36th IEEE Computer Security Foundations Symposium
July 9 - 13, 2023 - Dubrovnik, Croatia

We are proud to announce that the CSF 2021 paper "Verifying
Hyperproperties with Temporal Logic of Actions (TLA)" by Leslie
Lamport and Fred B. Schneider won the NSA 10th Annual Best Scientific
Cybersecurity Paper Competition. Congratulations!

The Computer Security Foundations Symposium (CSF) is an annual
conference for researchers in computer security, to examine current
theories of security, the formal models that provide a context for
those theories, and techniques for verifying security. It was created
in 1988 as a workshop of the IEEE Computer Society's Technical
Committee on Security and Privacy, in response to a 1986 essay by Don
Good entitled "The Foundations of Computer Security—We Need Some." The
meeting became a "symposium" in 2007, along with a policy for open,
increased attendance. Over the past two decades, many seminal papers
and techniques have been presented first at CSF. For more details on
the history of the symposium, visit CSF's home.

The program includes papers, panels, and a poster session. Topics of
interest include access control, information flow, covert channels,
cryptographic protocols, database security, language-based security,
authorization and trust, verification techniques, integrity and
availability models, and broad discussions concerning the role of
formal methods in computer security and the nature of foundational
research in this area.

Important Dates AoE (UTC-12h)
Spring cycle paper submission   	May 13, 2022
Spring cycle author notification   	July 15, 2022
Fall cycle paper submission   	September 30, 2022
Fall cycle author notification   	December 2, 2022
Winter cycle paper submission   	February 3, 2023
Winter cycle author notification   	April 7, 2023
CSF Symposium   	July 9 - 13, 2023

Sponsored by IEEE Computer Society's Technical Commitee on Security
and Privacy.

CSF 2023 continues to have rolling deadlines. Starting from CSF 2020,
CSF has started to invite submissions three times a year: Spring,
Fall, and Winter. Dates and detailed submission instructions appear
later in this document.  

Call for Papers

Proceedings will be published by the IEEE Computer Society Press and
will be available at the symposium. Some small number of papers will
be selected by the Program Committee as "Distinguished Papers".


New results in security and privacy are welcome. We also encourage
challenge/vision papers, which may describe open questions and raise
fundamental concerns about security and privacy. Possible topics for
all papers include, but are not limited to:

    access control
    attack models
    blockchains and smart contracts
    cloud security
    data provenance
    data and system integrity
    database security
    decidability and complexity
    decision theory
    distributed systems security
    electronic voting
    embedded systems security
    formal methods and verification
    hardware-based security
    information flow control
    intrusion detection
    language-based security
    mobile security
    network security
    security and privacy aspects of machine learning
    security and privacy for the Internet of Things
    security architecture
    security metrics
    security policies
    security protocols
    software security
    socio-technical security
    trust management
    usable security
    web security

SoK papers: Systematization of Knowledge Papers

CSF'23 solicits systematization of knowledge (SoK) papers in
foundational security and privacy research. These papers systematize,
re-formulate, or evaluate existing work in one established and
significant research topic. Such papers must provide new
insights. Survey papers without new insights are not
appropriate. Papers trying to identify robust foundations of research
areas still lacking them are particularly welcome. Submissions will be
distinguished by the prefix "SoK:" in the title and a checkbox on the
submission form.  Special Sessions

This year, we strongly encourage papers in three foundational areas of
research we would like to promote at CSF by means of special
sessions. Special sessions serve to identify selected research topics
of particular interest to the community. Papers submitted to special
sessions are expected to comply with the same requirements as other
papers. This year, we have the following special sessions:

BLOCKCHAIN AND SMART CONTRACTS (Session Chairs: Matteo Maffei and
Andrea Marin). Many challenges arise with the rapid development of the
blockchain technology and its main application: smart contract. The
need for formal foundations for the security and privacy of
blockchains and smart contracts. We invite submissions on foundational
work in this area. Topics include security and privacy issues,
analysis and verification of existing solutions, design of new
systems, broader foundational issues such as how blockchain mechanisms
fit into larger distributed ecosystems and foundational security
aspects of applications built on top of blockchain mechanisms, new
programming languages for smart contracts, and formal analysis of
smart contracts.

Catuscia Palamidessi). Security and privacy systems often present
aspects that can be better understood and formalized by means of
quantitative notions. For example, several protocols for controlling
the information leakage use randomized techniques to protect the
secret, and their properties can be elegantly captured using
information theory. Similarly, mechanisms for differential privacy
protect individual data by adding random noise to the result of a
query, and the properties are expressed in terms of likelihoods. We
invite submission in this area. Topics include, but are not limited
to, quantitative information flow, metrics for security, trust and
privacy, differential privacy, and methods for the analysis and
verification of quantitative properties. This special session is
dedicated to the memory of our colleague Geoffrey Smith, whose
scientific contributions to the field of quantitative methods for
security are numerous and fundamental. Geoffrey passed away in 2021,
but his brilliant mind, his intellectual honesty, and his gentleness
remain an inspiration to us all.

CRYPTOGRAPHY (Session Chairs: Pascal Reisert and Peter
Schwabe). Cryptography is at the heart of many security- and
privacy-critical systems. As such it is an integral part of the field
of security and privacy. While modern cryptography is built on firm
theoretical foundations, new applications frequently need new
cryptographic solutions, new security definitions, models, and proof
techniques and tools. We invite submissions in this area. Topics
include, but are not limited to, the design and analysis of
cryptographic protocols, new cryptographic frameworks and proof
techniques, including composability as well as automated,
tool-supported analysis and verification of cryptographic primitives
and protocols.

