Contents

Past Conferences and Other Announcements - 2021

DependSys 2021 7th IEEE International Conference on Dependability in Sensor, Cloud, and Big Data Systems and Applications, Haikou, China, December 17-19, 2021. [posted here 7/12/21]
DependSys 2021 conference provides a forum for individuals, academics, practitioners, and organizations who are developing or procuring sophisticated computer systems on whose dependability of services they need to place great confidence. Future systems need to close the dependability gap in face of challenges in different circumstances. The emphasis will be on differing properties of such services, e.g., continuity, effective performance, real-time responsiveness, ability to overcome data fault, corruption, anomaly, ability to avoid catastrophic failures, prevention of deliberate privacy intrusions, reliability, availability, sustainability, adaptability, heterogeneity, security, safety, and so on.

For more information, please see http://www.ieee-cybermatics.org/2021/dependsys/.

AsianHOST 2021 Asian Hardware Oriented Security and Trust Symposium, Pudong, Shanghai, China, December 16-18, 2021. [posted here 6/21/21]
Historically, cybersecurity community believed that the underlying hardware is secure and trustworthy. However, the globalization of the IC supply chain invalidates the illusion of an isolated and trusted supply chain; the wide connection of computing devices also exposes new and powerful attack surfaces. Heavy reliance on third-party resources/services renders hardware security and trust a concern. With the advances in artificial intelligence and internet of things, the threat landscape is evolving with relentless new problems and challenges awaiting the hardware security community to address. Multi-disciplinary research and multi-pronged approaches are sought for the development of fully operational software and hardware platforms with enhanced security targeting different phases in the entire IC life cycle. Asian Hardware Oriented Security and Trust Symposium (AsianHOST) aims to facilitate the rapid growth of hardware security research and development in Asia and South Pacific areas. AsianHOST highlights new results in the area of hardware and system security. Relevant research topics include techniques, tools, design/test methods, architectures, circuits, and applications of secure hardware.

For more information, please see http://asianhost.org/2021/.

FPS 2021 14th International Symposium on Foundations & Practice of Security, Espace Hamelin, Paris, France, December 8-10, 2021. [posted here 9/20/21]
Protecting the communication and data infrastructure of an increasingly inter-connected world has become vital to the normal functioning of all aspects of our world. Security has emerged as an important scientific discipline whose many multifaceted complexities deserve the attention and synergy of the mathematical, computer science, and engineering communities. The aim of FPS is to discuss and exchange theoretical and practical ideas that address privacy and security issues in inter-connected systems. It aims to provide scientific presentations as well as to establish links, promote scientific collaborations, joint research programs, and student exchanges between institutions involved in this important and fast-moving research field. We welcome submissions spanning the full range of theoretical and applied work including user research, methods, tools, simulations, demos, and practical evaluations. Submissions should be 16 pages for full technical papers and 8 pages for short, position papers or demos including references. We also invite papers from researchers and practitioners working in security, privacy, trustworthy data systems, and related areas to submit their original papers. Special care will be given this year to Artificial Intelligence and Cybersecurity. Moreover we are interested in data sharing, data disclosure, individual tracking, and fake news regarding their impacts on security and privacy.

For more information, please see http://www.fps-2021.com/.

ICSS 2021 7th Annual Industrial Control System Security Workshop, Held in conjunction with the Annual Computer Security Applications Conference (ACSAC 2021), Virtual, December 7, 2021. [posted here 8/30/21]
Supervisory control and data acquisition (SCADA) and industrial control systems (ICS) monitor and control a wide range of industrial and infrastructure processes such as water treatment, power generation and transmission, oil and gas refining and steel manufacturing. Furthermore, the Industrial Internet of Things (IIoT) is rapidly expanding the interconnectivity of ICS environments and introducing many new threats. These environments have been identified as a key target of more generic threats (ransomware), along with more recent tailored nation-state threats targeting safety instrumented systems (Trisis). The critical requirement for high availability in SCADA and industrial control systems, along with the use of resource-constrained computing devices, legacy operating systems, and proprietary software applications limits the applicability of traditional information security solutions. The goal of this workshop is to explore new techniques to improve the security-critical control systems in the face of emerging threats. Papers of interest including (but not limited to) the following subject categories are solicited:
- IIoT security
- Intrusion detection and prevention
- Emerging threats to ICS
- Vulnerability analysis and risk management
- Digital forensics for ICS/PLCs
- ICS oriented cybersecurity education
- Performance evaluation of security methods and tools in control systems
- Innovative ICS/SCADA testbed designs
- Supply chain vulnerabilities and protections

For more information, please see https://www.acsac.org/2021/workshops/icss/ICSS_2021_CFP.pdf.

ACSAC 2021 Annual Computer Security Applications Conference, Virtual, December 6-10, 2021. [posted here 12/21/20]
The Annual Computer Security Applications Conference (ACSAC) brings together cutting-edge researchers, with a broad cross-section of security professionals drawn from academia, industry, and government, gathered to present and discuss the latest security results and topics. With peer reviewed technical papers, invited talks, panels, national interest discussions, and workshops, ACSAC continues its core mission of investigating practical solutions for computer and network security technology.

We invite you to submit your work to the conference. As an internationally recognized forum where practitioners, researchers, and developers meet to learn and to exchange practical ideas and experiences in computer and network security, we welcome your contributions. In addition to peer-reviewed papers on new work, we also welcome case studies on real-world applications, panels featuring interactive expert, and workshops comprised of 1-2 days sessions on hot topics.

For more information, please see https://www.acsac.org/.

HOST 2021 IEEE International Symposium on Hardware Oriented Security and Trust, Washington DC, USA, December 5-8, 2021. [posted here 12/21/20]
IEEE International Symposium on Hardware Oriented Security and Trust (HOST) – the premier event aims to facilitate the rapid growth of hardware-based security research and development and highlight new results in the area of hardware security – has opened the call for contributions. HOST 2021 invites original contributions in all areas of overlap between hardware and security.

For more information, please see http://www.hostsymposium.org/host2021/.

ASHES 2021 5th Workshop on Attacks and Solutions in Hardware Security, Co-located with ACM CCS 2021, Seoul, South Korea, November 19, 2021. [posted here 7/12/21]
ASHES deals with any aspects of hardware security, and welcomes any contributions in this area, including practical, implementation-related, or theoretical works. Among others, ASHES particularly highlights emerging methods and application areas. This includes new attack vectors, novel designs and materials, lightweight security primitives, nanotechnology, and PUFs on the methodological side, as well as the internet of things, automotive security, smart homes, pervasive and wearable computing on the applications side.

For more information, please see http://ashesworkshop.org/.

