TBA AT THE TBA, MONTREAL, CANADA
48th IEEE Symposium on
Security and Privacy
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice.
Topics of interest include:
This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.
As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io.
Similar to 2026, for each submission, one of the following decisions will be made:
Accept: Papers in this category will be accepted for publication in the proceedings and presentation at the conference. Within one month of acceptance, all accepted papers must submit a camera-ready copy incorporating reviewer feedback. The papers will immediately be published, open access, in the Computer Society’s Digital Library, and they may be cited as “To appear in the IEEE Symposium on Security & Privacy, May 2027”.
Reject: Papers in this category are declined for inclusion in the conference. Rejected papers must wait for one year, from the date of original submission, to resubmit to IEEE S&P. A paper will be judged to be a resubmit (as opposed to a new submission) if the paper is from the same or similar authors, with a very similar intellectual contribution, and a reviewer could write a substantially similar summary of the paper compared with the original submission. A paper that is completely rewritten and has a new presentation but the same intellectual contribution is considered a resubmission. Small extensions on the same paper or just slightly changing the angle of presentation of the results is considered a resubmission.
Resubmissions or double-submissions to other conferences will result in submission penalties to all the authors for more than one year. Note that the registration deadline is included in double-submissions – papers that are under submission elsewhere at the time of the registration deadline cannot be registered at S&P, even if they may be rejected from the other venue between the registration and submission deadlines.
Public Meta-Reviews: Similar to 2026, all accepted papers will be published with a meta-review (< 500 words) in the final PDF that lists: (a) the reasons the PC decided to accept the paper and (b) concerns the PC has with the paper. Authors will be given the option to write a response to the meta-review (< 500 words) which will be published as part of the meta-review. Authors will be given a draft meta-review at the time of acceptance. Authors will be given the option of addressing some or all of the concerns while preparing their camera ready. A shepherd will remove concerns from the meta-review if they are sufficiently addressed by the revisions made.
The goal of this process is to provide greater transparency and to better scope change requests made by reviewers. More information about the reasons behind this change can be found on the 2024 IEEE S&P website.
Note that under this acceptance process, there is no conditional acceptance so papers submitted will be reviewed as is and accepted based on the material that was submitted at the paper submission deadline, with the exception of additional material explicitly requested by the reviewers as part of the rebuttal process (see the Rebuttal Format section below).
The number of papers accepted to IEEE S&P continues to grow substantially each year. Due to conference venue limitations and costs, each accepted paper will have: (a) a short talk presentation (e.g., 5-7 minutes, length determined based on the number of accepted papers) and (b) a poster presentation immediately following the talk session containing the paper. All accepted papers are required to present both a short talk and a poster.
Papers reaching the second round of reviewing will be given an opportunity to write a rebuttal to reviewer questions. The program committee will assign each paper one of the following two rebuttal options:
More instructions will be sent to the authors at the beginning of the rebuttal period and will indicate clearly which rebuttal option was assigned to the submission. Failure to follow the instructions sent at the beginning of the rebuttal (for example, submitting rebuttals over the word count limit, including new material when a paper was assigned a non-interactive rebuttal, or including new material that was not requested by the reviewers in an interactive rebuttal) will result in immediate rejection. The rebuttal period described here is separate from the meta-review rebuttal given to accepted papers.
Any papers rejected during the rebuttal period must wait for one year, from the date of original submission, to resubmit to IEEE S&P.
All deadlines are 23:59:59 AoE (UTC-12).
Abstract registration deadline means full and complete abstract, complete list of authors with their ORCIDs, and conflicts of interest declared on HotCRP. Neither the title, abstract, nor the author list can be changed after the abstract registration deadline. Conflicts of interest will be reviewed by the PC chairs and the authors will be given an opportunity to address any discrepancies identified before the paper submission deadline.
As with previous IEEE S&P symposia with multiple submission cycles, rejected papers must wait one year before resubmission to IEEE S&P.
These instructions apply to both the research papers and systematization of knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy.
Any author may submit no more than 6 papers per cycle. In the event an author registered more than 6 papers in a cycle, all the paper registrations they submitted in that cycle will be desk rejected. To avoid any ambiguity, this means that the submission cap is enforced at the abstract registration deadline.
