WOOT 2022 : 16th Workshop On Offensive Technologies

URL: https://www.ieee-security.org/TC/SP2022/WOOT22/index.html
Submission: https://woot22.secpriv.tuwien.ac.at/woot22/paper/new
Workshop date: Thursday, May 26, 2022
Place: San Francisco, CA
Co-located with Security and Privacy

* Overview *

The Workshop on Offensive Technologies (WOOT) aims to present a broad 
picture of offense and its contributions, bringing together researchers 
and practitioners across all areas of computer security. Offensive 
security has changed from a hobby to an industry. No longer an exercise 
for isolated enthusiasts, offensive security is today a large-scale 
operation managed by organized, capitalized actors. Meanwhile, the 
landscape has shifted: software used by millions is built by startups 
less than a year old, delivered on mobile phones and surveilled by 
national signals intelligence agencies. In the field's infancy, 
offensive security research was conducted separately by industry, 
independent hackers, or in academia. Collaboration between these groups 
was difficult. Since 2007, the Workshop on Offensive Technologies (WOOT) 
has been bringing those communities together.

* Symposium Topics *

Computer security exposes the differences between the actual mechanisms 
of everyday trusted technologies and their models used by developers, 
architects, academic researchers, owners, operators, and end users. 
While being inherently focused on practice, security also poses 
questions such as "what kind of computations are and aren't trusted 
systems capable of?" which harken back to fundamentals of computability. 
State-of-the-art offense explores these questions pragmatically, 
gathering material for generalizations that lead to better models and 
more trustworthy systems.

WOOT provides a forum for high-quality, peer-reviewed work discussing 
tools and techniques for attacks. Submissions should reflect the state 
of the art in offensive computer security technology, exposing poorly 
understood mechanisms, presenting novel attacks, highlighting the 
limitations of published attacks and defenses, or surveying the state of 
offensive operations at scale. WOOT '22 accepts papers in both an 
academic security context and more applied work that informs the field 
about the state of security practice in offensive techniques. The goal 
for these submissions is to produce published works that will guide 
future work in the field. Submissions will be peer reviewed and 
shepherded as appropriate. Submission topics include, but are not 
limited to, attacks on and offensive research into:

- Hardware, including software-based exploitation of hardware 
- Virtualization and the cloud
- Network and distributed systems
- Operating systems
- Browser and general client-side security (runtimes, JITs, sandboxing)
- Application security
- Analysis of mitigations and automating how they can be bypassed
- Automating software testing such as fuzzing for novel targets
- Internet of Things
- Machine Learning
- Cyber-physical systems
- Privacy
- Cryptographic systems (practical attacks on deployed systems)
- Malware design, implementation and analysis
- Offensive applications of formal methods (solvers, symbolic execution)

* Workshop Format *

The presenters will be authors of accepted papers. There will also be a 
keynote speaker and a selection of invited speakers. WOOT '22 will 
feature a Best Paper Award and a Best Student Paper Award.

Note that WOOT'22 and other IEEE S&P workshops are planned to be held in 
person, see the IEEE S&P website for details and updates.

* Regular Submission*

WOOT '22 welcomes submissions without restrictions of origin. 
Submissions from academia, independent researchers, students, hackers, 
and industry are welcome. Are you planning to give a cool talk at Black 
Hat in August? Got something interesting planned for other non-academic 
venues later this year? This is exactly the type of work we'd like to 
see at WOOT '22. Please submit -- it will also give you a chance to have 
your work reviewed and to receive suggestions and comments from some of 
the best researchers in the world. More formal academic offensive 
security papers are also very welcome.

* Systemization of Knowledge *

Continuing the tradition of past years, WOOT '22 will be accepting 
"Systematization of Knowledge" (SoK) papers. The goal of an SoK paper is 
to encourage work that evaluates, systematizes, and contextualizes 
existing knowledge. These papers will prove highly valuable to our 
community but would not be accepted as refereed papers because they lack 
novel research contributions. Suitable papers include survey papers that 
provide useful perspectives on major research areas, papers that support 
or challenge long-held beliefs with compelling evidence, or papers that 
provide an extensive and realistic evaluation of competing approaches to 
solving specific problems. Be sure to select "Systematization of 
Knowledge paper" in the submissions system to distinguish it from other 
paper submissions.

* Submission Requirements *

Paper submission deadline: Thursday, January 27, 2022, 11:59 AoE 
(Anywhere on Earth)
Notification date: Thursday, February 27, 2022
Camera-ready paper deadline: Tuesday, March 8, 2022
Workshop date: Thursday, May 26, 2022

Please submit your paper at 

* What to Submit *

Submissions must be in PDF format. Papers should be succinct but 
thorough in presenting the work. The contribution needs to be well 
motivated, clearly exposed, and compared to the state of the art. 
Typical research papers are at least 4 pages, and maximum 10 pages long 
(not counting bibliography and appendix). Yet, papers whose lengths are 
incommensurate with their contributions will be rejected.

The submission should be formatted in 2-columns, using 10-point Times 
Roman type on 12-point leading, in a text block of 6.5” x 9”. Please 
number the pages. Authors must use the IEEE templates, for LaTeX papers 
this is IEEETran.cls version 1.8b.

Submissions are double blind: submissions should be anonymized and avoid 
obvious self-references (authors are allowed to release technical 
reports and present their work elsewhere such as at DefCon or BlackHat). 
Submit papers using the submission form.

Authors of accepted papers will have to provide a paper for the 
proceedings following the above guidelines. A shepherd may be assigned 
to ensure the quality of the proceedings version of the paper.

If your paper should not be published prior to the event, please notify 
the chairs. Submissions accompanied by non-disclosure agreement forms 
will not be considered. Accepted submissions will be treated as 
confidential prior to publication on the WOOT '22 website; rejected 
submissions will be permanently treated as confidential.

* Policies and Contact Information *

Simultaneous submission of the same work to multiple competing academic 
venues, submission of previously published work without substantial 
novel contributions, or plagiarism constitutes dishonesty or fraud may 
lead to instant or later rejecion.
Note: Work presented by the authors at industry conferences, such as 
Black Hat, is not considered to have been "previously published" for the 
purposes of WOOT '22. We strongly encourage the submission of such work 
to WOOT '22, particularly work that is well suited to a more formal and 
complete treatment in a published, peer-reviewed setting. In your 
submission, please do note any previous presentations of the work.

* Vulnerability Disclosure *

If the submission describes, or otherwise takes advantage of, newly 
identified vulnerabilities (e.g., software vulnerabilities in a given 
program or design weaknesses in a hardware system) the authors should 
disclose these vulnerabilities to the vendors/maintainers of affected 
software or hardware systems prior to the CFP deadline. When disclosure 
is necessary, authors should include a statement within their submission 
and/or final paper about steps taken to fulfill the goal of disclosure.

* Ethical Considerations *

Submissions that describe experiments on human subjects, that analyze 
data derived from human subjects (even anonymized data), or that 
otherwise may put humans at risk should:

- Disclose whether the research received an approval or waiver from each 
  of the authors’ institutional ethics review boards (e.g., an IRB).
- Discuss steps taken to ensure that participants and others who might 
  have been affected by an experiment were treated ethically and with respect.
- If a paper raises significant ethical or legal concerns, including in 
  its handling of personally identifiable information (PII) or other kinds 
  of sensitive data, it might be rejected based on these concerns.