WPES 2021 20th Workshop on Privacy in the Electronic Society, Co-located with ACM CCS 2021, Seoul, South Korea, November 15, 2021. (Submission Due 27 July 2021) [posted here 5/24/21]
The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2021 Workshop, held in conjunction with the ACM CCS conference, is the twentieth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues.

For more information, please see http://wpes2021.di.unimi.it.

ACM-CCS 2021 28th ACM Conference on Computer and Communications Security, Seoul, South Korea, November 14-19, 2021. [posted here 1/3/21]
The 28th ACM Conference on Computer and Communications Security (CCS) seeks submissions presenting novel contributions related to all real-world aspects of computer security and privacy. Theoretical papers must make a convincing case for the relevance of their results to practice. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. In particular, authors should bear in mind that anyone on the program committee may be asked to review any paper.

For more information, please see https://www.sigsac.org/ccs/CCS2021/.

CCSW 2021 ACM Cloud Computing Security Workshop, Co-located with ACM CCS 2021, Seoul, South Korea, November 14, 2021. [posted here 6/14/21]
Clouds and massive-scale computing infrastructures are starting to dominate computing and will likely continue to do so for the foreseeable future. Major cloud operators are now comprising millions of cores hosting substantial fractions of corporate and government IT infrastructure. CCSW is the world's premier forum bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including but not limited to:
- side channel attacks
- practical cryptographic protocols for cloud security
- secure cloud resource virtualization mechanisms
- secure data management outsourcing (e.g., database as a service)
- practical privacy and integrity mechanisms for outsourcing
- foundations of cloud-centric threat models
- secure computation outsourcing
- remote attestation mechanisms in clouds
- sandboxing and VM-based enforcements
- trust and policy management in clouds
- secure identity management mechanisms
- new cloud-aware web service security paradigms and mechanisms
- cloud-centric regulatory compliance issues and mechanisms
- business and security risk models and clouds
- cost and usability models and their interaction with security in clouds
- scalability of security in global-size clouds
- trusted computing technology and clouds
- binary analysis of software for remote attestation and cloud protection
- network security (DOS, IDS etc.) mechanisms for cloud contexts
- security for emerging cloud programming models
- energy/cost/efficiency of security in clouds
- machine learning for cloud protection

For more information, please see https://ccsw.io.

CRiSIS 2021 16th International Conference on Risks and Security of Internet and Systems, Ames, IA, USA, November 11-13, 2021. [posted here 7/12/21]
The International Conference on Risks and Security of Internet and Systems 2021 will be the 16th in a series dedicated to security issues in Internet-related applications, networks, and systems. The Internet has become essential for exchanging information between user groups and organizations from different backgrounds and with different needs and objectives. These users are exposed to increasing risks regarding security and privacy due to the development of more and more sophisticated online attacks, the growth of Cyber Crime, etc. Attackers nowadays do not lack motivation, and they are more and more experienced. To make matters worse, tools for performing attacks have become easily accessible. Moreover, the increasing complexity, as well as the immaturity of new technologies such as pervasive, mobile, and wireless devices and networks, raise new security challenges.

In this context, new security mechanisms and techniques should be deployed to achieve an assurance level acceptable for critical domains such as industry, energy, transportation, health, defense, banking, critical infrastructures, embedded systems and networks, avionics systems, etc. The CRiSIS conference offers a remarkable forum for computer and network security actors from industry, academia, and government to meet, exchange ideas, and present recent advances on Internet-related security threats and vulnerabilities and on the solutions that are needed to counter them.

For more information, please see http://www.crisis-2021.com/.

VizSec 2021 18th IEEE Symposium on Visualization for Cyber Security, Virtual, October 27, 2021. [posted here 5/3/21]
The 18th IEEE Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. The purpose of VizSec is to explore effective and scalable visual interfaces for security domains such as network security, computer forensics, reverse engineering, insider threat detection, cryptography, privacy, user assisted attacks prevention, compliance management, wireless security, secure coding, and penetration testing.

For more information, please see https://vizsec.org/vizsec2021/.

CyberSciTech 2021 6th IEEE Cyber Science and Technology Congress, Calgary, Canada, October 25-28, 2021. [posted here 6/7/21]
Cyberspace, the seamless integration of physical, social, and mental spaces, is an integral part of our society, ranging from learning and entertainment to business and cultural activities, and so on. There are, however, in addition to its technical challenges, a number of pressing issues such as safety and trust associated with the cyberspace. For example, how do we strike a balance between the need for strong cybersecurity and preserving the privacy of ordinary citizens? To address these challenges, there is a need to establish new science and research portfolios that incorporate cyber-physical, cyber-social, cyber-intelligent, and cyber-life technologies in a cohesive and efficient manner. This is the aim of the IEEE Cyber Science and Technology Congress (CyberSciTech). IEEE CyberSciTech has been successfully held in Auckland, New Zealand, in 2016, in Orlando, USA, in 2017, in Athens, Greece, in 2018, in Fukuoka, Japan, in 2019, and online due to COVID-19, hosted in Canada in 2020. In 2021, we will continue to offer IEEE CyberSciTech with the aim of providing a common platform for scientists, researchers, and engineers to share their latest ideas and advances in the broad scope of cyber-related science, technology, and application topics. In addition, this is also a platform to allow relevant stakeholders to get together, discuss and identify ongoing and emerging challenges, in order to understand and shape new cyber-enabled worlds.

For more information, please see http://cyber-science.org/2021/.

SecDev 2021 IEEE Secure Development Conference, Virtual, October 18 - 20, 2021. [posted here 9/6/21]
We solicit research papers, position papers, and “best practice” papers on a broad range of topics relating to secure systems development. Examples​ ​of​ ​topics​ ​that​ ​are​ ​in​ ​scope​ ​include:​ ​​development libraries,​ ​tools,​ ​or​ ​processes​ to ​produce​ ​systems​ ​resilient​ ​to​ ​certain​ ​attacks;​ ​formal foundations that underpin​ ​a​ ​language,​ ​tool,​ ​or​ ​testing​ ​strategy​ ​that​ ​improves​ ​security;​ ​techniques that​ ​drastically​ ​improve​ ​the​ ​scalability​ ​of​ ​security​ ​solutions​ ​for​ ​practical​ ​deployment;​ ​and experience,​ ​designs,​ ​or​ ​applications​ ​showing​ ​how​ ​to​ ​apply​ ​cryptographic​ ​techniques​ ​effectively to​ ​secure​ ​systems. ​SecDev also ​seeks hands-on​ ​and​ ​interactive​ ​tutorials​ ​on​ ​processes,​ ​frameworks,​ ​languages,​ ​and​ ​tools​ ​for​ ​building security​ ​in.​ ​The​ ​goal​ ​is​ ​to​ ​share​ ​knowledge​ ​on​ ​the​ ​art​ ​and​ ​science​ ​of​ ​secure​ ​systems development.​ SecDev also seeks posters and tool demos, and abstracts​ ​from​ ​practitioners​ ​to​ ​share​ ​their​ ​practical experiences​ ​and​ ​challenges​ ​in​ ​security​ ​development.

