MAY 22-26, 2023 AT THE HYATT REGENCY, SAN FRANCISCO, CA

44rd IEEE Symposium on
Security and Privacy

Call For Papers


Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice.

Topics of interest include:

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers

As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io/.

Submission Deadlines & Decisions

Based on the experience in the past three years, the reviewing process for IEEE S&P is changed to three submission deadlines. For each submission, one of the following decisions will be made:

All papers accepted by March 10, 2023 will appear in the proceedings of the symposium in May 2023 and invited to present their work. These include for example papers that were submitted in December 2022 and were accepted without revision, or papers that were submitted in April 2022, got the Major Revision decision, and resubmitted the revised paper in August or December.

Important Dates

All deadlines are 23:59:59 AoE (UTC-12).

First deadline

Second deadline

Third deadline

Rebuttal Period

We will introduce a rebuttal period during which authors have the opportunity to exchange messages with the reviewers and respond to questions asked. To this end, we will use HotCRP’s anonymous communication feature to enable a communication channel between authors and reviewers. The authors should mainly focus on factual errors in the reviews and concrete questions posed by the reviewers. New research results can also be discussed if they help to clarify open questions. More instructions will be sent out to the authors at the beginning of the rebuttal period.

Major Revision Submissions & Rejected Papers

As described above, some number of papers will receive a Major Revision decision, rather than Accept, Conditional Accept, or Reject. This decision will be accompanied by a detailed summary of the expectations for the revision, in addition to the standard reviewer comments. The authors may prepare a major revision, which may include running additional experiments, improving the paper’s presentation, or other such improvements. Papers meeting the expectations will typically be accepted. Those that do not will be rejected. Only in exceptional circumstances will additional revisions be requested. Authors can submit a revised paper to the next two submission deadlines after the notification. Upon receiving a Major Revision decision, authors can choose to withdraw their paper or not submit a revision, but they will be asked to not submit the same or similar work again (following the same rules as for Rejected papers) for 1 year from the date of the original submission. The table below summarizes the eligible 2022 deadlines for papers that received a revise decision or reject decision for a paper submitted to IEEE S&P’22 for each of the three 2022 cycles.

2022 deadlines Revise decision
Eligible 2023 deadlines
Reject decision
Eligible 2023 deadlines
First 2021
(April 15, 2021)
None Any 2023 deadline
Second 2021
(August 19, 2021)
First deadline
(April 1,2022)
Second deadline
(Aug 19, 2022)
Third deadline
(Dec 2, 2022)
Third 2021
(Dec 2, 2021)
First deadline
(April 1, 2022)
Second deadline
(August 19, 2022)
Third deadline
(Dec 2, 2022)

Instructions for Paper Submission

These instructions apply to both the research papers and systematization of knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy.

Anonymous Submission

Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text. When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself. Papers that are not properly anonymized may be rejected without review. PC members who have a genuine conflict of interest with a paper, including the PC Co-Chairs and the Associate Chairs, will be excluded from evaluation and discussion of that paper.

While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors should refrain from widely advertising their results, but in special circumstances they should contact the PC chairs to discuss exceptions. Authors are not allowed to directly contact PC members to discuss their submission.

The submissions will be treated confidentially by the PC chairs and the program committee members. Program committee members are not allowed to share the submitted papers with anyone, with the exception of qualified external reviewers approved by the program committee chairs. Please contact the PC chairs if you have any questions or concerns.

Conflicts of Interest

During submission of a research paper, the submission site will request information about conflicts of interest of the paper's authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:

  1. The PC member is a co-author of the paper.

  2. The PC member has been a co-worker in the same company or university within the past two years.
    • For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization.
  3. The PC member has been a collaborator within the past two years.

  4. The PC member is or was the author's primary thesis advisor, no matter how long ago.

  5. The author is or was the PC member's primary thesis advisor, no matter how long ago.

  6. The PC member is a relative or close personal friend of the author.

For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection.

Research Ethics Committee

New to Oakland 2023 is a research ethics committee (REC) that will check papers flagged by reviewers as potentially including ethically fraught research. The REC will review flagged papers and may suggest to the PC Chairs rejection of a paper on ethical grounds. The REC consists of members of the PC. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research.

Ethical Considerations for Vulnerability Disclosure

Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research

Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

  1. Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
  2. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Financial and Non-financial competing interests

In the interests of transparency and to help readers form their own judgements of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, "Author X is on the Technical Advisory Board of the ByteCoin Foundation," or "Professor Y is the CTO of DoubleDefense, which specializes in malware analysis." More information regarding this policy is available here.

