4,830 words, 96% matched | 6,154 words, 75% matched |
|
| S & P Home Call For... Papers Artifacts Call for Artifact Evaluators Workshops | « 13 words » | S & P Home Call For... Papers Artifacts Call for Artifact Evaluators Workshops |
| Donors | ||
| Attend Attendee Code of Conduct Contact About Past Conferences Conference Organizers IEEE Technical Community MAY 18-21, 2026 AT THE HILTON SAN FRANCISCO UNION SQUARE, SAN FRANCISCO, CA 47th IEEE Symposium on Security and Privacy Sponsored by the IEEE Computer Society's Technical Community on Security and Privacy in cooperation with the International Association for Cryptologic Research Call for Papers | « 62 words » | Attend Attendee Code of Conduct Contact About Past Conferences Conference Organizers IEEE Technical Community MAY 18-21, 2026 AT THE HILTON SAN FRANCISCO UNION SQUARE, SAN FRANCISCO, CA 47th IEEE Symposium on Security and Privacy Sponsored by the IEEE Computer Society's Technical Community on Security and Privacy in cooperation with the International Association for Cryptologic Research Call for Papers ! |
| The CFP has been updated since Cycle 1 ! | ||
| Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include: Applied cryptography Attacks with novel insights, techniques, or results Authentication, access control, and authorization Blockchains and distributed ledger security Cloud computing security Cyber physical systems security Distributed systems security Economics of security and privacy Embedded systems security Formal methods and verification Hardware security Hate, Harassment, and Online Abuse Human-centered security and privacy Intrusion detection and prevention | « 141 words » | Since 1980 in Oakland, the IEEE Symposium on Security and Privacy has been the premier forum for computer security research, presenting the latest developments and bringing together researchers and practitioners. We solicit previously unpublished papers offering novel research contributions in any aspect of security or privacy. Papers may present advances in the theory, design, implementation, analysis, verification, or empirical evaluation and measurement of secure systems. Theoretical papers must make a convincing case for the relevance of their results to practice. Topics of interest include: Applied cryptography Attacks with novel insights, techniques, or results Authentication, access control, and authorization Blockchains and distributed ledger security Cloud computing security Cyber physical systems security Distributed systems security Economics of security and privacy Embedded systems security Formal methods and verification Hardware security Hate, Harassment, and Online Abuse Human-centered security and privacy Intrusion detection and prevention |
| Malware and unwanted software Network security and measurement | ||
| ML - Methods for confidentiality and privacy of data in ML systems ML - Methods for integrity and availability of ML systems ML - Novel attacks on ML systems ML - Verifying security and privacy properties of ML algorithms | « 35 words » | ML - Methods for confidentiality and privacy of data in ML systems ML - Methods for integrity and availability of ML systems ML - Novel attacks on ML systems ML - Verifying security and privacy properties of ML algorithms |
| Malware and unwanted software Network security and measurement | ||
| Operating systems security Privacy-enhancing technologies, anonymity, and censorship Program and binary analysis Protocol security Security and privacy metrics Security and privacy policies Security architectures Security for at-risk populations Software supply chain security Systems security User studies for security and privacy Web security and privacy Wireless and mobile security/privacy This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io. Submission Deadlines & Decisions Similar to 2025, for each submission, one of the following decisions will be made: Accept: Papers in this category will be accepted for publication in the proceedings and presentation at the conference. Within one month of acceptance, all accepted papers must submit a camera-ready copy incorporating reviewer feedback. The papers will immediately be published, open access, in the Computer Society’s Digital Library, and they may be cited as “To appear in the IEEE Symposium on Security & Privacy, May 2026”. Reject: Papers in this category are declined for inclusion in the conference. Rejected papers must wait for one year, from the date of original submission, to resubmit to IEEE S&P. A paper will be judged to be a resubmit (as opposed to a new submission) if the paper is from the same or similar authors, | « 413 words » | Operating systems security Privacy-enhancing technologies, anonymity, and censorship Program and binary analysis Protocol security Security and privacy metrics Security and privacy policies Security architectures Security for at-risk populations Software supply chain security Systems security User studies for security and privacy Web security and privacy Wireless and mobile security/privacy This topic list is not meant to be exhaustive; S&P is interested in all aspects of computer security and privacy. Papers without a clear application to security or privacy, however, will be considered out of scope and may be rejected without full review. Systematization of Knowledge Papers As in past years, we solicit systematization of knowledge (SoK) papers that evaluate, systematize, and contextualize existing knowledge, as such papers can provide a high value to our community. Suitable papers are those that provide an important new viewpoint on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of such an area. Survey papers without such insights are not appropriate and may be rejected without full review. Submissions will be distinguished by the prefix “SoK:” in the title and a checkbox on the submission form. They will be reviewed by the full PC and held to the same standards as traditional research papers, but they will be accepted based on their treatment of existing work and value to the community, and not based on any new research results they may contain. Accepted papers will be presented at the symposium and included in the proceedings. You can find an overview of recent SoK papers at https://oaklandsok.github.io. Submission Deadlines & Decisions Similar to 2025, for each submission, one of the following decisions will be made: Accept: Papers in this category will be accepted for publication in the proceedings and presentation at the conference. Within one month of acceptance, all accepted papers must submit a camera-ready copy incorporating reviewer feedback. The papers will immediately be published, open access, in the Computer Society’s Digital Library, and they may be cited as “To appear in the IEEE Symposium on Security & Privacy, May 2026”. Reject: Papers in this category are declined for inclusion in the conference. Rejected papers must wait for one year, from the date of original submission, to resubmit to IEEE S&P. A paper will be judged to be a resubmit (as opposed to a new submission) if the paper is from the same or similar authors, |