For more information, please see https://secdev.ieee.org/2021/papers/.

WiMob 2021 17th International Conference on Wireless and Mobile Computing, Networking and Communications, Bologna, Italy, October 11-13, 2021. [posted here 3/8/21]
The WiMob conference is an international forum for the exchange of experience and knowledge among researchers and developers concerned with wireless and mobile technology. For thirteen years, the International WiMob conference has provided unique opportunities for researchers to interact, share new results, show live demonstrations, and discuss emerging directions in - Wireless Communication, - Wireless Networking, Mobility and Nomadicity, - Ubiquitous Computing, Services and Applications, - Green and sustainable communications and network computing and - Security on Wireless and mobile Networks. WiMob 2021 is soliciting high quality technical papers addressing research challenges in the areas of wireless communications, wireless networking, mobility, nomadicity, ubiquitous computing, services and applications. Papers should present original work validated via analysis, simulation or experimentation. Practical experiences and Testbed trials also are welcome.

For more information, please see http://wimob.org/wimob2021/.

EUROUSEC 2021 European Symposium on Usable Security, Virtual, October 11-12, 2021. [posted here 4/12/21]
We are excited to welcome original work describing research, visions, or experiences in all areas of usable security and privacy. We welcome a variety of research methods, including both qualitative and quantitative approaches. We accept both longer papers on mature/completed work in a research track, as well as shorter papers on work in progress or work that has yet to begin in a vision track. This decision to accept both types of submissions, which started with EuroUSEC 2019, aims to include researchers at all stages of their career and at all stages of their projects. Topics include, but are not limited to:
- innovative security or privacy functionality and design
- accessible cyber privacy and security
- new applications of existing models or technology
- field studies of security or privacy technology
- usability evaluations of new or existing security or privacy features
- security testing of new or existing usability features
- longitudinal studies of deployed security or privacy features
- studies of administrators or developers and support for security and privacy
- psychological, sociological, and economic aspects of security and privacy
- the impact of organizational policy or procurement decisions
- methodologies for usable security and privacy research
- lessons learned from the deployment and use of usable privacy and security features
- reports of replicating previously published studies and experiments
- reports of failed usable privacy/security studies or experiments, with the focus on the lessons learned from such experience

For more information, please see https://eurousec2021.secuso.org/.

ESORICS 2021 26th European Symposium on Research in Computer Security, Darmstadt, Germany, October 4-8, 2021. [posted here 1/3/21]
We are looking for papers discussing industrial research and development, focusing on original, high quality, unpublished research and implementation experiences. The Symposium will start on October 4, 2021 with a technical program, including vetted papers, invited talks, poster and panel discussions as well as collocated workshops. Submissions are solicited in all areas relating to cybersecurity and privacy, including but not limited to:
- Access control
- Anonymity and censorship resistance
- Applied cryptography
- Artificial intelligence for security
- Audit and accountability
- Authentication and biometrics
- Blockchains and distributed ledger security
- Data and computation integrity
- Database security
- Digital content protection
- Digital forensics
- Formal methods for security and privacy
- Hardware security
- Information hiding
- Identity management
- Information flow control
- Information security governance and management
- Intrusion detection
- Language-based security
- Malware and unwanted software
- Network security
- Phishing and spam prevention
- Privacy technologies and mechanisms
- Risk analysis and management
- Secure electronic voting
- Security for artificial intelligence
- Security economics and metrics
- Security and privacy in cloud systems
- Security and privacy in crowdsourcing
- Security and privacy in 'internet of things' and cyber-physical systems
- Security and privacy in location services
- Security and privacy in mobile computing
- Security and privacy in social networks
- Security and privacy in wireless and cellular communications
- Security, privacy and resilience in critical infrastructures
- Software security
- Systems security
- Trusted computing
- Usable security and privacy
- Web security

For more information, please see https://esorics2021.athene-center.de/call-for-papers.php.

TrustData 2021 12th International Workshop on Trust, Security and Privacy for Big Data, New York, NY, USA, October 1-3, 2021. [posted here 4/26/21]
The proliferation of new technologies such as Internet of Things and cloud computing calls for innovative ideas to retrieve, filter, and integrate data from a large number of diverse data sources. Big Data is an emerging paradigm applied to datasets whose volume/velocity/variability is beyond the ability of commonly used software tools to manage and process the data within a tolerable period of time. More importantly, Big Data has to be of high value, and should be protected in an efficient way. Since Big Data involves a huge amount of data that is of high-dimensionality and inter-linkage, existing trust, security, and privacy measures for traditional databases and infrastructures cannot satisfy its requirements. Novel technologies for protecting Big Data are attracting researchers and practitioners with more and more attention. The 12th International Workshop on Trust, Security and Privacy for Big Data (TrustData 2021) aims to bring together people from both academia and industry to present their most recent work related to trust, security and privacy issues in Big Data, and exchange ideas and thoughts in order to identify emerging research topics and define the future of Big Data.

For more information, please see http://www.spaccs.org/trustdata/trustdata2021/.

SEED 2021 IEEE International Symposium on Secure and Private Execution Environment Design, Virtual, September 20-21, 2021. [posted here 5/3/21]
The IEEE International Symposium on Secure and Private Execution Environment Design (SEED) is a forum which brings together researchers from the computer architecture and computer security communities into one venue that focuses on the design of architectural and system primitives which provide secure and private execution environments for applications, containers, or virtual machines. SEED primarily focuses on research topics spanning across the boundaries of computer architecture, systems, and security. Papers are solicited on a range of topics, including (but not limited to):
- Architecture, operating systems, and programming models and language for supporting secure and private execution
- Novel Designs for secure and private execution environments for GPUs, accelerators, and FPGAs
- Architectural support for new security primitives
- Novel cryptographic hardware designs for secure and private execution
- Models and analysis of performance-security trade-offs in the design of a secure execution environment
- Evaluation of security vulnerabilities in post-Moore’s Law technologies, e.g. persistent memory, quantum computing
- Demonstration and mitigation of architectural side channels, covert channels and other security vulnerabilities
- Metrics for measuring architecture-related security vulnerabilities
- Compiler and code generation techniques for mitigating architecture-induced side and covert channels and other vulnerabilities

For more information, please see https://seed-symposium.org/.

