45th IEEE Symposium on
Security and Privacy

Call For Papers

Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice.

Topics of interest include:

This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers

As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at

Submission Deadlines & Decisions (Important Updates)

Similar to 2023, there will be three submission deadlines this year. For each submission, one of the following decisions will be made:

Public Meta-Reviews: All accepted papers will be published alongside a meta-review (< 500 words) that lists (a) the reasons the PC decided to accept the paper and (b) concerns the PC has with the paper. Authors will be given the option to write a response to the meta-review (< 500 words) which will be published as part of the meta-review. Authors will be given a draft meta-review at the time of acceptance. Authors will be given the option of addressing some or all of the concerns within one review cycle. A shepherd will remove concerns from the meta-review if they are sufficiently addressed by the revisions. Authors of papers accepted to the third submission cycle will be given the option to have their paper appear in the 2025 proceedings if they are not able to complete revisions in time for the final camera ready deadline.

The goal of this process is to provide greater transparency and to better scope change requests made by reviewers. More information about the reasons behind this change can be found here.

Re-Submission of Major Revisions from Prior Years: Authors resubmitting papers that received Major Revision decisions in 2023 will also be published with the public meta-reviews as described above.

More information about the reasons behind the above changes can be found here.

Important Dates

All deadlines are 23:59:59 AoE (UTC-12).

First deadline

Second deadline

Third deadline

Rebuttal Period

Papers reaching the second round of reviewing will be given an opportunity to write a rebuttal to reviewer questions. The rebuttal period will be interactive, and is separate from the meta-review rebuttal given to accepted papers.

Authors have the opportunity to exchange messages with the reviewers and respond to questions asked. To this end, we will use HotCRP’s anonymous communication feature to enable a communication channel between authors and reviewers. The authors should mainly focus on factual errors in the reviews and concrete questions posed by the reviewers. New research results can also be discussed if they help to clarify open questions. More instructions will be sent out to the authors at the beginning of the rebuttal period.

2023 Major Revision Submissions & Rejected Papers

Papers submitted to one of the 2023 submission cycles may have received a Major Revision or Reject decision. For these papers, we will follow the rules defined in the 2023 Call for Papers, which allow authors of Major Revision papers to submit a revised paper to the next two submission deadlines after the notification. The table below summarizes the eligible 2023 deadlines for papers that received a revise decision or reject decision for a paper submitted to IEEE S&P’23 for each of the three 2023 cycles.

2023 deadlines Revise decision
Eligible 2024 deadlines
Reject decision
Eligible 2024 deadlines
First 2023
(April 1, 2022)
None Any 2024 deadline
Second 2023
(August 19, 2022)
First deadline
(April 13,2023)
Second deadline
(Aug 3, 2023)
Third deadline
(Dec 6, 2023)
Third 2023
(Dec 2, 2022)
First deadline
(April 13, 2023)
Second deadline
(August 3, 2023)
Third deadline
(Dec 6, 2023)

Instructions for Paper Submission

These instructions apply to both the research papers and systematization of knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy.

Anonymous Submission

Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text. When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself. Papers that are not properly anonymized may be rejected without review. PC members who have a genuine conflict of interest with a paper, including the PC Co-Chairs and the Associate Chairs, will be excluded from evaluation and discussion of that paper.

While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors should refrain from widely advertising their results, but in special circumstances they should contact the PC chairs to discuss exceptions. Authors are not allowed to directly contact PC members to discuss their submission.

The submissions will be treated confidentially by the PC chairs and the program committee members. Program committee members are not allowed to share the submitted papers with anyone, with the exception of qualified external reviewers approved by the program committee chairs. Please contact the PC chairs if you have any questions or concerns.

Conflicts of Interest

During submission of a research paper, the submission site will request information about conflicts of interest of the paper’s authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:

  1. The PC member is a co-author of the paper.

  2. The PC member has been a co-worker in the same company or university within the past two years.
    • For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization.
  3. The PC member has been a collaborator within the past two years.

  4. The PC member is or was the author’s primary thesis advisor, no matter how long ago.

  5. The author is or was the PC member’s primary thesis advisor, no matter how long ago.

  6. The PC member is a relative or close personal friend of the author.

For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection.