| with a very similar intellectual contribution, | ||
| and a reviewer could write a substantially similar summary of the paper compared with the original submission. | « 17 words » | and a reviewer could write a substantially similar summary of the paper compared with the original submission. |
| As a rule of thumb, if there is more than 40% overlap between the original submission and the new paper, it will be | A paper that is completely rewritten and has a new presentation but the same intellectual contribution is considered a resubmission. Small extensions on the same paper or just slightly changing the angle of presentation of the results is | |
| considered a resubmission. | « 3 words » | considered a resubmission. |
| Resubmissions or double-submissions to other conferences will result in submission penalties to all the authors for more than one year. | ||
| Public Meta-Reviews: Similar to 2025, all accepted papers will be published with a meta-review (< 500 words) in the final PDF that lists: (a) the reasons the PC decided to accept the paper and (b) concerns the PC has with the paper. Authors will be given the option to write a response to the meta-review (< 500 words) which will be published as part of the meta-review. Authors will be given a draft meta-review at the time of acceptance. Authors will be given the option of addressing some or all of the concerns within one review cycle. A shepherd will remove concerns from the meta-review if they are sufficiently addressed by the revisions. The goal of this process is to provide greater transparency and to better scope change requests made by reviewers. More information about the reasons behind this change can be found on the 2024 IEEE S&P website. | « 153 words » | Public Meta-Reviews: Similar to 2025, all accepted papers will be published with a meta-review (< 500 words) in the final PDF that lists: (a) the reasons the PC decided to accept the paper and (b) concerns the PC has with the paper. Authors will be given the option to write a response to the meta-review (< 500 words) which will be published as part of the meta-review. Authors will be given a draft meta-review at the time of acceptance. Authors will be given the option of addressing some or all of the concerns within one review cycle. A shepherd will remove concerns from the meta-review if they are sufficiently addressed by the revisions. The goal of this process is to provide greater transparency and to better scope change requests made by reviewers. More information about the reasons behind this change can be found on the 2024 IEEE S&P website. |
| Note that under this acceptance process, there is no conditional acceptance so papers submitted will be reviewed as is and accepted based on the material that was submitted at the paper submission deadline. | ||
| Symposium Event (Important Changes) The number of papers accepted to IEEE S&P continues to grow substantially each year. Due to conference venue limitations and costs, each accepted paper will have: (a) a short talk presentation (e.g., 5-7 minutes, length determined based on the number of accepted papers) and (b) a poster presentation immediately following the talk session containing the paper. All accepted papers are required to present both a short talk and a poster. Important Dates All deadlines are 23:59:59 AoE (UTC-12). First deadline Abstract registration deadline: May 29, 2025 mandatory Paper submission deadline: June 5, 2025 Early-reject notification: July 21, 2025 Rebuttal period (interactive): August 18 - August 29, 2025 Rebuttal text due: August 25, 2025 Acceptance notification: September 9, 2025 Camera-ready deadline: October 17, 2025 Second deadline Abstract | « 136 words » | Symposium Event (Important Changes) The number of papers accepted to IEEE S&P continues to grow substantially each year. Due to conference venue limitations and costs, each accepted paper will have: (a) a short talk presentation (e.g., 5-7 minutes, length determined based on the number of accepted papers) and (b) a poster presentation immediately following the talk session containing the paper. All accepted papers are required to present both a short talk and a poster. Important Dates All deadlines are 23:59:59 AoE (UTC-12). First deadline Abstract registration deadline: May 29, 2025 mandatory Paper submission deadline: June 5, 2025 Early-reject notification: July 21, 2025 Rebuttal period (interactive): August 18 - August 29, 2025 Rebuttal text due: August 25, 2025 Acceptance notification: September 9, 2025 Camera-ready deadline: October 17, 2025 Second deadline Abstract, |
| author, and conflict-of-interest | ||
| registration deadline: November 6, 2025, mandatory | « 6 words » | registration deadline: November 6, 2025, mandatory ( |
| This means full and complete abstract, complete list of authors with their ORCIDs, and conflicts-of-interest declared on HotCRP. Neither the abstract nor the author list can be changed after the abstract registration deadline. Conflicts-of-interest will be reviewed by the PC chairs and the authors will be given an opportunity to address any discrepancies identified before the paper submission deadline.) | ||