Reviews from Prior Submissions

For papers that were previously submitted to, and rejected from, another conference, authors are required to submit a separate document containing the prior reviews along with a description of how those reviews were addressed in the current version of the paper. Authors are only required to include reviews from the last time the paper was submitted. Reviewers will only see the provided supplementary material after finishing their own review to avoid being biased in formulating their own opinions; once their reviews are complete, however, reviewers will be given the opportunity to provide additional comments based on the submission history of the paper. Authors who try to circumvent this rule (e.g., by changing the title of the paper without significantly changing the contents) may have their papers rejected without further consideration, at the discretion of the PC chairs.

Page Limit and Formatting

Submitted papers may include up to 13 pages of text and up to 5 pages for references and appendices, totaling no more than 18 pages. The same applies to camera-ready papers, although, at the PC chairs’ discretion, additional pages may be allowed for references and appendices. Reviewers are not required to read appendices.

Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing.

Authors may use the IEEE conference proceedings templates. LaTeX submissions using the IEEE templates should use IEEEtran.cls version 1.8b with options “conference,compsoc.” (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.)

Whether or not a submission uses the IEEE templates, the authors alone are responsible for ensuring that their paper complies with the formatting guidelines above (column size, margins, font size, line spacing etc.). All submissions will be automatically checked for conformance to these requirements. Failure to adhere to the page limit and formatting requirements are grounds for rejection without review.

Conference Submission Server

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper at the conference.

Program Committee


PC Chairs

Thomas Ristenpart Cornell Tech
Patrick Traynor University of Florida

Associate Chairs

Henry Corrigan-Gibbs MIT
Adam Doupe Arizona State University
Sarah Meiklejohn Google / UCL
Nicolas Papernot University of Toronto and Vector Institute
Christina Poepper NYU Abu Dhabi
Mariana Raykova Google
Elissa Redmiles MPI SWS
Andrei Sabelfeld Chalmers University
Ben Stock CISPA
Yuval Yarom University of Adelaide