Research Ethics Committee

Similar to 2023, IEEE S&P 2024 has a research ethics committee (REC) that will check papers flagged by reviewers as potentially including ethically fraught research. The REC will review flagged papers and may suggest to the PC Chairs rejection of a paper on ethical grounds. The REC consists of members of the PC. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research.

Ethical Considerations for Vulnerability Disclosure

Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days to 90 days ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research

Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

  1. Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards (IRB) if applicable.
  2. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Financial and Non-financial competing interests

In the interests of transparency and to help readers form their own judgements of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, “Author X is on the Technical Advisory Board of the ByteCoin Foundation,” or “Professor Y is the CTO of DoubleDefense, which specializes in malware analysis.” More information regarding this policy is available here.

Page Limit and Formatting

Submitted papers may include up to 13 pages of text and up to 5 pages for references and appendices, totaling no more than 18 pages. The same applies to camera-ready papers, although, at the PC chairs’ discretion, additional pages may be allowed for references and appendices. Reviewers are not required to read appendices.

Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors may use the IEEE conference proceedings templates. LaTeX submissions using the IEEE templates should use IEEEtran.cls version 1.8b with options "conference,compsoc." (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.) Whether or not a submission uses the IEEE templates, the authors alone are responsible for ensuring that their paper complies with the formatting guidelines above (column size, margins, font size, line spacing etc.). All submissions will be automatically checked for conformance to these requirements. Failure to adhere to the page limit and formatting requirements are grounds for rejection without review.

Significant Change Starting with the Second Deadline (August 3, 2023):

Papers must be formatted for US letter (not A4) size paper. All submissions must use the IEEE “compsoc” conference proceedings template. LaTeX submissions using the IEEE templates must use IEEEtran.cls version 1.8b with options “conference,compsoc.” (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.). See the “IEEE Demo Template for Computer Society Conferences” Overleaf template for an example.

Papers that fail to use the “compsoc” template (including using the non-compsoc IEEE conference template), modify margins, font, or line spacing, or use egregious space scrunching are subject to rejection without review. Authors are responsible for verifying the paper format. While HotCRP provides some automated checking, the checks are limited.

Conference Submission Server

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers.

Links to submission servers:

Cycle 1:
Cycle 2:
Cycle 3:

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to register and present the paper at the conference.

Program Committee

PC Chairs

Patrick Traynor University of Florida
William Enck North Carolina State University

Associate Chairs

Aanjhan RanganathanNortheastern University
Adam BatesUniversity of Illinois Urbana-Champaign
Andrew PaverdMicrosoft
Hamed OkhraviMIT Lincoln Laboratory
Matt FredriksonCarnegie Mellon University
Matteo MaffeiTU Wein
Micah SherrGeorgetown University
Sascha FahlCISPA
Tiffany BaoArizona State University
Yuan TianUniversity of California, Los Angelos