EuroSP Workshops 2021 6th IEEE EuroS&P Symposium, Vienna, Austria, September 7-11, 2021. [posted here 12/7/20]
Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Following this story of success, in 2016 IEEE initiated the European Symposium on Security and Privacy (EuroS&P), which is organized every year in a European city. Pre-conference workshops will take place on Tuesday, September 7, 2021, and post-conference workshops on Saturday, September 11, 2021. A workshop associated with IEEE EuroS&P can be a half-, a full or two days (but then split in a pre- and a post-conference part) in length. Each workshop should provide a forum to address a specific topic at the forefront of security and privacy research. If proceedings are planned, the default option offered is publication through IEEE Xplore in a volume accompanying the main IEEE EuroS&P 2021 proceedings.

Workshop registration will be done together with the main conference, allowing workshop-only registrations as well. Support for accepted workshops includes rooms, coffee breaks, lunches, and at least one free registration for the workshop. Other expenses must be covered by the individual workshops.

For more information, please see https://www.ieee-security.org/TC/EuroSP2021/cfw.html.

SecureComm 2021 17th EAI International Conference on Security and Privacy in Communication Networks, Canterbury, Great Britain, September 6 - 9, 2021. [posted here 3/8/21]
SecureComm 2021 is calling for high-quality research contributions in ALL areas of secure communications and networking, including those addressing interdisciplinary challenges in different application domains. Topics in less related areas will be considered only if a clear connection to secure communication/networking is demonstrated in the title or the abstract. Topics of interest include, but are not limited to the following:
- Network security and privacy (for all types of networks such as wired, wireless, mobile, hybrid, sensor, vehicular, satellite, 5G, 6G, ad hoc, peer-to-peer, and software-defined networks)
- Attacks on telecommunications and networking (e.g., malware, botnets, DoS, MitM, relay attacks, side channel attacks, phishing/pharming, DNS poisoning/hijacking, address spoofing, cybersquatting)
- Security protocols at all network layers and for different applications (e.g., for secure routing, naming/addressing, network management, remote authentication and attestation)
- Physical layer security (e.g., jamming, GPS spoofing)
- Systems security with a strong secure communication and networking element (e.g., security in cloud, edge and fog computing, IoT, RFID, cyber-physical sysytems, teleconferencing)
- Network intrusion detection and prevention, firewalls, packet filters
- Web and mobile security & privacy
- Anonymous communications and other forms of privacy-enhancing or privacy-aware communications (e.g., Tor, darknet)
- Distributed ledger technologies (blockchain and cryptocurrencies)
- Internet censorship and countermeasures
- Resilience of computer networks and critical infrastructures
- Visualisation of secure communications and networking
- Cyber (both offensive and defensive) deception related to secure communications and networking (e.g., honeypots / honeytokens, cyber fraud)
- False information online including mis-, dis- and mal-information
- Moving target defence
- Information hiding (steganography, steganalysis, and digital watermarking)
- Privacy-preserving computing in secure communication and networking
- Cryptographic systems for secure communications and networking (e.g., key management, multi-party computing, broadcast encryption, sectre sharing schemes)
- Quantum key distribution and other quantum-based secure communications
- Network, internet and cloud forensics
- Cyber threat intelligence and cyber incident responses
- Cybercrime investigation and attribution
- Data leakage/loss prevention/protection (DLP)
- Secure communication and networking applications (e.g., industry 4.0, energy, smart cities, transportation, water, logistics, waste)
- Security and privacy of contact tracing and other COVID-19 related digital interventions with a core element on telecommunications or networking
- Socio-technical aspects of secure communications and networking (e.g., usability, human behaviours, legal issues, cybercrime, economics)

For more information, please see https://securecomm.eai-conferences.org/2021/.

IWCC 2021 10th International Workshop on Cyber Crime, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Virtual, August 17-20, 2021. [posted here 4/19/21]
Today's world's societies are becoming more and more dependent on online services - where commercial activities, business transactions and government services are realized. This tendency has been especially visible during the COVID-19 epidemy. As a consequence, it has led to the fast development of new cyber threats and numerous information security issues which are exploited by cyber criminals. The inability to provide trusted secure services in contemporary computer network technologies has a tremendous socio-economic impact on global enterprises as well as individuals. Moreover, the frequently occurring international frauds impose the necessity to conduct the investigation of facts spanning across multiple domains and countries. Such examination is often subject to different jurisdictions and legal systems. A good illustration of the above being the Internet, which has made it easier to perpetrate traditional crimes. It has acted as an alternate avenue for the criminals to conduct their activities, and launch attacks with relative anonymity. The increased complexity of the communications and the networking infrastructure is making investigation of the crimes difficult. Traces of illegal digital activities are difficult to analyze due to large volumes of data. Nowadays, the digital crime scene functions like any other network, with dedicated administrators functioning as the first responders. This poses new challenges for law enforcement policies and forces the computer societies to utilize digital forensics to combat the increasing number of cybercrimes. Forensic professionals must be fully prepared in order to be able to provide court admissible evidence. To make these goals achievable, forensic techniques should keep pace with new technologies. The aim of this workshop is to bring together the research outcomes provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics. We strongly encourage prospective authors to submit articles presenting both theoretical approaches and practical case reviews, including work-in-progress reports.

For more information, please see https://www.ares-conference.eu/workshops/iwcc-2021/.

BASS 2021 4th International Workshop on Behavioral Authentication for System Security, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Virtual, August 17-20, 2021. [posted here 4/5/2021]
Behavioral features are getting in the last years an increasing attention from both IT research and industrial world. Human behavioral aspects are extremely valuable pieces of information, exploited by companies to profile current or potential customers, in order to anticipate their preferences and present custom offers. Runtime behavioral analysis is being applied with increasing success for continuous and silent user authentication, and is considered an enabler for the seamless authentication paradigm in several environments and devices. Furthermore, behavioral analysis is posing itself as a valuable alternative to signature-based approaches to identify anomalies, intrusions, security attacks and system malfunctioning. These approaches are in fact known to be flexible, self-learning and able to consider multi-level and multi-domain features, related to software execution, system status, user interaction and current context. BASS aims at attracting innovative contributions from both industry and academia related to all aspects of human, system or software behavioral analysis for IT security. The workshop solicits submission on both theoretical aspects and practical applications of behavior analysis, behavior-based identification and authentication, profiling and privacy and security aspects related to recording and exploitation of behavioral features.

For more information, please see https://www.ares-conference.eu/workshops/bass-2021/.