| Paper submission deadline: November 13, 2025 Early-reject notification: January 19, 2026 Rebuttal period (interactive): February 16 - February 27, 2026 Rebuttal text due: February 23, 2026 Acceptance notification: March 19, 2026 Camera-ready deadline: April 17, 2026 Rebuttal Period Papers reaching the second round of reviewing will be given an opportunity to write a rebuttal to reviewer questions. The rebuttal period will be interactive, and is separate from the meta-review rebuttal given to accepted papers. | « 76 words » | Paper submission deadline: November 13, 2025 Early-reject notification: January 19, 2026 Rebuttal period (interactive): February 16 - February 27, 2026 Rebuttal text due: February 23, 2026 Acceptance notification: March 19, 2026 Camera-ready deadline: April 17, 2026 Rebuttal Period Papers reaching the second round of reviewing will be given an opportunity to write a rebuttal to reviewer questions. The rebuttal period will be interactive, and is separate from the meta-review rebuttal given to accepted papers. |
| Not all reviewers may choose to interact with the authors during the interactive rebuttal. | ||
| Authors have the opportunity to exchange messages with the reviewers and respond to questions asked. To this end, we will use HotCRP’s anonymous communication feature to enable a communication channel between authors and reviewers. The authors should mainly focus on factual errors in the reviews and concrete questions posed by the reviewers. New research results can also be discussed if they help to clarify open questions. More instructions will be sent out to the authors at the beginning of the rebuttal period. | « 82 words » | Authors have the opportunity to exchange messages with the reviewers and respond to questions asked. To this end, we will use HotCRP’s anonymous communication feature to enable a communication channel between authors and reviewers. The authors should mainly focus on factual errors in the reviews and concrete questions posed by the reviewers. New research results can also be discussed if they help to clarify open questions. More instructions will be sent out to the authors at the beginning of the rebuttal period. |
| Failure to follow the instructions sent at the beginning of the rebuttal (for example submitting rebuttals over the word count limit) will result in immediate rejection. All papers rejected during the rebuttal period must wait for one year, from the date of original submission, to resubmit to IEEE S&P. | ||
| Resubmission of Rejected Papers As with previous IEEE S&P symposia with multiple submission cycles, rejected papers must wait one year before resubmission to IEEE S&P. Instructions for Paper Submission These instructions apply to both the research papers and systematization of knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy. Cap on number of submissions Any author may not submit more than 6 papers per cycle. In the event an author submitted more than 6 papers in a cycle, all the papers they submitted in that cycle will be desk-rejected. Anonymous Submission Papers must be submitted in a form suitable for anonymous review: no author names or affiliations (whether they are real or the default fake names included in the IEEE template) may appear on the title page, and papers should avoid revealing authors’ identity in the text. Authors should also take care in not including acknowledgments that help identify them (e.g., funding information, names of colleagues who gave feedback on the paper). When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself. When preparing the artifacts repository authors should take extra care to not include authors’ information in the repository or artifacts content, so as not to break the anonymity of the paper submission. Authors may want to consider using services such as GitFront or Anonymous GitHub. Additionally, authors should make sure to use account names and repository names that do not identify the authors, and should remove any comments/text in the repository that may directly identify the authors or the authors’ institution. Papers that are not properly anonymized may be rejected without review. PC members who have a genuine conflict of interest with a paper, including the PC Co-Chairs and the Associate Chairs, will be excluded from evaluation and discussion of that paper. While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors should refrain from widely advertising their results, but in special circumstances they should contact the PC chairs to discuss exceptions. Authors are not allowed to directly contact PC members to discuss their submission. The submissions will be treated confidentially by the PC chairs and the program committee members. Program committee members are not allowed to share the submitted papers with anyone, with the exception of qualified external reviewers approved by the program committee chairs. Please contact the PC chairs if you have any questions or concerns. | « 521 words » | Resubmission of Rejected Papers As with previous IEEE S&P symposia with multiple submission cycles, rejected papers must wait one year before resubmission to IEEE S&P. Instructions for Paper Submission These instructions apply to both the research papers and systematization of knowledge (SoK) papers. All submissions must be original work; the submitter must clearly document any overlap with previously published or simultaneously submitted papers from any of the authors. Failure to point out and explain overlap will be grounds for rejection. Simultaneous submission of the same paper to another venue with proceedings or a journal is not allowed and will be grounds for automatic rejection. Contact the program committee chairs if there are questions about this policy. Cap on number of submissions Any author may not submit more than 6 papers per cycle. In the event an author submitted more than 6 papers in a cycle, all the papers they submitted in that cycle will be desk-rejected. Anonymous Submission Papers must be submitted in a form suitable for anonymous review: no author names or affiliations (whether they are real or the default fake names included in the IEEE template) may appear on the title page, and papers should avoid revealing authors’ identity in the text. Authors should also take care in not including acknowledgments that help identify them (e.g., funding information, names of colleagues who gave feedback on the paper). When referring to their previous work, authors are required to cite their papers in the third person, without identifying themselves. In the unusual case in which