REC Chair

René Mayrhofer Johannes Kepler University Linz

PC Members

Abbas AcarFlorida International University
AbdelRahman AbdouCarleton University
Abhishek JainJohns Hopkins University
Adam OestPaypal, Inc.
Adam DoupéArizona State University
Adam BatesUniversity of Illinois at Urbana-Champaign
Adwait NadkarniWilliam & Mary
Ajith SureshTechnology Innovation Institute (TII)
Alena NaiakshinaRuhr University Bochum
Alessandra ScafuroNCSU
Alexander BlockGeorgetown University & University of Maryland, College Park
Alfred ChenUniversity of California, Irvine
Alina OpreaNortheastern University
Allison McDonaldBoston University
Amit Kumar SikderGeorgia Institute of Technology
Andrei SabelfeldChalmers University of Technology
Ang ChenRice University
Angelos StavrouVirginia Tech
Aniket KatePurdue University / Supra
Anindya MaitiUniversity of Oklahoma
Anupam DasNorth Carolina State University
Apu KapadiaIndiana University Bloomington
Aravind MachiryPurdue University
Aurélien FrancillonEURECOM
Ben StockCISPA Helmholtz Center for Information Security
Benjamin UjcichGeorgetown University
Benjamin DowlingThe University of Sheffield
Blaine HoakUniversity of Wisconsin-Madison
Blase UrUniversity of Chicago
Bogdan GrozaUniversitatea Politehnica Timisoara
Brad ReavesNorth Carolina State University
Brendan SaltaformaggioGeorgia Tech
Byoungyoung LeeSeoul National University
Carrie GatesBank of America
Carter YagemannThe Ohio State University
Casey MeehanVector Institute
Chaowei XiaoArizona State University
Chengyu SongUC Riverside
Christian WressneggerKarlsruhe Institute of Technology (KIT)
Christian PeetersHarbor Labs
Christina GarmanPurdue University
Christina PöpperNew York University Abu Dhabi
Christopher A. Choquette-ChooGoogle Research, Brain Team
Claudio SorienteNEC laboratories Europe
Cristian-Alexandru StaicuCISPA Helmholtz Center for Information Security
Daniel GenkinGeorgia Tech
Daniel VotipkaTufts University
Dave (Jing) TianPurdue University
David BarreraCarleton University
David CashUniversity of Chicago
Debajyoti DasKU Leuven
Deepak KumarStanford University
Derrick McKeeMIT Lincoln Laboratory
Dimitrios PapadopoulosThe Hong Kong University of Science and Technology
Dominik WermkeCISPA
Drew DavidsonUniversity of Kansas
Earlence FernandesUC San Diego
Eleonora LosioukUniversity of Padua
Emily WengerUniversity of Chicago and Meta AI
Eric PauleyUniversity of Wisconsin-Madison
Ethan CecchettiUniversity of Maryland / University of Wisconsin - Madison
Evgenios KornaropoulosGeorge Mason University
Eyal RonenTel Aviv University
Eyal RonenTel Aviv University
Fabio PierazziKing's College London
Faysal ShezanUniversity of Texas at Arlington
Fengwei ZhangSouthern University of Science and Technology (SUStech)
Florian SchaubUniversity of Michigan
Florian KerschbaumUniversity of Waterloo
Florian TramèrETH Zürich
Fnu SuyaUniversity of Maryland
Frank LiGeorgia Institute of Technology
Frank PiessensKU Leuven
Franziska BoenischVector Institute
Furkan AlacaQueen's University
Gang WangUniversity of Illinois at Urbana-Champaign
Gary TanThe Pennsylvania State University
Georgios PortokalidisIMDEA Software Institute
Ghassan KarameRuhr-University Bochum
Giancarlo PellegrinoCISPA Helmholtz Center for Information Security
Giovanni CamuratiETH Zurich
Grant HoUCSD and UChicago
Guevara NoubirNortheastern University
Guillermo Suarez-TangilIMDEA Networks Institute
Habiba FarrukhPurdue University
Hang ZhangGeorgia Institute of Technology
Haya ShulmanGoethe-Universität Frankfurt | Fraunhofer SIT | ATHENE
Heather ZhengUniversity of Chicago
Heng YinUniversity of California Riverside
Hovav ShachamThe University of Texas at Austin
Hyungjoon KooSungkyunkwan University
Ioana BoureanuUniv. of Surrey, Surrey Centre for Cybersecurity
Jason NiehColumbia University
Jeremiah BlockiPurdue University
Jianjun ChenTsinghua University
Jiarong XingRice University
Jiska ClassenTU Darmstadt, SEEMOO
Johanna UllrichSBA Research/University of Vienna
Jon McCuneGoogle LLC
Jun HanYonsei University
Kangjie LuUniversity of Minnesota
Karen SowonPostdoctoral research associate, Carnegie Mellon University
Kartik NayakDuke University
Kassem FawazUniversity of Wisconsin-Madison