CUING 2021 5th International Workshop on Criminal Use of Information Hiding, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. [posted here 3/8/21]
With the constant rise of the number of Internet users, available bandwidth and an increasing number of services shifting into the connected world, criminals are increasingly active in the virtual world. With improving defensive methods cybercriminals have to utilize more and more sophisticated ways to perform their malicious activities. While protecting the privacy of users, many technologies used in current malware and network attacks have been abused in order to allow criminals to carry out their activities undetected. This poses a lot of new challenges for digital forensics analysts, academics, law enforcement agencies (LEAs), and security professionals. The aim of the Third International Workshop on Criminal Use of Information Hiding (CUIng) is to bring together researchers, practitioners, law enforcement representatives, and security professionals in the area of analysis of information hiding. However data hiding is understood here in a wider manner than in the academic world i.e. all techniques that pertain to camouflaging/masking/hiding various types of data (e.g. identities, behavior, communication, etc.) are included here. This means not only digital steganography/covert channels but also obfuscation/anti-forensics techniques and even underground networks (darknets) or activities related to behavior impersonation or mimicking. This will allow to present a more complete picture on novel research regarding the use of data and communication hiding methods in criminal environments and discuss ideas for fighting misuse of privacy enhancing technologies. Moreover, this year the CUING workshop is co-organized with the SIMARGL (Secure Intelligent Methods for Advanced RecoGnition of malware and stegomalware) H2020 project.

For more information, please see http://www.ares-conference.eu.

ENS 2021 4th International Workshop on Emerging Network Security, Held in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021), Vienna, Austria, August 17 – 20, 2021. [posted here 3/8/21]
With the great success and development of 5G & beyond systems and other emerging concepts (e.g. 6G) a continued effort toward rich ubiquitous communication infrastructure, promising wide range of high-quality services is desired. It is envisioned that communication in emerging networks will offer significantly greater data bandwidth and almost infinite capability of networking resulting in unfaltering user experiences for, among others: virtual/augmented reality, massive content streaming, telepresence, user-centric computing, crowded area services, smart personal networks, Internet of Things (IoT), smart buildings and smart cities. The communication in 5G networks and beyond is currently in the center of attention of industry, academia, and government worldwide. Emerging network concepts drive many new requirements for different network capabilities. As future networks aim at utilizing many promising network technologies, such as Software Defined Networking (SDN), Network Functions Virtualization (NFV), Information Centric Network (ICN), Network Slicing or Cloud Computing and supporting a huge number of connected devices integrating above mentioned advanced technologies and innovating new techniques will surely bring tremendous challenges for security, privacy and trust. Therefore, secure network architectures, mechanisms, and protocols are required as the basis for emerging networks to address these issues and follow security-by-design approach. Finally, since in current and future networks even more user data and network traffic will be transmitted, big data security solutions should be considered in order to address the magnitude of the data volume and ensure data security and privacy. From this perspective, the ENS 2021 workshop aims at collecting the most relevant ongoing research efforts in emerging network security field. It also serves as a forum for 5G & beyond projects in order to disseminate their security-related results and boost cooperation, also foster development of the 5G and beyond Security Community made of 5G security experts and practitioners who pro-actively discuss and share information to collectively progress and align on the field. Last but not least it also aims to bridge 5G & Beyond community with other communities (e.g. AI) that are key to support full attainment of 5G & Beyond but also 6G promises and so for those technologies to release their full potential.

For more information, please see http://www.ares-conference.eu.

USENIX Security 2021 30th USENIX Security Symposium, Vancouver, B.C., Canada, August 11–13, 2021. [posted here 7/6/20]
USENIX Security brings together researchers, practitioners, system administrators, system programmers, and others to share and explore the latest advances in the security and privacy of computer systems and networks. All researchers are encouraged to submit papers covering novel and scientifically significant practical works in computer security. The Symposium will span three days with a technical program including refereed papers, invited talks, posters, panel discussions, and Birds-of-a-Feather sessions. Co-located events will precede the Symposium on August 9 and 10. Please note that the USENIX Security Symposium moved to multiple submission deadlines in 2019 and included changes to the review process and submission policies.

For more information, please see https://www.usenix.org/conference/usenixsecurity21/call-for-papers.

CSET 2021 14th Cyber Security Experimentation and Test Workshop, Virtual, August 9, 2021. [posted here 1/3/21]
For 13 years, the Workshop on Cyber Security Experimentation and Test (CSET) has been an important and lively space for presenting research on and discussing “meta” cybersecurity topics related to reliability, validity, reproducibility, transferability, ethics, and scalability—in practice, in research, and in education. Submissions are particularly encouraged to employ a scientific approach to cybersecurity and/or demonstrably grow community resources. CSET was traditionally sponsored by USENIX. In 2020, USENIX Association decided to discontinue their support of all workshops (including CSET) due to pandemic effects on USENIX financial revenue. We are committed to continuing the CSET Workshop independently for 2021 and hope that we may rejoin USENIX in the future. We plan to hold the workshop virtually at the time when it would originally have been held—on Monday, August 9, preceding USENIX Security Symposium 2021.

For more information, please see https://cset21.isi.edu/.

CSR 2021 IEEE International Conference on Cyber Security and Resilience, Virtual, July 26-28, 2021. [posted here 11/23/20]
The technological and industrial revolution brought by complex Cyber-Physical Systems (CPSs) comes with new threats and cyber-attacks that exploit their inherent complexity and heterogeneity. Systems under attack, should exhibit cyber resilience, i.e. a mixture of strategies, methods, and techniques to support complex CPS adaptive capacity during cyber-attacks. The conference focuses on theoretical and practical aspects of the security, privacy, trust, and resilience of networks, systems, and services as well as novel ways for dealing with their vulnerabilities and mitigating sophisticated cyber-attacks.

For more information, please see https://www.ieee-csr.org/.

IoTSPT-ML 2021 11th International Workshop on Security, Privacy, Trust, and Machine Learning for Internet of Things, Held in conjunction with the 30th International Conference on Computer Communications and Networks (ICCCN 2021), Athens, Greece, July 22, 2021. [posted here 1/3/21]
Internet of Things (IoT) has emerged as the next big technological revolution in computing in recent years with the potential to transform every sphere of human life. With an expanding network of interconnected Internet-enabled devices, IoT devices are used in a range of applications from connected cars, smart homes, healthcare, smart retail, to supply-chain management. The rise of this transformative technology is however deeply mired with security and privacy concerns. The large influx of connected devices in the market introduces new vulnerabilities and opens new avenues for security attacks. The massive scale and variety of these devices also make it challenging for the manufacturers to design and implement manageable security and privacy solutions resulting in devices shipped without adequate security controls in place. Traditional security, privacy and trust-based solutions are also found to be inefficient against the various constraints of the IoT environment. In the IoT ecosystem, where devices are constantly generating increased volume of big of data, machine-learning algorithms can be useful to perform intelligent processing, automated data analysis and provide meaningful interpretations and predictions to support smart and secure IoT applications. Machine learning techniques that enable the IoT devices to learn and adapt to various threats dynamically will be critical to building secure IoT systems. Use of machine learning for IoT security is especially very promising to detect any outliers to normal activity in the system. This workshop aims to promote discussions of research and relevant activities in the models and design of secure, privacy-preserving, or trust architectures, data analyses and fusion platforms, protocols, algorithms, services, and applications for next generation IoT systems. We especially encourage security and privacy solutions that employ innovative machine learning techniques to tackle the issues of data volume and variety problems that are systemic in IoT platforms.