These papers will be reviewed under the supervision of the special
session chairs. They will be presented at the conference, and will
appear in the CSF proceedings, without any distinction from the other
papers.  Ethics

We expect authors to carefully consider and address the potential
harms associated with carrying out the research, as well as the
potential negative consequences that could stem from publishing their
work. Failure to do so will result in summary rejection of a
submission regardless of its quality and scientific value.

Although causing controlled harm is sometimes a consequence of
legitimate scientific research in computer security and privacy,
authors are expected to document how they have addressed and mitigated
the risks. This includes, but is not limited to, considering the
impact of their research on deployed systems, understanding the costs
and risks their research imposes on others, safely and appropriately
collecting data, and following responsible disclosure. If the
submitted research has the potential to cause harm, the paper should
include a clear statement about why the benefit of the research
outweighs the harms, and how the authors have taken measures and
followed best practices to ensure safety and minimize the harms caused
by their research.

If the submitted research has potential to cause harm, and authors
have access to an Institutional Review Board (IRB), we expect that
this IRB is consulted and its approval and recommendations are
documented in the paper. We note however that IRBs are not expected to
understand computer security research well or to know about best
practices and community norms in our field, so IRB approval does not
absolve researchers from considering ethical aspects of their work. In
particular, IRB approval is not sufficient to guarantee that the PC
will not have additional concerns with respect to harms associated
with the research.

We encourage the authors to consult with existing documentation, e.g.,
Common Pitfalls in Writing about Security and Privacy Human Subjects
Experiments, and How to Avoid Them or the Menlo Report and existing
Safety consultation entities, e.g., the Tor Safety Research
Board. These can help in thinking about potential harms, and in
designing the safest experiments and disclosure processes.  Important
Dates AoE (UTC-12h)

Spring cycle:
May 13, 2022: paper submission deadline
July 15, 2022: author notification

Fall cycle:
September 30, 2022: paper submission deadline
December 2, 2022: author notification

Winter cycle:
February 3, 2023: paper submission deadline
April 7, 2023: author notification
Paper Submission Instructions

Submitted papers must not substantially overlap with papers that have
been published or that are simultaneously submitted to a journal or a
conference with published proceedings.

Papers must be submitted using the two-column IEEE Proceedings style
available for various document preparation systems at the IEEE
Conference Publishing Services page. All papers should be at most 12
pages long, not counting bibliography and well-marked
appendices. Anonymized supplementary material such as proof scripts
can be uploaded as a tar ball on the submission site. Committee
members are not required to read appendices, and so the paper must be
intelligible without them. Papers submitted to any of the special
sessions must be marked as such via the appropriate checkbox.

Papers failing to adhere to any of the instructions above will be
rejected without consideration of their merits.

At least one coauthor of each accepted paper is required to attend CSF
to present the paper. In the event of difficulty in obtaining visas
for travel, exceptions can be made and will be discussed on a
case-by-case basis.

CSF'23 will employ double-blind reviewing. Submitted papers must (a)
omit any reference to the authors' names or the names of their
institutions, and (b) reference the authors' own related work in the
third person (e.g., not "We build on our previous work ..." but rather
"We build on the work of ..."). Nothing should be done in the name of
anonymity that weakens the submission or makes the job of reviewing
the paper more difficult (e.g., important background references should
not be omitted or anonymized). Please see our frequently asked
questions (FAQ) that address many common concerns. When in doubt,
contact the program chairs.  Decisions

The outcome of the review process can be one of the following three:
accept, reject, major revision. In some occasions, accepted papers are
shepherded for minor modifications.

Major revisions

Papers with "major revision" decision must be re-submitted within the
following two cycles, accompanied by a writeup explaining how the
revision meets reviewers' revision requirements. These papers will be
reviewed by the same reviewers as those for the initial
submission. They may use 16 pages in the usual IEEE template, but the
16 pages should contain everything, in particular bibliography and
appendix (if any). In other words, revisions should be prepared as if
they were camera-ready papers. For additional material authors may
point to technical reports or supply additional material when
submitting the paper. Reviewers are, however, not obliged to read this

Authors should submit their revision as a new paper (rather than
updating the previous submission) and mark it as "major revision". For
major revision papers the submission system will ask authors to
provide additional information in a textbox, such as the cycle and the
submission number of the previous submission.

The possible decisions for such resubmitted revised papers are the
following: accept (possibly with shepherding) or reject, i.e., a major
revision decision is excluded.

Like all papers, major revision papers can be withdrawn from the
conference at any time.

Major revision papers not re-submitted within the following two cycles
will be considered new submissions, reviewed by serving PC members. A
writeup explaining how the revision meets previous reviewers' revision
requirements is optional. The layout of these papers has to follow the
guidelines for regular submissions, in particular, for these papers
the limit of 12 pages applies.  Resubmissions of rejected papers

Rejected papers can be re-submitted at any time. If a rejected paper
is re-submitted within 11 months of the last deadline they were
submitted to (e.g., rejected submissions to Sep 2021 is resubmitted to
May 2022 deadline), reviews and a writeup explaining how the current
submission addresses concerns in the reviews must be submitted as
supplementary material. The paper will be desk-rejected by the PC
chairs if previous reviews or the explanation is missing. We may use a
different set of reviewers for re-submissions. All resubmissions of
rejected papers can optionally submit reviews from previous
submissions and a writeup explaining how the current submission
addresses concerns in the reviews as supplementary material. In any
case, previously rejected papers should follow the paper submission
instructions of regular submissions. In particular, the same page
limit and format applies and submissions should be anonymized.