a third-person reference is infeasible, authors can blind the reference itself. When preparing the artifacts repository authors should take extra care to not include authors’ information in the repository or artifacts content, so as not to break the anonymity of the paper submission. Authors may want to consider using services such as GitFront or Anonymous GitHub. Additionally, authors should make sure to use account names and repository names that do not identify the authors, and should remove any comments/text in the repository that may directly identify the authors or the authors’ institution. Papers that are not properly anonymized may be rejected without review. PC members who have a genuine conflict of interest with a paper, including the PC Co-Chairs and the Associate Chairs, will be excluded from evaluation and discussion of that paper. While a paper is under submission to the IEEE Security & Privacy Symposium, authors may choose to give talks about their work, post a preprint of the paper to an archival repository such as arXiv, and disclose security vulnerabilities to vendors. Authors should refrain from widely advertising their results, but in special circumstances they should contact the PC chairs to discuss exceptions. Authors are not allowed to directly contact PC members to discuss their submission. The submissions will be treated confidentially by the PC chairs and the program committee members. Program committee members are not allowed to share the submitted papers with anyone, with the exception of qualified external reviewers approved by the program committee chairs. Please contact the PC chairs if you have any questions or concerns. |
| Papers that are deskrejected because they do not follow the template formatting rules or break anonymity without reviews can be resubmitted at the next cycle. (Papers that break anonymity and are discovered during the review process once reviews have been completed, must wait for one year before being resubmitted to S&P.) *Artifacts** Papers are strongly encouraged to provide artifact repositories that are anonymized as described above. Theoretical papers are strongly encouraged to submit the proofs as artifacts on such repositories at paper submission time as there will be no other possibility to provide such proofs later during the review process. | ||
| Conflicts of Interest During submission of | « 6 words » | Conflicts of Interest During submission of |
| a research paper, | an abstract, | |
| the submission site will request information about conflicts of interest of the paper’s authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, | « 42 words » | the submission site will request information about conflicts of interest of the paper’s authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members |
| before the abstract registration deadline, | ||
| according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds: | « 29 words » | according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds ( |
| the option you should select on HotCRP is listed within brackets): [Co-author] | ||
| The PC member is a co-author of the paper. | « 10 words » | The PC member is a co-author of the paper. [ |
| Co-worker] | ||
| The PC member has been a co-worker in the same company or | « 13 words » | The PC member has been a co-worker in the same company or |
| university | organization | |
| within the past two years. For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization. | « 45 words » | within the past two years. For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization. [ |
| Institutional] | ||
| The PC member has been | « 5 words » | The PC member has been |
| a collaborator | affiliated with the same academic institution (e.g., University, research institute) as one of the co-authors within the past two years. Ph.D students have a conflict with the University they graduated from for 2 years after their graduation date. [Research collaborator] The PC member has been a collaborator on a research paper | |
| within the past two years. | « 5 words » | within the past two years. |
| The definition of “research paper” includes ongoing work, unpublished work, and technical reports. [Funding collaborator] The PC member has been a collaborator (e.g., a coPI) on a funding grant within the past two years. [Advisor] | ||
| The PC member is or was the author’s primary thesis advisor, no matter how long ago. | « 16 words » | The PC member is or was the author’s primary thesis advisor, no matter how long ago. [ |
| Advisee] | ||
| The author is or was the PC member’s primary thesis advisor, no matter how long ago. | « 16 words » | The author is or was the PC member’s primary thesis advisor, no matter how long ago. [ |
| Personal] | ||
| The PC member is a relative or close personal friend of the author. For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict | « 37 words » | The PC member is a relative or close personal friend of the author. For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict |
| to | via the corresponding field in the HotCRP submission entry, such that | |
| the PC chairs, | « 3 words » | the PC chairs |
| who will mark the conflict if | can review the conflict and confirm it is | |
| appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection. Because it would not be possible to handle conflicts of interest retroactively, changes to the author list are not permitted after submission (see section on Authorship below). | « 55 words » | appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection. Because it would not be possible to handle conflicts of interest retroactively, changes to the author list are not permitted after submission (see section on Authorship below). |
| Authors are responsible for reading the entire list of PC members. COI developed during the reviewing process: Authors starting new collaborations during the review period should make all their new collaborators aware that they have submitted papers to S&P and refrain from starting such collaborations as they can create COI. | ||