For more information, please see https://sites.google.com/uw.edu/iotspt-ml2021.

DBSec 2021 35th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, Virtual, July 19 – 20, 2021. [posted here 2/22/21]
DBSec is an annual international conference covering research in data and applications security and privacy. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, and applications security.

For more information, please see https://dbsec2021.ucalgary.ca.

ACM WiSec 2021 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Virtual, June 28 - July 1, 2021. [posted here 2/1/21]
ACM WiSec is the leading ACM and SIGSAC conference dedicated to all aspects of security and privacy in wireless and mobile networks and their applications. In addition to the traditional ACM WiSec topics of physical, link, and network layer security, we welcome papers focusing on the increasingly diverse range of mobile or wireless applications such as Internet of Things, Cyber-Physical Systems, as well as the security and privacy of mobile software platforms, usable security and privacy, biometrics, and cryptography. The conference welcomes both theoretical as well as systems contributions. Topics of interest include, but are not limited to:
- Cryptographic primitives for wireless and mobile security
- Data-driven security attacks and countermeasures
- Economics of mobile security and privacy
- Jamming attacks and defenses
- Key management (agreement or distribution) for wireless or mobile systems
- Lightweight cryptography primitives and protocols
- Mobile malware and platform security
- NFC and smart payment applications
- Next generation cellular network fraud and security
- Physical tracking security and privacy
- Resilience and dependability for mobile and wireless networks
- Reverse engineering of and tampering with mobile applications
- Security and privacy for cognitive radio and dynamic spectrum access systems
- Security and privacy for mobile applications (e.g., mobile sensing systems)
- Security and privacy for smart devices (e.g., smartphones)
- Secure localization and location privacy
- Security protocols for wireless networking
- Side-channel and fault attacks on smart devices
- Side-channel attacks on mobile and wearable systems
- Theoretical and formal approaches for wireless and mobile security
- Usable mobile security and privacy
- Vehicular networks security (e.g., drones, automotive, avionics, autonomous driving)
- Wireless and mobile privacy and anonymization techniques
- Wireless or mobile security for cyber-physical systems (e.g, healthcare, smart grid) and IoT systems
- Wireless network security for critical infrastructures

For more information, please see https://sites.nyuad.nyu.edu/wisec21/.

CSF 2021 34th IEEE Computer Security Foundations Symposium, Virtual, June 21-25, 2021. [posted here 7/20/20]
The Computer Security Foundations Symposium (CSF) is an annual conference for researchers in computer security, to examine current theories of security, the formal models that provide a context for those theories, and techniques for verifying security. It was created in 1988 as a workshop of the IEEE Computer Society's Technical Committee on Security and Privacy, in response to a 1986 essay by Don Good entitled “The Foundations of Computer Security—We Need Some.” The meeting became a “symposium” in 2007, along with a policy for open, increased attendance. Over the past two decades, many seminal papers and techniques have been presented first at CSF. For more details on the history of the symposium, visit CSF's home. The program includes papers, panels, and a poster session. Topics of interest include access control, information flow, covert channels, cryptographic protocols, database security, language-based security, authorization and trust, verification techniques, integrity and availability models, and broad discussions concerning the role of formal methods in computer security and the nature of foundational research in this area.

For more information, please see https://www.ieee-security.org/TC/CSF2021/.

Cloud S&P 2021 3rd Workshop on Cloud Security and Privacy, Held in conjunction with ACNS 2021, Kamakura, Japan, June 21-24, 2021. [posted here 1/25/21]
CLOUD S&P aims to provide a platform for researchers and practitioners to present and discuss a wide-range of security and privacy issues and their solutions to ensure better protection in a cloud ecosystem. This workshop invites submissions on new attacks and solutions on various cloud-centric technologies, as well as short surveys and case studies that shed light on the security implications of clouds. Topics of interest include, but are not limited to:
- Access Control in Clouds
- Virtual Network Security
- Privacy-Enhanced Technologies for Clouds
- Data Protection in Clouds
- Trusted Computing in Clouds
- Cloud Forensics
- Cloud Security Auditing
- Identity Management in Clouds
- Risk Analysis for Clouds
- SDN/NFV Security
- Security and Privacy of Federated Clouds and Edge Computing
- Security and Privacy of Fog Computing
- Security and Privacy of Big Data

For more information, please see http://cloudsp2021.encs.concordia.ca/.

SecMT 2021 International Workshop on Security in Mobile Technologies, Held in conjunction with ACNS 2021, Kamakura, Japan, June 21-24, 2021. [posted here 12/28/20]
Despite being small computing devices, smartphones offer a wide range of functionalities and services to their users, which are currently encountered to be more than one third of the world population. This range of features introduces new security and privacy threats, which expose users to serious damages. Even though research in mobile security has been active over the past 10 years, as long as the mobile technology is used, new challenges will always come up. The purpose of this workshop is to bring researchers, hardware and software developers, as well as practitioners and policy makers, to explore the latest advances in the security and privacy for mobile devices. Topics of interest include, but are not limited to:
- Mobile network security
- Mobile operating system security
- Side-channel attacks on mobile devices
- Mobile authentication
- Mobile transactions security
- Software vulnerabilities in mobile devices
- Hardware vulnerabilities in mobile devices
- Mobile applications security
- Mobile malware

For more information, please see https://spritz.math.unipd.it/events/2021/ACNS_Workshop/index.html.

CPSS 2021 7th ACM Cyber-Physical System Security Workshop, Held in conjunction with ACM AsiaCCS 2021, Hong Kong, China, June 7, 2021. [posted here 12/14/20]
Cyber-Physical Systems (CPS) of interest to this workshop consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There exist a multitude of CPS devices and applications deployed to serve critical functions in our lives thus making security an important non-functional attribute of such systems. This workshop will provide a platform for professionals from academia, government, and industry to discuss novel ways to address the ever-present security challenges facing CPS. We seek submissions describing theoretical and practical solutions to security challenges in CPS. Submissions pertinent to the security of embedded systems, IoT, SCADA, smart grid, and other critical infrastructure are welcome. Topics of interest include, but are not limited to:
- Attack detection for CPS
- Authentication and access control for CPS
- Autonomous vehicle security
- Availability and auditing for CPS
- Blockchain for CPS security
- Data security and privacy for CPS
- Digital twins for CPS
- Embedded systems security
- Formal methods in CPS
- Industrial control system security
- IoT security
- Legacy CPS system protection
- Lightweight crypto and security
- Maritime cyber security
- Recovery from cyber attacks
- Security and risk assessment for CPS
- Security architectures for CPS
- Security by design for CPS
- Smart grid security
- Threat modeling for CPS
- Transportation system security
- Vulnerability analysis for CPS
- Wireless sensor network security

For more information, please see https://spritz.math.unipd.it/events/2021/CPSS/index.html.