Papers must be submitted in a form suitable for anonymous review: no author names or affiliations (whether they are real or the default fake names included in the IEEE template) may appear on the title page, and papers should avoid revealing authors’ identity in the text. Authors should also take care in not including acknowledgments that help identify them (e.g., funding information, names of colleagues who gave feedback on the paper). When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself.
When preparing the artifacts repository authors should take extra care to not include authors’ information in the repository or artifacts content, so as not to break the anonymity of the paper submission. Authors may want to consider using services such as GitFront or Anonymous GitHub. Additionally, authors should make sure to use account names and repository names that do not identify the authors, and should remove any comments/text in the repository that may directly identify the authors or the authors’ institution.
Papers that are not properly anonymized may be rejected without review.
While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors should refrain from widely advertising their results, but in special circumstances they should contact the PC chairs to discuss exceptions. Authors are not allowed to directly contact PC members to discuss their submission.
The submissions will be treated confidentially by the PC chairs and the program committee members. Program committee members are not allowed to share the submitted papers with anyone, with the exception of qualified external reviewers approved by the program committee chairs. Please contact the PC chairs if you have any questions or concerns.
Papers that are desk rejected because they do not follow the template formatting rules or break anonymity, and do not receive reviews, can be resubmitted at the next cycle. (Papers that break anonymity and are discovered during the review process, once reviews have been completed, must wait for one year before being resubmitted to S&P.)
Papers are strongly encouraged to provide artifact repositories that are anonymized as described above. Artifact repositories must not be updated after the paper deadline has passed. Theoretical papers are strongly encouraged to submit the proofs as artifacts on such repositories at paper submission time.
PC members who have a genuine conflict of interest with a paper, including the PC Co-Chairs and the Associate Chairs, will be excluded from evaluation and discussion of that paper. During submission of an abstract, the submission site will request information about conflicts of interest of the paper’s authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members before the abstract registration deadline, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds (the option you should select on HotCRP is listed within brackets):
For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict via the corresponding field in the HotCRP submission entry, such that the PC chairs can review the conflict and confirm it is appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection. Because it would not be possible to handle conflicts of interest retroactively, changes to the author list are not permitted after submission (see section on Authorship below). Authors are responsible for reading the entire list of PC members. Talking to someone about work submitted to S&P does not necessarily constitute a conflict of interest, but the authors should refrain from mentioning the name of the venue the work was submitted to when presenting it.
COI developed during the reviewing process: Authors starting new collaborations during the review period should make all their new collaborators aware that they have submitted papers to S&P.
All papers must complete the “Ethics Considerations” field when registering a paper on HotCRP to make the relevant disclosures. Authors are also welcome to add relevant details to their submitted PDF (in the body or appendix of the paper), but regardless, authors of accepted papers will be asked to add the “Ethics Considerations” section itself to their manuscript at the camera ready stage, where it will not count toward page limits. We expect this will rarely be the case, but if there are no Ethics considerations, the content of this field should be “None.” That said, we encourage authors to outline how they arrived at the conclusion that their work does not involve Ethics considerations; otherwise reviewers will have more difficulty assessing this themselves.
Similar to 2026, IEEE S&P 2027 has a research ethics committee (REC) that will check papers flagged by reviewers as potentially including ethically fraught research. The REC will review flagged papers and may suggest to the PC Chairs rejection of a paper on ethical grounds. The REC consists of members of the PC. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research.
If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submission
Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns.
Authors are strongly recommended to disclose vulnerabilities in their original submission. If that is not possible, authors should provide details of why they have not disclosed the vulnerabilities yet, and what is their disclosure plan. That is, the version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities.
Authors are required to disclose vulnerabilities no later than the rebuttal deadline. If this is not possible, the authors should notify the PC chairs by email as soon as possible. Longer disclosure windows are at the discretion of the PC chairs and will only be considered in exceptional situations.
Because there are no conditional accepts, reviewers can treat the lack of disclosure of vulnerabilities as a concern that can lead to rejection: reviewers need to make decisions based on the information provided at the submission and rebuttal time. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.
Note: Submitted papers should not include full CVE identifiers in order to preserve the anonymity of the submission.
Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
If a submission deals with any kind of personally identifiable information (PII) or other kinds of sensitive data, the Ethical Considerations field submitted through HotCRP must discuss in detail the steps the authors have taken to mitigate harms to the persons identified.
Submissions that describe experiments involving measuring, testing, exploiting, or otherwise interacting with live systems that do not belong to the authors should discuss in detail the steps the authors have taken to mitigate harm or disruption to these systems. Harm or disruption could include (but is not limited to) accessing confidential information, overwriting data, disrupting normal system operations, wasting resources or employee time at the organizations hosting the system under study, and upsetting or confusing owners, operators, or users of the system under study. Submissions should:
Submissions that develop new tools or technologies – including but not limited to new modes of attack or new tools for privacy or anonymity – should discuss in detail whether and how these tools could be used for harm. In particular, submissions should:
In the interests of transparency and to help readers form their own judgement of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, “Author X is on the Technical Advisory Board of the ByteCoin Foundation,” or “Professor Y is the CTO of DoubleDefense, which specializes in malware analysis.” More information regarding this policy is available here.
Submitted papers may include up to 13 pages of text and up to 5 pages for references and appendices, totaling no more than 18 pages. All text and figures past page 13 must be clearly marked as part of the appendix. The final camera-ready paper must be no more than 18 pages, although, at the PC chairs’ discretion, additional pages may be allowed. Reviewers are not required to read appendices. For SoK papers, the references do not count towards the number of pages.
Submitted papers cannot use additional pages at submission time without the explicit approval of PC Chairs. Papers that are over the allowed number of pages will be rejected without review.
Papers must be formatted for US letter (not A4) size paper. All submissions must use the IEEE “compsoc” conference proceedings template. LaTeX submissions using the IEEE templates must use IEEEtran.cls version 1.8b with options “conference,compsoc.” (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.). See the “IEEE Demo Template for Computer Society Conferences” Overleaf template for an example. We are not aware of an MS Word template that matches this style.
Papers that fail to use the “compsoc” template (including using the non-compsoc IEEE conference template), modify margins, font, or line spacing, or use egregious space scrunching are subject to rejection without review. Authors are responsible for verifying the paper format (e.g., compare with the above linked Overleaf template). While HotCRP provides some automated checking, the checks are limited. Note that some LaTeX packages (e.g., \usepackage{usenix}) override the compsoc formatting and must be removed.
A paper can be withdrawn at any point before the reviews have been sent to the authors. Once the reviews have been sent to the authors, the paper can not be withdrawn.
Changes to the authorship list (adding, removing, reordering authors) are not permitted after the abstract registration deadline. Once the paper is accepted, the authors can request approval from the TPC Chairs to make changes to the ordering or affiliation in justified circumstances. If authors anticipate that they might change affiliation during the time the paper is under submission it is recommended to mark both the current and future institution as COI. Per the generative AI policy found below, an AI cannot be listed as an author of a submission.
ORCID requirement: All authors are required to submit an ORCID number at abstract submission time. You can obtain an ORCID number here. ORCID accounts must use emails that are identical with the ones used in HotCRP for the paper submission, and they must include complete names that match the names of the authors listed on HotCRP. Papers that do not submit ORCID numbers for all authors and do not follow the rules above will be desk rejected.
Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers.
Submission servers:
IMPORTANT: The authors are responsible for having a draft submitted 24 hours before the deadline. Submissions that failed because the submission server crashed either (a) within 24 hours of the submission deadline or (b) after the submission deadline will not be accepted. The PC Chairs will not respond to emails about this issue.
Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to register and present the paper at the conference.
It is the responsibility of all authors to be familiar with the conference CFP and the policies it specifies.
As an IEEE conference, S&P follows the IEEE Policy about the use of generative AI which can be found here: https://pspb.ieee.org/images/files/PSPB/opsmanual.pdf
Additionally, papers submitted at S&P must adhere to the following policy. (This is based on the policy created by IEEE SaTML 2026).