| Research Ethics Committee Similar to 2025, IEEE S&P 2026 has a research ethics committee (REC) that will check papers flagged by reviewers as potentially including ethically fraught research. The REC will review flagged papers and may suggest to the PC Chairs rejection of a paper on ethical grounds. The REC consists of members of the PC. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research. Ethical Considerations for Vulnerability Disclosure Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. | « 148 words » | Research Ethics Committee Similar to 2025, IEEE S&P 2026 has a research ethics committee (REC) that will check papers flagged by reviewers as potentially including ethically fraught research. The REC will review flagged papers and may suggest to the PC Chairs rejection of a paper on ethical grounds. The REC consists of members of the PC. Authors are encouraged to review the Menlo Report for general ethical guidelines for computer and information security research. Ethical Considerations for Vulnerability Disclosure Where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. |
| It is the committee’s sense that a disclosure window of 45 days https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy to 90 days https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html ahead of publication is consistent with authors’ ethical obligations. Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns. | If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. Authors are strongly recommended to disclose vulnerabilities in their original submission. If that is not possible, authors should provide details of why they have not disclosed the vulnerabilities yet, and what is their disclosure plan. That is, | |
| The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these | « 25 words » | the version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these |
| vulnerabilities; but, consistent with the timelines above, the authors do not have | vulnerabilities. Authors are required | |
| to disclose vulnerabilities | « 3 words » | to disclose vulnerabilities |
| ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. | no later than the rebuttal deadline. If this is not possible, the authors should notify the PC chairs by email as soon as possible. Longer disclosure windows are at the discretion of the PC chairs and will only be considered in exceptional situations. Because there are no conditional accepts, reviewers can treat the lack of disclosure of vulnerabilities as a concern that can lead to rejection: reviewers need to make decisions based on the information provided at the submission and rebuttal time. | |
| The PC chairs will be happy to consult with authors about how this policy applies to their submissions. Note: Submitted papers should not include full CVE identifiers in order to preserve the anonymity of the submission. Ethical Considerations for Human Subjects Research Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should: Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards ( | « 91 words » | The PC chairs will be happy to consult with authors about how this policy applies to their submissions. Note: Submitted papers should not include full CVE identifiers in order to preserve the anonymity of the submission. Ethical Considerations for Human Subjects Research Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should: Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards ( |
| e.g., | ||
| IRB) if applicable. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect. If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions. | « 113 words » | IRB) if applicable. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect. If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions. |
| Ethics Considerations All the papers must use a separate and well-marked section titled “Ethics considerations” at the end of their paper to make the relevant disclosures. If there are no Ethics considerations, the body text of the section should be “None”. This section can be placed before or after the references and will not count towards the page limit for the main body of the paper. | ||
| Financial and Non-financial competing interests In the interests of transparency and to help readers form their own | « 18 words » | Financial and Non-financial competing interests In the interests of transparency and to help readers form their own |
| judgements | judgement | |
| of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, “Author X is on the Technical Advisory Board of the ByteCoin Foundation,” or “Professor Y is the CTO of DoubleDefense, which specializes in malware analysis.” More information regarding this policy is available here. Page Limit and Formatting (Important Changes) Submitted papers may include up to 13 pages of text and up to 5 pages for references and appendices, totaling no more than 18 pages. All text and figures past page 13 must be clearly marked as part of the appendix. The final camera-ready paper must be no more than 18 pages, although, at the PC chairs’ discretion, additional pages may be allowed. Reviewers are not required to read appendices. | « 183 words » | of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, “Author X is on the Technical Advisory Board of the ByteCoin Foundation,” or “Professor Y is the CTO of DoubleDefense, which specializes in malware analysis.” More information regarding this policy is available here. Page Limit and Formatting (Important Changes) Submitted papers may include up to 13 pages of text and up to 5 pages for references and appendices, totaling no more than 18 pages. All text and figures past page 13 must be clearly marked as part of the appendix. The final camera-ready paper must be no more than 18 pages, although, at the PC chairs’ discretion, additional pages may be allowed. Reviewers are not required to read appendices. |
| For SOK papers, the references do not count towards the number of pages. Submitted papers can not use additional pages at submission time without the explicit approval of PC Chairs. Papers that are over the allowed number of pages will be rejected without review. | ||