OID 2021 Open Identity Summit, Copenhagen, Denmark, June 1 - 2, 2021. [posted here 2/22/21]
The aim of Open Identity Summit 2021 is to link practical experiences and requirements with academic innovations. Focus areas will be Research and Applications in the area of Identity Management, Trust Services, Open Source, Internet of Things, Distributed Ledgers and Cloud Computing. Open standards and interfaces as well as open source technologies play a central role in the current identity management landscape as well as in emerging future scenarios in the area of electronic identification and trust services for electronic transactions. Reliable identity management is an essential building block for many applications and services such as innovative payment services, digital manufacturing, and other innovative applications in the area of e-health, e-government, distributed ledgers, cloud computing, data management for artificial intelligence, and the internet of things. While there are already plenty of successful applications in which those techniques are applied to safeguard authenticity, integrity and confidentiality, there are still many closely related areas, which demand further research. These include technical solutions that provide higher levels of transparency, intervenability and accountability. We invite stakeholders and technical experts from public administration, industry, science and academia to propose contributions to the program of the workshop.

For more information, please see https://oid2021.compute.dtu.dk/.

SADFE 2021 6th International Workshop on Traffic Measurements for Cybersecurity, Held in conjunction with IEEE S&P 2021, Virtual event, May 27, 2021. [posted here 12/7/20]
The SADFE (Systematic Approaches to Digital Forensic Engineering) International Workshop brings together researchers and practitioners focused on the state-of-the-art and emerging topics of interest in digital forensics. The workshop promotes systematic approaches to digital forensic investigation on the vulnerabilities of today’s cyber systems and networks, digital exploitation and manipulation, and on the emerging methods for how to detect, track, and prevent digital threats. SADFE embraces Digital Forensic Engineering (DFE) advancement as a disciplined and holistic scientific practice.

Namely, the workshop focuses on the topics of AI-generated falsified media (e.g. DeepFakes), cloud forensics, emerging and non-traditional methods (e.g. digital currency forensics, contact tracing, digital evidence management and analysis), forensics of embedded and non-traditional forensics, and related legal, ethical and technical challenges.

The 2021 SADFE Workshop is calling for paper and poster submissions as well as panel proposals in the broad field of Digital Forensics from both practitioner and researcher perspectives. With the dynamic change and rapid expansion of the types of electronic devices, networked applications, and investigation challenges, systematic approaches for automating the process of gathering, analyzing and presenting digital evidence are in unprecedented demand. The SADFE Workshop aims to promote solutions to these and related problems.

For more information, please see http://sadfe.org/Sadfe21/callforpapers21.html.

WTMC 2021 6th International Workshop on Traffic Measurements for Cybersecurity, Held in conjunction with IEEE S&P 2021, Virtual event, May 27, 2021. [posted here 11/9/20]
Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP "badness" or to estimate the revenue of cybercriminals. The aim of this workshop is to bring together the research accomplishments provided by researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective. The workshop will be accessible to both non-experts interested in learning about this area and experts interested in hearing about new research and approaches. Topics of interest include but are not limited to:
- Measurements for network incidents response, investigation, and evidence handling
- Measurements of cyber attacks (e.g. DDoS, botnet, malware, and phishing campaigns)
- Measurements for security of web-based applications and services (e.g. social networking)
- Measurements for network anomalies detection
- Measurements for economics of cybersecurity and privacy
- Measurements of security and privacy for the Internet of Things
- Measurements of Internet censorship
- Measurement studies describing the impacts of regulations on cybersecurity and users' privacy (e.g. GDPR)
- Network traffic analysis to discover the nature and evolution of the cybersecurity threats
- Measurements of cyber-physical systems security
- Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
- Novel passive, active and hybrid measurements techniques for cybersecurity purposes
- Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
- Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
- Machine learning and data mining for analysis of network traffic measurements for cybersecurity
- Novel approaches for large-scale measurements for cybersecurity (e.g. crowd-sourcing)
- Novel visualization approaches to detect network attacks and other threats
- Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
- Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
- Vulnerability notifications
- Measurements for new cybersecurity settings
- Ethical issues in measurements for cybersecurity
- Reappraisal of previous empirical findings

For more information, please see https://wtmc.info.

SafeThings 2021 5th IEEE Workshop on the Internet of Safe Things, Held in conjunction with IEEE S&P 2021, Virtual event, May 27, 2021. [posted here 11/9/20]
As traditionally segregated systems are brought online for next-generation connected applications, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems. These safety risks arise because of information that distracts users while driving, software errors in medical devices, corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies. Accordingly, the Workshop on the Internet of Safe Things (or SafeThings, for brevity) seeks to bring researchers and practitioners that are actively exploring system design, modeling, verification, authentication approaches to provide safety guarantees in the Internet of Things (IoT). The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop. As safety is inherently linked with security and privacy, we also seek contributions in these areas that address safety concerns. With the SafeThings workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSes, and create tools, algorithms, frameworks, and systems that help in the development of safe systems.

The scope of SafeThings includes safety topics as it relates to an individual’s health (physical, mental), society (air pollution, toxicity, disaster events), or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective, and thus, does not include topics such as thread safety or memory safety in its scope.

Topics of interest include, but are not limited to, the following categories:
- Verification of safety in IoT/CPS platforms
- Authentication in IoT/CPS settings
- Adversarial machine learning and testing of IoT/CPS systems
- Secure perception, localization, and planning in autonomous systems (e.g., autonomous vehicles and drones)
- Sensors/analog and network protocol security in IoT/CPS systems
- Compliance with legal, health, and environmental policies
- Conflict resolution between IoT applications
- Secure connectivity and updates in IoT/CPS
- Secure integration of hardware and software systems
- Privacy challenges in IoT/CPS settings
- Privacy preserving data sharing and analysis
- Resiliency against attacks and faults
- Safety in human-in-the-loop systems
- Support for IoT/CPS development - debugging tools, emulators, testbeds
- Usable security and privacy for IoT/CPS platforms
- Smart homes, smart buildings and smart city security and privacy issues

For more information, please see https://www.ieee-security.org/TC/SP2021/SPW2021/safethings2021.