Authors are permitted to use generative AI (e.g., large language models), both as an object of study and when preparing their paper. However, while the conference does not ban authors from using generative AI or researching its security and privacy properties, authors must (a) carefully consider their decision to use and/or study generative AI and (b) are required to disclose and motivate the use of generative AI in their submission. If the authors choose to use or study generative AI in their work–whether as part of their research methodology and/or in the process of preparing the manuscript–they must complete the “Generative AI usage considerations” field on HotCRP when registering their paper to make the relevant disclosures.
We ask that authors adhere to three key criteria with regards to their use of generative AI in the scientific process:
Failure to comply with these rules is grounds for desk rejection without further review of the submission and may be accompanied by a submission ban for all the authors (for more than one year) at the discretion of the PC chairs. We note that generative AI technology is rapidly evolving. Authors are encouraged to reach out proactively to the PC chairs should they face uncertainties about the above rules or how they apply to their research.
The Program Committee Chairs maintain the discretionary authority to implement administrative measures not explicitly codified in the Call for Papers to safeguard the integrity and fairness of the peer-review process.
| Michelle Mazurek | University of Maryland |
| Nicolas Papernot | University of Toronto and Vector Institute and Google DeepMind |
| Sahar Abdelnabi | ELLIS |
| Varun Chandrasekaran | UIUC |
| Giovanni Cherubin | Microsoft Research |
| Daniele Cono D'Elia | La Sapienza |
| Christina Garman | Purdue University |
| Marco Guarnieri | IMDEA Software Institute |
| Grant Ho | University of Chicago |
| Amir Houmansadr | University of Massachusetts Amherst |
| Limin Jia | CMU |
| Frank Li | Georgia Institute of Technology |
| Adwait Nadkarni | William & Mary |
| Sara Rampazzi | University of Florida |
| Vera Rimmer | DistriNet KU Leuven |
| Stephanie Roos | University of Kaiserslautern-Landau |
| Yuan Tian | UCLA |
| Blase Ur | University of Chicago |
| Tianhao Wang | University of Virginia |
| Sofía Celi | Brave |
| Bogdan Carbunar | FIU |
| Aaron Johnson | U.S. Naval Research Laboratory |
| Aashish Kolluri | Microsoft |
| AbdelRahman Abdou | Carleton University |
| Abhiram Kothapalli | University of California, Berkeley |
| Adam Bates | University of Illinois at Urbana-Champaign |
| Adam Caulfield | University of Waterloo |
| Adam Oest | Amazon |
| Adil Ahmad | Arizona State University |
| Adrien Koutsos | Inria Paris |
| Ahmad-Reza Sadeghi | Technical University Darmstadt |
| Akshita Maradapu Vera Venkata Sai | Towson University |
| Alberto Sonnino | UCL, Mysten Labs |
| Alejandro Russo | Chalmers University of Technology, Göteborg University, DPella AB |
| Alessandro Brighente | University of Padova |
| Alexander Hoover | Stevens Institute of Technology |
| Alexander Viand | Belfort Labs / Cambridge University |
| Alexandra Henzinger | MIT |
| Alexandre Debant | Inria Nancy, France |
| Alexios Voulimeneas | TU Delft |
| Ali Abbasi | CISPA Helmholtz Center for Information Security |
| Ali Hajiabadi | ETH Zurich |
| Allison McDonald | Boston University |
| Alvaro Cardenas | UC Santa Cruz |
| Amit Ami | University of South Florida |
| Amit Kumar Sikder | Iowa State University |
| Amrita Roy Chowdhury | UCSD |
| Ana-Maria Cretu | CISPA |
| Ananta Soneji | Arizona State University |
| Andre Kassis | University of Waterloo |