| Papers must be formatted for US letter (not A4) size paper. All submissions must use the IEEE “compsoc” conference proceedings template. LaTeX submissions using the IEEE templates must use IEEEtran.cls version 1.8b with options “conference,compsoc.” (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.). See the “IEEE Demo Template for Computer Society Conferences” Overleaf template for an example. We are not aware of an MS Word template that matches this style. Papers that fail to use the “compsoc” template (including using the non-compsoc IEEE conference template), modify margins, font, or line spacing, or use egregious space scrunching are subject to rejection without review. Authors are responsible for verifying the paper format (e.g., compare with the above linked Overleaf template). While HotCRP provides some automated checking, the checks are limited. Note that some LaTeX packages (e.g., \usepackage{usenix}) override the compsoc formatting and must be removed. Withdrawing Policy A paper can be withdrawn at any point before the reviews have been sent to the authors. Once the reviews have been sent to the authors the paper can not be withdrawn. Authorship Policy Changes to the authorship list (adding, removing, reordering authors) are not permitted | « 203 words » | Papers must be formatted for US letter (not A4) size paper. All submissions must use the IEEE “compsoc” conference proceedings template. LaTeX submissions using the IEEE templates must use IEEEtran.cls version 1.8b with options “conference,compsoc.” (That is, begin your LaTeX document with the line \documentclass[conference,compsoc]{IEEEtran}.). See the “IEEE Demo Template for Computer Society Conferences” Overleaf template for an example. We are not aware of an MS Word template that matches this style. Papers that fail to use the “compsoc” template (including using the non-compsoc IEEE conference template), modify margins, font, or line spacing, or use egregious space scrunching are subject to rejection without review. Authors are responsible for verifying the paper format (e.g., compare with the above linked Overleaf template). While HotCRP provides some automated checking, the checks are limited. Note that some LaTeX packages (e.g., \usepackage{usenix}) override the compsoc formatting and must be removed. Withdrawing Policy A paper can be withdrawn at any point before the reviews have been sent to the authors. Once the reviews have been sent to the authors the paper can not be withdrawn. Authorship Policy Changes to the authorship list (adding, removing, reordering authors) are not permitted |
| while the paper is under submission. | after the abstract registration deadline. | |
| Once the paper is accepted, the authors can request approval from the TPC Chairs to make changes to the ordering or affiliation in justified circumstances. If authors anticipate that they might change affiliation during the time the paper is under submission it is recommended to mark both the current and future institution as COI. ORCID requirement: All authors are required to submit an ORCID number at | « 66 words » | Once the paper is accepted, the authors can request approval from the TPC Chairs to make changes to the ordering or affiliation in justified circumstances. If authors anticipate that they might change affiliation during the time the paper is under submission it is recommended to mark both the current and future institution as COI. ORCID requirement: All authors are required to submit an ORCID number at |
| paper submission time. | abstract submission time. You can obtain an ORCID number here. ORCID numbers have to use emails that are identical with the ones used in HotCRP for the paper submission, and they have to have complete names. | |
| Papers that do not submit ORCID numbers for all authors | « 10 words » | Papers that do not submit ORCID numbers for all authors |
| and do not follow the rules above | ||
| will be desk rejected. | « 4 words » | will be desk rejected. |
| You can obtain an ORCID number here. | ||
| Conference Submission Server Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Submission servers: First deadline: https://cycle1.sp2026.ieee-security.org/ | « 38 words » | Conference Submission Server Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Submission servers: First deadline: https://cycle1.sp2026.ieee-security.org/ |
| Second deadline: https://cycle2.sp2026.ieee-security.org/ IMPORTANT: The authors are responsible to have a draft submitted 24 hours before the deadline. Submissions that failed because the submission server crashed either (a) within 24 hours of the submission deadline or (b) after the submission deadline will not be accepted. The PC Chairs will not respond to emails about this issue. | ||
| Publication and Presentation Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to register and present the paper at the conference. | « 30 words » | Publication and Presentation Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to register and present the paper at the conference. |
| Authors Responsibility It is the responsibility of all authors to be familiar with the conference CFP and the policies it specifies. LLM Policy As an IEEE conference, S&P follows the IEEE Policy about the use of LLMs which can be found here: https://pspb.ieee.org/images/files/PSPB/opsmanual.pdf Additionally, papers submitted at S&P have to follow the following policy. (This is based on the policy created by IEEE SaTML 2026). Authors are permitted to use LLMs when preparing their paper. However, while the conference does not ban authors from using LLMs or researching their security and privacy properties, authors must (a) carefully consider their decision to use LLMs and (b) are required to disclose and motivate the use of LLMs in their submission. If the authors choose to use LLMs in their work, they must use a separate and well-marked section titled “LLM usage considerations” at the end of their paper to make the relevant disclosures. This section can be placed before or after the references and will not count towards the page limit for the main body of the paper. We ask that authors adhere to three key criteria with regards to their use of LLMs in the scientific process: Originality: First, authors are responsible for the entire content of their paper, including all text and figures. While any tool may be used for writing, it is crucial that all content is accurate and original, ensuring transparency and maintaining the integrity of the research process. In particular, authors are responsible for the thoroughness of their literature review and must determine relevant prior work and cite it to ensure proper credit. If the authors have used LLMs to improve their writing, they should state: ‘LLMs were used for editorial purposes in this manuscript, and all outputs were inspected by the authors to ensure accuracy and originality.’ Transparency: Second, authors should carefully reason about the implications of using LLMs in their work. If LLMs are integral to the paper’s methodology, their use should be explicitly detailed. Any idea generated by an LLM should be independently developed and validated by the authors. Furthermore, authors must elaborate on how they handled limitations introduced in their work by their use of LLMs. Such limitations could for instance include difficulties to obtain results that are reproducible when the LLM used is not open sourced. Responsibility: Third, authors should take care to develop LLMs (and ML models in general) responsibly. Any data collection towards training models should take into account relevant ethical considerations such as consent and data holder rights, including intellectual property. Authors also have to justify the need for the environmental footprint of their experiments to achieve their goals and support their methodology. We recognize calculating such a footprint is a technical challenge in itself. We refer the authors to the work of <ul>Lacoste et al.</ul> (https://mlco2.github.io/impact/) but welcome to hear any other good references (sp26-pcchairs@ieee-security.org). We emphasize that the goal here is not to calculate the exact footprint but rather explain experimental choices made as part of the scientific process (e.g., why was an LLM necessary, why was a particular model size selected, how the authors minimized the volume of queries made, which hardware was used to run experiments). Failure to comply with these rules is grounds for desk rejection without further review of the submission and may be accompanied by a submission ban for all the authors (for more than one year) at the discretion of the PC chairs. We note that generative AI technology is rapidly evolving. Authors are encouraged to reach out proactively to the PC chairs should they face uncertainties about the above rules or how they apply to their research. | ||
| Program Committee PC Chairs Cristina Nita-Rotaru Northeastern University Nicolas Papernot University of Toronto and Vector Institute and Google DeepMind Associate Chairs Adwait Nadkarni William & Mary Amir Houmansadr University of Massachusetts Amherst Andrew Paverd Microsoft Catalin Hritcu MPI-SP Christina Garman Purdue University Daniele Cono D'Elia Sapienza University of Rome David Barrera Carleton University Florian Tramer ETH Zurich Katerina Mitrokotsa University of St Gallen Mathias Lecuyer University of British Columbia Sara Rampazzi University of Florida Sascha Fahl CISPA Stephanie Roos University of Kaiserslautern-Landau Varun Chandrasekaran UIUC William Robertson Northeastern University Ziming Zhao Northeastern University REC Chairs Blase Ur University of Chicago Sofia Celi Brave PC Members Aaron Johnson U.S. Naval Research Laboratory Aarushi Goel Purdue University Aashish Kolluri Microsoft Research AbdelRahman Abdou Carleton University Abhiram Kothapalli University of California, Berkeley Adam Oest Amazon Adam Dziedzic CISPA Adil Ahmad Arizona State University Adrien Koutsos Inria Ahmad-Reza Sadeghi Technical University Darmstadt Alejandro Russo Chalmers University of Technology, Göteborg University, DPella AB Alesia Chernikova Northeastern University Alessandro Brighente University of Padova Alexander Viand Intel Labs Alexander Hoover Stevens Institute of Technology Alexandre Debant Inria Nancy Alexios Voulimeneas TU Delft Ali Abbasi CISPA Helmholtz Center for Information Security Alin Tomescu Aptos Labs Alvaro Cardenas University of California, Santa Cruz Amit Kumar Sikder Iowa State University Amrita Roy Chowdhury University of Michigan, Ann Arbor Anca Jurcut University College Dublin Andrei Sabelfeld Chalmers University of Technology Andrew Cullen University of Melbourne Andrew Kwong UNC Chapel Hill Ang Chen University of Michigan Angelos Stavrou Virginia Tech & A2Labs Anshuman Suri Northeastern University Antonio Bianchi Purdue University Anwar Hithnawi University of Toronto Aravind Machiry Purdue University Arslan Khan Pennsylvania State University Arthur Gervais UCL Arthur Azevedo de Amorim Rochester Institute of Technology Ashwinee Panda UMD College Park Atul Prakash University of Michigan, Ann Arbor Aviv Yaish Yale University Awais Rashid University of Bristol, UK Aysajan Abidin COSIC KU Leuven Bailey Kacsmar University of Alberta Bart Copens Ghent University Ben Weintraub Northeastern University Ben Zhao University of Chicago Benjamin Beurdouche Mozilla Benjamin Dowling King's College London Benny Pinkas Apple and Bar-Ilan University Bijeeta Pal Snap Inc. Bimal Viswanath Virginia Tech Binghui Wang Illinois Institute of Technology Bo Chen Michigan Technological University Bogdan Carbunar Florida International University Boris Köpf Azure Research, Microsoft Brendan Saltaformaggio Georgia Tech Byoungyoung Lee Seoul National University Carrie Gates FS-ISAC Cas Cremers CISPA Helmholtz Center for Information Security Changyu Dong Guangzhou University Chaowei Xiao University of Wisconsin, Madison Chawin Sitawarin Google DeepMind Chengyu Song UC Riverside Christian Wressnegger Karlsruhe Institute of Technology (KIT) Christof Ferreira Torres INESC-ID / Instituto Superior Técnico (IST), University of Lisbon Christopher A. Choquette-Choo Google DeepMind Clara Schneidewind MPI-SP Claudio Soriente NEC Labs Europe Cristian-Alexandru Staicu CISPA Helmholtz Center for Information Security Dana Drachsler Cohen Technion Daniel Genkin Georgia Tech Daniel Jost Blanqet Daniele Antonioli EURECOM Dario Pasquini RSAC Labs Dave Tian Purdue University David Heath University of Illinois Urbana-Champaign David Zage Intel Corporation Deepak Garg Max Planck Institute for Software Systems Dimitris Kolonelos UC Berkeley Dominik Wermke North Carolina State University Doreen Riepel CISPA Helmholtz Center for Information Security Eleonora Losiouk University of Padua Elisa Bertino Purdue University Elisaweta Masserova Carnegie Mellon University Emiliano De Cristofaro UC Riverside Emily Wenger Duke University Emma Dauterman Stanford University Eric Pauley