information is given on the journal web page at http://www.acm.org/tissec.

IEEE Transactions on Dependable and Secure Computing,   Editor-in-Chief: Ravi Sandhu
The IEEE Transactions on Dependable and Secure Computing publishes archival research results related to research into foundations, methodologies, and mechanisms that support the achievement—through design, modeling, and evaluation—of systems and networks that are dependable and secure to the desired degree without compromising performance. The focus will also include measurement, modeling, and simulation techniques, and foundations for jointly evaluating, verifying, and designing for performance, security, and dependability constraints. More information is given on the journal web page at http://www.computer.org/portal/web/tdsc.

The Springer Series on ADVANCES IN INFORMATION SECURITY
The purpose of the Advances in Information Security book series is to establish the state of the art and set the course for future research in information security. The scope of this series includes not only all aspects of computer, network security, and cryptography, but related areas, such as fault tolerance and software assurance. The series serves as a central source of reference for information security research and developments. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. Prospective Authors or Editors: If you have an idea for a book that would fit in this series, we would welcome the opportunity to review your proposal. Should you wish to discuss any potential project further or receive specific information regarding book proposal requirements, please contact Professor Sushil Jajodia (jajodia@gmu.edu,703-993-1653).
 
Journal of Computer Security,   Editor-in-Chief: John Mitchell and Pierangela Samarati
JCS is an archival research journal for significant advances in computer security. Subject areas include architecture, operating systems, database systems, networks, authentication, distributed systems, formal models, verification, algorithms, mechanisms, and policies. All papers must be submitted online at http://www.iospress.nl/journal/journal-of-computer-security/. More information is given on the journal web page at http://jcs.stanford.edu/.
 
Computers & Security,   Editor-in-Chief: Eugene H. Spafford
Computers & Security aims to satisfy the needs of managers and experts involved in computer security by providing a blend of research developments, innovations, and practical management advice. Original submissions on all computer security topics are invited, particularly those of practical benefit to the practitioner. All papers must be submitted online at http://ees.elsevier.com/cose/. More information can be found at http://www.elsevier.com/locate/issn/01674048.
 
International Journal of Information Security,   Editors-in-Chief: D. Gollmann; J. Lopez; E. Okamoto
The International Journal of Information Security, IJIS, aims to provide prompt publication of important technical work in information security, attracting any person interested in communications, commerce, banking, medicine, or other areas of endeavor affected by information security. Any research submission on theory, applications, and implementations of information security is welcomed. This includes, but is not limited to, system security, network security, content protection, applications and foundations of information security. More information is given on the journal web page at http://www.springer.com/computer/security+and+cryptology/journal/10207.
 
International Journal of Network Security,   Editors-in-Chief: Min-Shiang Hwang
International Journal of Network Security is an international official journal of Science Publications, publishing original articles, reviews and short communications of a high scientific and technology in network security. Subjects covered include: access control, computer security, cryptography, communications security, data security, database security, electronic commerce security, information security, multimedia security, and network security. Authors are strongly encouraged to submit their papers electronically by using online manuscript submission at http://ijns.nchu.edu.tw/, or submit their Word, ps or pdf file to the editor-in-chief (via Email: mshwang@isrc.nchu.edu.tw): Min-Shiang Hwang, at the Department of Management Information Systems, National Chung Hsing University, Taiwan, R.O.C.  More information can be found at http://ijns.femto.com.tw/.
 
International Journal of Security and Networks,   Editors-in-Chief: Yang Xiao
International Journal of Security and Networks is an archival research journal for significant advances in network security. Subject areas include attack models, security mechanisms, security services, authentication, authorization, access control, multicast security, data confidentiality, data integrity, non-repudiation, forensics, privacy protection, secure protocols, formal analyses, intrusion detection, key management, trust establishment, revocation of malicious parties, security policies, fraudulent usage, dependability and reliability, prevention of traffic analysis, network security performance evaluation, tradeoff analysis between performance and security, security standards, etc. All papers must be submitted online at http://www.inderscience.com/ijsn/. More information is given on the journal web page at http://www.inderscience.com/ijsn/.
 
International Journal of Critical Infrastructure Protection,   Editors-in-Chief: Sujeet Shenoi
International Journal of Critical Infrastructure Protection's primary aim is to publish high quality scientific and policy papers in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology and policy to craft sophisticated yet practical solutions that will secure information, computer and network assets in the various critical infrastructure sectors. All papers must be submitted online at http://www.elsevier.com/locate/ijcip. More information is given on the journal web page at http://www.elsevier.com/locate/ijcip.
 
IEEE Transactions on Information Forensics and Security,   Editors-in-Chief: C.-C. Jay Kuo
IEEE Transactions on Information Forensics and Security aims to provide a unified locus for archival research on the fundamental contributions and the mathematics behind information forensics, information security, surveillance, and systems applications that incorporate these features. Authors are strongly encouraged to submit their papers electronically to the online manuscript system, Manuscript Central, via sps-ieee.manuscriptcentral.com.  More information can be found at http://www.ieee.org/organizations/society/sp/tifs.html.
 
EURASIP Journal on Information Security,   Editors-in-Chief: Stefan Katzenbeisser
EURASIP Journal on Information Security aims to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. The journal also welcomes proposals for Special Issues. All papers must be submitted online at http://jis.eurasipjournals.com/manuscript.  More information can be found at http://jis.eurasipjournals.com.