REC Chair

Srdjan Capkun ETH

PC Members

Aanjhan Ranganathan Northeastern University
Aastha Mehta University of British Columbia, Vancouver
AbdelRahman Abdou Carleton University
Adam Oest PayPal, Inc.
Adria Gascon Google Research
Adrian Dabrowski University of California, Irvine
Adwait Nadkarni William & Mary
Alexandros Kapravelos North Carolina State University
Ali Mashtizadeh University of Waterloo
Alin Tomescu VMware
Allison McDonald University of Michigan
Amrita Roy Chowdhury UCSD
Ananth Raghunathan Meta Inc
Andreas Terzis Google
Andrew Paverd Microsoft
Ang Chen Rice University
Aniket Kate Purdue University
Anil Kurmus IBM Research Europe - Zurich
Antonis Michalas Tampere University
Arthur Gervais Imperial College London
Aurore Fass Stanford University
Benjamin Ujcich Georgetown University
Benny Pinkas Bar-Ilan University
Boris Köpf Microsoft Research
Bradley Reaves North Carolina State University
Brendan Dolan-Gavitt NYU
Brendan Saltaformaggio Georgia Institute of Technology
Carrie Gates Bank of America
Chitchanok Chuengsatiansup The University of Adelaide, Australia
Chris Geeng University of Washington
Christopher Fletcher UIUC
Cristian-Alexandru Staicu CISPA Helmholtz Center for Information Security
Daniel Moghimi University of California San Diego
Daniel Rausch University of Stuttgart
Daniel Votipka Tufts University
Danny Yuxing Huang New York University
Dave Levin University of Maryland
Dave (Jing) Tian Purdue University
David Wu UT Austin
David Lie University of Toronto
David Mohaisen University of Central Florida
David Kohlbrenner University of Washington
David Barrera Carleton University
Earlence Fernandes University of Wisconsin-Madison
Eleftherios Kokoris Kogias IST Austria
Emiliano De Cristofaro Ucl
Eric Zeng University of Washington
Eyal Ronen Tel Aviv University
Fabio Pagani University of California, Santa Barbara
Fabio Pierazzi King's College London
Fan Zhang Duke University
Feargus Pendlebury University College London & Meta
Felix Günther ETH Zurich
Fengwei Zhang Southern University of Science and Technology
Fish Wang Arizona State University
Florian Kerschbaum University of Waterloo
Florian Tramer ETH Zurich / Google
Frank Li Georgia Institute of Technology
Frank Piessens KU Leuven
Franziska Boenisch Fraunhofer AISEC
Fraser Brown CMU / Stanford
Gabriel Kaptchuk Boston University
Gabriela Ciocarlie University of Texas at San Antonio
Gang Wang University of Illinois at Urbana-Champaign
Gennie Gebhart Electronic Frontier Foundation
Giancarlo Pellegrino CISPA Helmholtz Center for Information Security
Giovanni Cherubin Microsoft Research
Giulia Fanti Carnegie Mellon University
Grant Hernandez Qualcomm
Guevara Noubir Northeastern University
Guido Schmitz Royal Holloway, University of London
Guofei Gu Texas A&M University
Hadi Abdullah University of Florida
Hamed Okhravi MIT Lincoln Laboratory
Hyunghoon Cho Broad Institute of MIT and Harvard
Ian Miers UMD
Ivan Evtimov Meta AI
Ivan Puddu ETH Zurich
Jason Polakis University of Illinois Chicago
Jason (Minhui) Xue University of Adelaide and Data61-CSIRO
Jeremiah Blocki Purdue University
Jiska Classen TU Darmstadt, Secure Mobile Networking Lab
Jon McCune Google
Jun Xu University of Utah
Jörg Schwenk Ruhr University Bochum
Kasper Rasmussen University of Oxford
Kassem Fawaz University of Wisconsin-Madison
Kathrin Grosse University of Cagliari
Kevin Butler University of Florida
Konrad Rieck TU Braunschweig
Kurt Thomas Google
Lejla Batina Radboud University, The Netherlands
Liang Wang Princeton University
Liang Wang Princeton University
Lianying Zhao Carleton University
Ling Ren University of Illinois at Urbana-Champaign
Maliheh Shirvanian Visa Research
Mario Fritz CISPA Helmholtz Center for Information Security
Marius Muench Vrije Universiteit Amsterdam
Marshini Chetty University of Chicago
Martin Johns TU Braunschweig
Martina Lindorfer TU Wien
Mathias Lécuyer University of British Columbia
Mathias Payer EPFL
Mathy Vanhoef KU Leuven
Mayank Varia Boston University
Mengjia Yan MIT
Michael Specter Google
Michael Franz University of California, Irvine
Michelle Mazurek University of Maryland
Mihalis Maniatakos NYU Abu Dhabi
Mohamed Tarek Ibn Ziad Columbia University
Mohammad Yaghini University of Toronto, Vector Institute
Murtuza Jadliwala The University of Texas at San Antonio
Nathan Dautenhahn Rice University
Nathan Malkin University of Maryland
Nguyen Phong Hoang University of Chicago
Nick Nikiforakis Stony Brook University
Nicolas Christin Carnegie Mellon University
Olya Ohrimenko The University of Melbourne
Omar Chowdhury The University of Iowa
Panos Papadimitratos KTH Royal Institute of Technology
Pardis Emami-Naeini University of Washington
Pascal Reisert University of Stuttgart, Germany
Paul Grubbs University of Michigan
Peter Snyder Brave Software
Philipp Jovanovic University College London
Phillipp Schoppmann Google
Qi Li Tsinghua University
Qiang Tang The University of Sydney
Quinn Burke Penn State
Reza Shokri National University of Singapore (NUS)
Riad Wahby Carnegie Mellon University
Rishab Nithyanand University of Iowa
Roei Schuster Vector Institute
Ruzica Piskac Yale University
Ryan Gerdes Virginia Tech
Ryan Sheatsley The Pennsylvania State University
Saeed Mahloujifar Princeton
Sam King UC Davis
Sanchari Das University of Denver
Sara Rampazzi University of Florida
Sascha Fahl CISPA
Sebastian Angel Microsoft Research and University of Pennsylvania
Sergio Maffeis Imperial College London
Shuai Wang Hong Kong University of Science and Technology
Shweta Shinde ETH Zurich
Sooel Son KAIST
Stefan Katzenbeisser University of Passau
Stephen McCamant University of Minnesota
Stjepan Picek Radboud University, The Netherlands
Sunoo Park Cornell Tech
Syed Rafiul Hussain Pennsylvania State University
Tara Whalen Cloudflare
Tempestt Neal University of South Florida
Thomas Wies New York University
Tiffany Bao ASU
Tijay Chung Virginia Tech
Tobias Fiebig Max-Planck-Institut für Informatik
Tom Moyer UNC Charlotte
Trent Jaeger Penn State University
Tushar Jois Johns Hopkins University
Umar Iqbal University of Washington
Varun Chandrasekaran University of Wisconsin-Madison
Vasileios Kemerlis Brown University
Vincent Bindschaedler University of Florida
Wajih Ul Hassan The University of Virginia
Wei Meng The Chinese University of Hong Kong
Wenjing Lou Virginia Tech
Wenyuan Xu Zhejiang University
William Enck North Carolina State University
William Robertson Northeastern University
Wouter Lueks EPFL
Xiao Wang Northwestern University
Xiapu Luo The Hong Kong Polytechnic University
Xinyu Xing Northwestern University
Xusheng Xiao Case Western Reserve University
Yang Zhang CISPA Helmholtz Center for Information Security
Yao Liu University of South Florida
Yinqian Zhang Southern University of Science and Technology
Yizheng Chen University of California, Berkeley
Yossi Gilad Hebrew University of Jerusalem
Yossi Oren Ben Gurion University of the Negev
Yuan Tian University of Virginia
Yuan Zhang Fudan University
Z. Berkay Celik Purdue University
Zakir Durumeric Stanford University
Zane Ma Georgia Institute of Technology