| Anna Crowder | University of Florida |
| Anshuman Suri | DatologyAI |
| Antreas Dionysiou | Delft University of Technology (TU Delft) |
| Anwar Hithnawi | Toronto |
| Apostolos Pyrgelis | RISE Research Institutes of Sweden |
| Aravind Machiry | Purdue University |
| Arjun Arunasalam | Florida International University |
| Arslan Khan | Pennsylvania State University |
| Arthur Azevedo de Amorim | Rochester Institute of Technology |
| Arthur Gervais | University College London (UCL) |
| Awais Rashid | University of Bristol |
| Aymeric Fromherz | Inria Paris |
| Aysajan Abidin | COSIC KU Leuven |
| Bart Coppens | Ghent University |
| Basavesh Ammanaghatta Shivakumar | Virginia Tech |
| Benjamin Beurdouche | Mozilla |
| Benjamin Dowling | King's College London |
| Benny Pinkas | Bar Ilan University and Apple |
| Bhupendra Acharya | University of Louisiana at Lafayette |
| Bijeeta Pal | Uber |
| Bimal Viswanath | Virginia Tech |
| Binghui Wang | Illinois Institute of Technology |
| Bo Chen | Michigan Technological University |
| Bogdan Kulynych | Lausanne University Hospital |
| Brendan Saltaformaggio | Georgia Tech |
| Bruno Blanchet | Inria |
| Byoungyoung Lee | Seoul National University |
| Carmela Troncoso | EPFL |
| Carrie Gates | N/A |
| Cas Cremers | CISPA Helmholtz Center for Information Security |
| Catuscia Palamidessi | Inria |
| Ce Zhou | Missouri S&T |
| Changyu Dong | Guangzhou University |
| Chenglong Fu | University of North Carolina at Charlotte |
| Chengyu Song | UC Riverside |
| Christian Mouchet | Unaffiliated |
| Christian Wressnegger | Karlsruhe Institute of Technology (KIT) |
| Christina Poepper | New York University Abu Dhabi |
| Christopher Kruegel | UC Santa Barbara |
| Clara Schneidewind | MPI-SP |
| Claudio Soriente | GMV Spain |
| Daniel Genkin | Georgia Tech |
| Daniele Antonioli | EURECOM |
| Dave Tian | Purdue University |
| David Barrera | Carleton |
| David Heath | University of Illinois Urbana-Champaign |
| David Inyangson | Johns Hopkins University |
| David Zage | Intel Corporation |
| Davide Balzarotti | EURECOM |
| Davide Maiorca | University of Cagliari, Italy |
| Deepak Kumar | University of California San Diego |
| Dimitar Dimitrov | INSAIT, Sofia University “St. Kliment Ohridski” |
| Dimitrios Stavrakakis | Technical University of Munich |
| Diogo Barradas | University of Waterloo |
| Dominik Wermke | North Carolina State University |
| Dongwei Xiao | Hong Kong University of Science and Technology |
| Earlence Fernandes | UC San Diego |
| Ee-Chien Chang | National University of Singapore |
| Eleonora Losiouk | University of Padova |
| Elisaweta Masserova | CMU |
| Emiliano De Cristofaro | UC Riverside |
| Emily Wenger | Duke University |
| Emma Dauterman | Stanford University |
| Eric Pauley | Virginia Tech/Terrace Networks |
| Eric Zeng | Georgetown University |
| Erica Blum | |
| Eugene Bagdasarian | Cornell University |
| Euijin Choo | University of Alberta |
| Evgenios Kornaropoulos | George Mason University |
| Eyal Ronen | Tel Aviv University |
| Fabio De Gaspari | Sapienza University of Rome |
| Fabio Pierazzi | King's College London |
| Faysal hossain Shezan | University of Texas at Arlington |
| Fengwei Zhang | Southern University of Science and Technology (SUSTech) |
| Fengyuan Xu | Nanjing University |
| Florentin Rochet | University of Namur |
| Florian Kerschbaum | University of Waterloo |
| FNU Suya | UT, Knoxville |
| Ghada Almashaqbeh | University of Connecticut |
| Ghassan Karame | Ruhr University Bochum |
| Giancarlo Pellegrino | CISPA Helmholtz Center for Information Security |
| Giovanni Apruzzese | Reykjavik University |