SP 2021 42nd IEEE Symposium on Security and Privacy, Virtual (San Francisco, CA, USA), May 23-27, 2021. (Submission Due 5 March 2020, 4 June 2020, 3 September 2020, and 3 December 2020) [posted here 5/25/20]
Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Topics of interest include:
- Access control and
- Anonymity
- Application security
- Attacks and defenses
- Authentication
- Blockchains and distributed ledger security
- Censorship resistance
- Cloud security
- Cyber physical systems security
- Distributed systems security
- Economics of security and privacy
- Embedded systems security
- Forensics
- Hardware security
- Intrusion detection and prevention
- Malware and unwanted software
- Mobile and Web security and privacy
- Language-based security
- Machine learning and AI security
- Network and systems security
- Privacy technologies and mechanisms
- Protocol security
- Secure information flow
- Security and privacy for the Internet of Things
- Security and privacy metrics
- Security and privacy policies
- Security architectures
- Usable security and privacy
- Trustworthy computing
- Web security

This topic list is not meant to be exhaustive; SP is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review.

Systematization of Knowledge Papers: As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings.

Quarterly Submissions: Based on the experience in the past two years, the reviewing process for IEEE SP is changed to a quarterly submission model. Within 2.5 months of submission, author notifications of Accept/Revise/Reject decisions will be sent out. For each submission, one of the following decisions will be made:

• Accept: Papers in this category will be accepted for publication in the proceedings and presentation at the conference, possibly after making minor changes with the oversight of a shepherd. Within one month of acceptance, all accepted papers must submit a camera-ready copy incorporating reviewer feedback. The papers will immediately be published, open access, in the Computer Society’s Digital Library, and they may be cited as “To appear in the IEEE Symposium on Security & Privacy, May 2021”.
• Revise: A limited number of papers will be invited to submit a revision; such papers will receive a specific set of expectations to be met by that revision. Authors can submit a revised paper to the next two quarterly submission deadlines after the notification. The authors should clearly explain in a well-marked appendix how the revisions address the comments of the reviewers. The revised paper will then be re-evaluated, and either accepted or rejected.
• Reject: Papers in this category are declined for inclusion in the conference. Rejected papers must wait for one year, from the date of original submission, to resubmit to IEEE S&P. A paper will be judged to be a resubmit (as opposed to a new submission) if the paper is from the same or similar authors, and a reviewer could write a substantially similar summary of the paper compared with the original submission. As a rule of thumb, if there is more than 40% overlap between the original submission and the new paper, it will be considered a resubmission.

IEEE SP/SPW 2021 IEEE Security and Privacy Workshops, Held in conjunction with the 42nd IEEE Symposium on Security and Privacy, San Francisco, CA, USA, May 23-27, 2021. (Workshop Proposal Submission Due 2 October 2020) [posted here 9/7/20]
There will be some interaction in deciding upon and setting up a workshop, but the initial proposal should already contain a considerable amount of information. A workshop proposal template is available online at the IEEE S&P ÒCall for WorkshopsÓ website (https://www.ieee-security.org/TC/SP2021/cfworkshops.html), providing instructions and a more detailed description of information to include in proposals:
- Workshop organizers
- Workshop length
- Technical proposal
- Topics to be addressed
- Importance of these topics
- Preliminary call for papers/posters/contributions
- Preliminary program committee
- Proposed review process
- Expected number of participants
- Publication policy
- Workshop planning schedule
- Publicity plan
- Special meeting logistics requirements

For more information, please see https://www.ieee-security.org/TC/SP2021/cfworkshops.html.

CODASPY 2021 11th ACM Conference on Data and Application Security and Privacy, Baltimore-Washington, DC Area, USA, March 22-24, 2021. [posted here 8/1/20]
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy, and to lay out directions for further research and development in this area. The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
- Application-layer security policies
- Access control for applications
- Access control for databases
- Data-dissemination controls
- Data forensics
- Data leak detection and prevention
- Enforcement-layer security policies
- Privacy-preserving techniques
- Private information retrieval
- Search on protected/encrypted data
- Secure auditing
- Secure collaboration
- Secure data provenance
- Secure electronic commerce
- Secure information sharing
- Secure knowledge management
- Secure multiparty computation
- Secure software development
- Securing data/apps on untrusted platforms
- Securing the semantic web
- Security and privacy in GIS/spatial data
- Security and privacy in healthcare
- Security and privacy in the Internet of Things
- Security policies for databases
- Social computing security and privacy
- Social networking security and privacy
- Trust metrics for applications, data, and users
- Usable security and privacy
- Web application security

For more information, please see http://www.codaspy.org/2021/.

NDSS 2021 Network and Distributed System Security Symposium, San Diego, CA, USA, February 21-24, 2021. [posted here 4/20/20]
The Network and Distributed System Security Symposium (NDSS) is a top venue that fosters information exchange among researchers and practitioners of computer, network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of practical security technologies.

Technical papers and panel proposals are solicited. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. All submissions will be reviewed by the Program Committee and accepted submissions will be published by the Internet Society in the Proceedings of NDSS 2021. The Proceedings will be made freely accessible from the Internet Society web pages. Furthermore, permission to freely reproduce all or parts of papers for noncommercial purposes is granted provided that copies bear the Internet Society notice included in the first page of the paper. The authors are therefore free to post the camera-ready versions of their papers on their personal pages and within their institutional repositories. Reproduction for commercial purposes is strictly prohibited and requires prior consent.

NDSS will have two review cycles in 2021: a Summer submission perios and a fall submission period. The full list of important dates for each session is listed below. All submissions must be received by 11:59 PM AoE (UTC-12) on the day of the corresponding deadline.

For more information, please see https://www.ndss-symposium.org/ndss-2021/call-for-papers/.

IFIP119-DF 2021 17th Annual IFIP WG 11.9 International Conference on Digital Forensics, SRI International, Arlington, Virginia, USA, February 1-2, 2021. [posted here 7/6/20]
The IFIP Working Group 11.9 on Digital Forensics (www.ifip119.org) is an active international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The Seventeenth Annual IFIP WG 11.9 International Conference on Digital Forensics will provide a forum for presenting original, unpublished research results and innovative ideas related to the extraction, analysis and preservation of all forms of electronic evidence. Papers and panel proposals are solicited. All submissions will be refereed by a program committee comprising members of the Working Group. Papers and panel submissions will be selected based on their technical merit and relevance to IFIP WG 11.9. The conference will be limited to approximately 50 participants to facilitate interactions between researchers and intense discussions of critical research issues. Keynote presentations, revised papers and details of panel discussions will be published as an edited volume – the seventeenth volume in the well-known Research Advances in Digital Forensics book series (Springer, Cham, Switzerland) during the summer of 2021. Technical papers are solicited in all areas related to the theory and practice of digital forensics. Areas of special interest include, but are not limited to:
- Theories, techniques and tools for extracting, analyzing and preserving digital evidence
- Enterprise and cloud forensics
- Embedded device forensics
- Internet of Things forensics
- Social media forensics
- Multimedia forensics
- Digital forensic processes and workflow models
- Digital forensic case studies
- Legal, ethical and policy issues related to digital forensics

For more information, please see http://www.ifip119.org/Conferences/.