Kavita KumariTechnical University of Darmstadt
Kelsey FultonColorado School of Mines
Kevin BorgolteRuhr University Bochum
Kevin ButlerUniversity of Florida
Kexin PeiColumbia University
Kovila P.L. CoopamootooKing's College London
Lejla BatinaRadboud University
Leonardo BabunJohns Hopkins Applied Physics Laboratory
Liang WangPrinceton University
Lianying ZhaoCarleton University
Liqun ChenUniversity of Surrey
Liz IzhikevichStanford University
Luis VargasHarbor Labs
Lujo BauerCarnegie Mellon University
Mahmood SharifTel Aviv University
Marco SquarcinaTU Wien
Mariana RaykovaGoogle
Markus MiettinenTechnical University of Darmstadt
Marshini ChettyUniversity of Chicago
Mathy VanhoefKU Leuven
Matthew LentzDuke University
Mauro ContiUniversity of Padua
Michael ReiterDuke University
Michael WaidnerTechnische Universität Darmstadt
Michail ManiatakosNYU Abu Dhabi
Michalis PolychronakisStony Brook University
Mridula SinghCISPA Helmholtz Center for Information Security
Murtuza JadliwalaUniversity of Texas at San Antonio
Nick NikiforakisStony Brook University
Nicolas PapernotUniversity of Toronto and Vector Institute and Google
Nikita BorisovUniversity of Illinois at Urbana-Champaign
Nikos VasilakisBrown University
Ning ZhangWashington University in St. Louis
Noel WarfordUniversity of Maryland
Olivier LevillainTélécom SudParis
Olya OhrimenkoThe University of Melbourne
Omar ChowdhuryStony Brook University
Omer AkgulUniversity of Maryland
Panos PapadimitratosKTH Royal Institute of Technology
Pardis Emami-NaeiniDuke University
Patrick McDanielUniversity of Wisconsin-Madison
Paul PearceGeorgia Institute of Technology
Paul MartinHarbor Labs
Peter SnyderBrave Software
Pratyush MishraUniversity of Pennsylvania
Qiushi WuUniversity of Minnesota
Quinn BurkeUniversity of Wisconsin-Madison
Rahul ChatterjeeUniversity of Wisconsin-Madison
Rakibul HasanArizona State University
Ramakrishnan Sundara RamanUniversity of Michigan
Ramya Jayaram MastiAmpere Computing
Reza ShokriNational University of Singapore
Ruoyu “Fish” WangArizona State University
Ryan WailsGeorgetown University & U.S. Naval Research Laboratory
Ryan SheatsleyUniversity of Wisconsin-Madison
Saba EskandarianUniversity of North Carolina at Chapel Hill
Saman ZonouzGeorgia Tech
Santiago Torres-AriasPurdue University
Sara RampazziUniversity of Florida
Sathvik PrasadNorth Carolina State University
Sazzadur RahamanUniversity of Arizona
Sebastian RothTU Wien
Selcuk UluagacFlorida International University
Serge EgelmanUC Berkeley / ICSI / AppCensus, Inc.
Shamaria EngramMIT Lincoln Laboratory
Shitong ZhuMeta Platforms, Inc.
Shruti TopleMicrosoft
Shuai WangHKUST
Sisi DuanTsinghua University
Sofia CeliBrave Software
Soheil KhodayariCISPA Helmholtz Center for Information Security
Srdjan CapkunETH Zurich
Suman JanaColumbia University
Sunil ManandharIBM Research
Sven BugielCISPA Helmholtz Center for Information Security
Sze Yiu ChauThe Chinese University of Hong Kong
Takeshi SugawaraThe University of Electro-Communications
Tianhao WangUniversity of Virginia
Tobias FiebigMax-Planck-Institut für Informatik
Tushar JoisJohns Hopkins University
Tyler KaczmarekMIT Lincoln Laboratory
Vasileios KemerlisBrown University
Vincent BindschaedlerUniversity of Florida
Vipul GoyalNTT Research and CMU
Wajih Ul HassanUniversity of Virginia
Wei MengThe Chinese University of Hong Kong
Weiteng ChenMicrosoft Research, Redmond
Wenjing LouVirginia Tech
William RobertsonNortheastern University
Xiaojing LiaoIndiana University Bloomington
Xiapu LuoThe Hong Kong Polytechnic University
Xinlei HeCISPA Helmholtz Center for Information Security
Xusheng XiaoArizona State University
Yan ChenNorthwestern University
Yang ZhangCISPA Helmholtz Center for Information Security
Yanick FratantonioGoogle
Yasemin AcarPaderborn University & George Washington University
Yasemin AcarPaderborn University
Yinzhi CaoJohns Hopkins University
Yixin SunUniversity of Virginia
Yongdae KimKAIST
Yuval YaromUniversity of Adelaide
Z. Berkay CelikPurdue University
Zakir DurumericStanford University
Zane MaGeorgia Institute of Technology
Zhen HuangDePaul University
Zhiqiang LinOhio State University
Zhiyun QianUniversity of California, Riverside
Ziqiao ZhouMicrosoft Research