| Guanhong Tao | University of Utah |
| Guannan Wei | Tufts University |
| Guofei Gu | Texas A&M University |
| Habiba Farrukh | University of California, Irvine |
| Haipeng Cai | University at Buffalo, SUNY |
| Hanshen Xiao | Nvidia |
| Hao Chen | University of California, Davis |
| Haotian Zhang | NJIT |
| Harry Wai Ho Wong | National Yang Ming Chiao Tung University |
| Harshavardhan Unnibhavi | TU Munich |
| Heather Zheng | University of Chicago |
| Heng Yin | University of California, Riverside |
| Henri Devillez | CNRS, LORIA |
| Hervé Debar | Telecom SudParis |
| Hieu Le | Independent Researcher |
| Hongxin Hu | University at Buffalo |
| Hovav Shacham | UCSD |
| Hugo Lefeuvre | University of British Columbia |
| Hyungsub Kim | Indiana University Bloomington |
| Ian Miers | UMD |
| Ioana Boureanu | Surrey Centre for Cyber Security, Univ. of Surrey, UK |
| Ivan De Oliveira Nunes | University of Zurich |
| Jamie Hayes | Google DeepMind |
| Jaron Mink | Arizona State University |
| Jason Nieh | Columbia University |
| Javier Carnerero-Cano | IBM Research |
| Jean-Luc Watson | NVIDIA |
| Jean-Philippe Monteuuis | Qualcomm |
| Jianliang Wu | Simon Fraser University |
| Jie Zhou | The George Washington University |
| Jingxuan He | University of California, Berkeley |
| Jinyuan Jia | PSU |
| Jiska Classen | Hasso Plattner Institute, University of Potsdam |
| Jon McCune | Google LLC |
| Jonathan Katz | |
| Joseph Bonneau | New York University |
| Joseph Khoury | Louisiana State University |
| Joseph Lallemand | CNRS, IRISA, Univ. Rennes |
| Julia Len | UNC |
| Julien Piet | |
| Jun Han | KAIST (Please note the change of my affiliation from Yonsei University as I recently moved to KAIST.) |
| Kaihua Qin | University of Warwick |
| Kaiming Huang | The Pennsylvania State University |
| Kangjie Lu | University of Minnesota |
| Kari Kostiainen | ETH Zurich |
| Kathrin Grosse | Independent Researcher |
| Kaushal Kafle | University of South Florida |
| Kaveh Razavi | ETH Zurich |
| Kavous Salehzadeh Niksirat | Max Planck Institute for Security and Privacy (MPI-SP) |
| Kelsey Fulton | Colorado School of Mines |
| Kentrell Owens | Max Planck Institute for Security and Privacy (MPI-SP) |
| Kevin Butler | University of Florida |
| Kévin Huguenin | University of Lausanne |
| Khandakar Ashrafi Akbar | Towson University |
| Kimberly Ruth | University of Chicago |
| Klaus v. Gleissenthall | VU Amsterdam |
| Kyungtae Kim | Dartmouth College |
| Lachlan Gunn | Aalto University |
| Lei Zhang | University of Maryland, Balitmore County |
| Lesly-Ann Daniel | EURECOM |
| Lichao Wu | University of Bristol |
| Lorenzo De Carli | University of Calgary |
| Lucianna Kiffer | IMDEA Networks |
| Lucy Simko | Barnard College, Columbia University |
| Lujo Bauer | CMU |
| Mahmood Sharif | Tel Aviv University |
| Man-Ki Yoon | North Carolina State University |
| Marco Squarcina | TU Wien |
| Marcus Botacin | Texas A&M University |
| Marton Bognar | DistriNet, KU Leuven |
| Mary Ellen Zurko | MIT Lincoln Laboratory |
| Mathias Humbert | University of Lausanne |
| Mathias Payer | EPFL |
| Matthew Lentz | Duke University and Broadcom |
| Mauro Conti | University of Padua, Italy & Örebro University, Sweden |
| McKenna McCall | Colorado State University |
| Md Rayhanur Rahman | The University of Alabama |
| Md Tariqul Islam | University of Maryland Baltimore County (UMBC) |
| Meera Sridhar | University of North Carolina Charlotte |
| Meng Hao | Singapore Management University |
| Mert Pesé | Clemson University |
| Min Chen | Vrije Universiteit Amsterdam |
| Ming Shi | University at Buffalo (SUNY) |
| Mir Mehedi Pritom | Tennessee Tech University |
| Mohammad Saidur Rahman | University of Texas at El Paso |
| Moinul Hossain | George Mason University |
| Moritz Schloegel | ASU |
| Mridula Singh | CISPA Helmholtz Center for Information Security |
| Mu Zhang | University of Utah |
| Muoi Tran | Chalmers University of Technology |
| Murtuza Jadliwala | The University of Texas at San Antonio |
| Muslum Ozgur Ozmen | Arizona State University |
| Nader Sehatbakhsh | UCLA |
| Natalia Stakhanova | University of Saskatchewan |
| Natasha Fernandes | Macquarie University |
| Nathan Malkin | New Jersey Institute of Technology |
| Neil Gong | Duke University |
| Nick Sullivan | Cryptography Consulting |
| Nicolas Christin | CMU |
| Nikita Borisov | University of Illinois |
| Nils Lukas | MBZUAI |
| Ning Luo | UIUC |
| Ning Zhang | Washington University in St. Louis |
| Ninghui Li | Perplexity AI and Purdue University |
| Nishanth Chandran | Microsoft Research India |
| Nuno Santos | INESC-ID, Instituto Superior Técnico, University of Lisbon |
| Omar Chowdhury | Stony Brook University |
| Pardis Emami-Naeini | Duke University |
| Pedro Moreno-Sanchez | IMDEA Software Institute, MPI-SP |
| Peizhuo Lv | Nanyang Technological University |
| Peng Gao | Virginia Tech |
| Phani Vadrevu | Louisiana State University |
| Pierre Ayoub | LAAS-CNRS |
| Pierre Tholoniat | |
| Piyush Kumar | University of Michigan |
| Pramod Bhatotia | TU Munich |
| Pratik Sarkar | Obsidus Labs |
| Pratik Soni | University of Utah |
| Prianka Mandal | William and Mary |
| Pubali Datta | University of Massachusetts Amherst |
| Qiben Yan | Michigan State University |
| Qingzhao Zhang | The University of Arizona |
| Ravishankar Borgaonkar | SINTEF AS |
| Reethika Ramesh | Palo Alto Networks |
| Reham Mohamed Aburas | American University of Sharjah, UAE |
| Reihaneh Safavi-Naini | University of Calgary |
| Riad Wahby | CMU |
| Rikke Bjerg Jensen | Royal Holloway, University of London |
| Romain Cayre | INSA Toulouse / LAAS-CNRS |
| Ruoyu Song | Purdue University |
| Ryan Wails | Georgetown University |
| Saba Eskandarian | University of North Carolina at Chapel Hill |
| Sajin Sasy | CISPA Helmholtz Center for Information Security |
| Saman Zonouz | Georgia Tech |
| Samuel Marchal | VTT Technical Research Centre of Finland Ltd. |
| Sanghyun Hong | Oregon State University |
| Santiago Torres-Arias | Purdue University |
| Sarbartha Banerjee | Sarbartha Banerjee |
| Sathvik Prasad | North Carolina State University |
| Savvas Zannettou | Delft University of Technology |
| Sayak Saha Roy | Louisiana State University |
| Sazzadur Rahaman | University of Arizona |
| Sebastian Szyller | Aalto University |
| Sébastien Bardin | CEA Lisit & Université Paris-Saclay |
| Sébastien Gambs | Université du Québec à Montréal |
| Shagufta Mehnaz | Penn State |
| Shahnewaz Karim Sakib | The University of Tennessee at Chattanooga |
| Shangqi Lai | The University of Melbourne |
| Shengwei An | Virginia Tech |
| Shih-Wei Li | National Taiwan University |
| Shiqing Ma | University of Massachuseets Amherst |
| Shiza Ali | The George Washington University |
| Shouling Ji | Zhejiang University |
| Shruti Tople | Azure Research, Microsoft |
| Shuai Wang | Hong Kong University of Science and Technology |
| Siddharth Garg | NYU |
| Siddharth Muralee | Purdue University |
| Simon Oya | University of Waterloo |
| Simone Colombo | King's College London |
| Sisi Duan | Tsinghua University |
| Smirity Kaushik | The George Washington University |
| Solmaz Salimi | Sharif University of Technology |
| Song Li | Zhejiang University |
| Sourav Das | UIUC |
| Sri AravindaKrishnan Thyagarajan | University of Sydney |
| Stephen Herwig | William & Mary |
| Steve Kremer | Inria |
| Stjepan Picek | University of Zagreb & Radboud University |
| Sven Bugiel | CISPA Helmholtz Center for Information Security |
| Swarn Priya | Independent Researcher |
| Syed Rafiul Hussain | Pennsylvania State University |
| Sze Yiu Chau | Simon Fraser University |
| Taegyu Kim | Pennsylvania State University |
| Takao Murakami | The Institute of Statistical Mathematics (ISM) |
| Tanusree Sharma | Penn state |
| Tapti Palit | UC Davis |
| Teodora Baluta | National University of Singapore |
| Thang Hoang | Virginia Tech |
| Thomas Humphries | University of Waterloo |
| Thomas Nyman | Ericsson |
| Thomas Pasquier | University of British Columbia |
| Thorsten Eisenhofer | CISPA Helmholtz Center for Information Security |
| Thorsten Holz | Max Planck Institute for Security and Privacy |
| Thorsten Strufe | Karlsruhe Institute of Technology |
| Tiago Heinrich | Max Planck Institute for Informatics |
| Tianshi Li | Northeastern University |
| Tiantian Gong | Technion & Yale University |
| Tianwei Zhang | Nanyang Technological University |
| Ting Wang | StonyBrook |
| Tristan Bilot | University of British Columbia |
| Tudor Cebere | Inria |
| Tudor Dumitras | University of Maryland, College Park |
| Urs Hengartner | University of Waterloo |
| Varun Madathil | Yale University |
| Viktoria Koscinski | Colorado State University |
| Vincent Bindschaedler | UF |
| Vincent Immler | Oregon State University |
| Wajih Ul Hassan | University of Virginia |
| Weidong Zhu | Florida International University |
| Wenbo Guo | UCSB |
| Wendy Hui Wang | Stevens Institute of Technology |
| Wenhai Sun | Purdue |
| Wenjing Lou | Virginia Tech |
| Wenke Lee | Georgia Institute of Technology |
| Wenting Zheng | Carnegie Mellon University |
| Xi He | Waterloo |
| Xiangyu Zhang | |
| Xiao Wang | Northwestern University |
| Xiaochan Xue | University of Hawaii at Manoa |
| XiaoFeng Wang | NTU |
| Xiaojing Liao | University of Illinois Urbana-Champaign |
| Xiaoning Liu | RMIT University |
| Xinda Wang | University of Texas at Dallas |
| Xingliang Yuan | The University of Melbourne |
| Xugui Zhou | Louisiana State University |
| Xusheng Xiao | Arizona State University |
| Yang Xiao | University of Kentucky |
| Yanxue Jia | Illinois Institute of Technology |
| Yaxing Yao | Johns Hopkins University |
| Yibo Wang | University of Wyoming |
| Yidan Hu | Rochester Institute of Technology |
| Yigitcan Kaya | UC Santa Barbara |
| Yiming Li | Nanyang Technological University |
| Yinzhi Cao | Johns Hopkins University |
| Yizheng Chen | University of Maryland |
| Yongdae Kim | KAIST |
| Yoshimichi Nakatsuka | ETH Zurich |
| Yousra Aafer | University of Waterloo |
| Yu Zheng | UC Berkeley |
| Yuan Hong | University of Connecticut |
| Yuanyuan Yuan | Tsinghua University |
| Yuchen Yang | JHU |
| Yunang Chen | |
| Yunming Xiao | The Chinese University of Hong Kong, Shenzhen |
| Yupeng Zhang | University of Illinois Urbana Champaign |
| Yuzhe Tang | Syracuse University |
| Zahra Ghodsi | Purdue |
| Zane Ma | Oregon State University |
| Zephyr Yao | New Jersey Institute of Technology |
| Zhambyl Shaikhanov | University of Maryland, College Park |
| Zhenlan Ji | Nara Institute of Science and Technology |
| Zhikun Zhang | Zhejiang University |
| Zhiqiang Lin | The Ohio State University |
| Zhou Li | University of California, Irvine |
| Zhuotao Liu | Tsinghua University |
| Zhuqing Liu | University of North Texas |
| Zikai Alex Wen | University of Washington |
| Ziming Zhao | Northeastern University |
| Zimo Chai | Stanford |
| Ziqi Yang | Zhejiang University |
| Zongjie Li | The Hong Kong University of Science and Technology |