University of Wisconsin–Madison Eugene Bagdasarian University of Massachusetts Amherst, Google Research Evgenios Kornaropoulos George Mason University Eyal Ronen Tel Aviv University Eysa Lee Barnard College Fabian Monrose Georgia Institute of Technology Fabio De Gaspari Sapienza University of Rome Fabio Pierazzi University College London Faysal hossain Shezan University of Texas at Arlington Feargus Pendlebury Meta Fengwei Zhang Southern University of Science and Technology (SUSTech) Fengyuan Xu Nanjing University Florian Kerschbaum University of Waterloo FNU Suya University of Tennessee, Knoxville Frank Li Georgia Institute of Technology Frank Piessens KU Leuven Franziska Boenisch CISPA Gang Tan Penn State University Gautam Akiwate Stanford University / Apple Ghada Almashaqbeh University of Connecticut Ghassan Karame Ruhr University Bochum Giorgio Severi Microsoft Giovanni Camurati ETH Zurich Grant Ho University of Chicago Guanhong Tao University of Utah Habiba Farrukh University of California, Irvine Haipeng Cai University at Buffalo, SUNY Hans Hanley Meta Hanshen Xiao Purdue University/NVIDIA Hao Chen University of California, Davis Haya Schulmann Goethe-Universität Frankfurt Heather Zheng University of Chicago Heng Yin UC Riverside Hervé Debar Télécom SudParis Hieu Le Independent Researcher Hiraku Morita Aarhus University Hongxin Hu University at Buffalo Hugo Lefeuvre The University of British Columbia Hyungsub Kim Indiana University Bloomington Ian Miers University of Maryland Ilia Shumailov Google DeepMind Imtiaz Karim Purdue University Insu Yun KAIST Ioana Boureanu Surrey Centre for Cyber Security Ioannis Demertzis UCSC Ivan Evtimov Meta Ivan De Olveira Nunes University of Zurich Jamie Hayes Google DeepMind Jana Hofmann Max Planck Institute for Security and Privacy (MPI-SP) Jason Nieh Columbia University Jay Bosamiya Microsoft Research Jean-Luc Watson NVIDIA Jean-Philippe Monteuuis Qualcomm Jeremiah Blocki Purdue University Jianliang Wu Simon Fraser University Jingxuan He UC Berkeley Jinyuan Jia The Pennsylvania State University Jiska Classen Hasso Plattner Institute, University of Potsdam John Mitchell Stanford University Jon McCune Jonas Hielscher CISPA Helmholtz Center for Information Security Jonathan Katz Joseph Lallemand CNRS, IRISA, Univ. Rennes Joshua Gancher Northeastern University Julia Len UNC Chapel Hill Kari Kostiainen ETH Zurich Karthikeyan Bhargavan Cryspen Kartik Nayak Duke University Kasper Rasmussen University of Oxford Kassem Fawaz University of Wisconsin-Madison Kathrin Grosse IBM Research Kaushal Kafle University of South Florida Keewoo Lee UC Berkeley Kelsey Fulton Colorado School of Mines Kentrell Owens University of Washington Kexin Pei The University of Chicago Klaus v. Gleissenthall VU Amsterdam Konrad Rieck BIFOLD & TU Berlin Lachlan Gunn Aalto University Lea Schönherr CISPA Helmholtz Center for Information Security Lenka Mareková ETH Zurich Lesly-Ann Daniel KU Leuven Liang Wang Princeton University Lianying Zhao Carleton University Limin Jia Carnegie Mellon University Lorenzo Cavallaro University College London Lorenzo De Carli University of Calgary Lucianna Kiffer IMDEA Networks Lujo Bauer Carnegie Mellon University Lydia Zakynthinou UC Berkeley Mahak Pancholi IMDEA Software Institute Mahmood Sharif Tel Aviv University Man-Ki Yoon North Carolina State University Marco Squarcina TU Wien Marco Guarnieri IMDEA Software Institute Marcus Botacin Texas A&M University Mario D'Onghia University College London Martin Henze RWTH Aachen University & Fraunhofer FKIE Marzieh Bitaab Amazon Matthew Jones Matthew Lentz Duke University Matthew Jagielski Google DeepMind Maura Pintor University of Cagliari Mauro Conti University of Padova Meera Sridhar University of North Carolina Charlotte Michael Hicks University of Pennsylvania and Amazon Michelle Mazurek University of Maryland Milad Nasr Google Deepmind Miuyin Yong Wong University of Maryland Mohannad Alhanahnah Chalmers University Moritz Schloegel Arizona State University Morley Mao University of Michigan Mridula Singh CISPA Helmholtz Center for Information Security Mu Zhang University of Utah Muhammad Ikram Macquarie University Muoi Tran Chalmers University of Technology Murtuza Jadliwala University of Texas at San Antonio Muslum Ozgur Ozmen Arizona State University Nader Sehatbakhsh UCLA Natalia Stakhanova University of Saskathchewan, Canada Nathan Malkin New Jersey Institute of Technology Neil Gong Duke University Nguyen Phong Hoang University of British Columbia Nidhi Hegde University of Alberta Nikita Borisov University of Illinois at Urbana-Champaign Nils Lukas MBZUAI Ning Zhang Washington University in St. Louis Ning Luo University of Illinois Urbana-Champaign Ninghui Li Purdue University Nuno Santos INESC-ID / Instituto Superior Técnico, University of Lisbon Olya Ohrimenko The University of Melbourne Om Thakkar OpenAI Omar Chowdhury Stony Brook University Orfeas Thyfronitis Litos Imperial College London Pedro Moreno-Sanchez IMDEA Software Institute Peng Gao Virginia Tech Phani Vadrevu Louisiana State University Piyush Kumar Sharma University of Michigan Pratik Sarkar Supra Research Pratyush Mishra University of Pennsylvania Priyanka Nanayakkara Harvard University Qiben Yan Michigan State University Raouf Kerkouche CISPA Helmholtz Center for Information Security Ravishankar Borgaonkar University of Stavanger and SINTEF AS Reethika Ramesh Palo Alto Networks Rei Safavi-Naini University of Calgary Rex Fernando Aptos Labs Rohit Sinha Hashgraph Ryan Sheatsley University of Wisconsin–Madison Saeed Mahloujifar Meta Sahar Abdelnabi Microsoft Saikrishna Badrinarayanan Sajin Sasy CISPA Helmholtz Center for Information Security Sam Kumar University of California, Los Angeles Saman Zonouz Georgia Tech Samuel Marchal VTT Technical Research Centre of Finland Sandra Siby New York University Abu Dhabi Sanghyun Hong Oregon State University Santiago Zanella-Beguelin Microsoft Santiago Torres-Arias Purdue University Sarbartha Banerjee University of Texas at Austin Sathvik Prasad North Carolina State University Sebastian Angel University of Pennsylvania Sebastian Szyller Intel Sebastien Gambs Université du Québec à Montréal Sébastien Bardin CEA List & Université Paris Saclay Shagufta Mehnaz The Pennsylvania State University Shih-Wei Li National Taiwan University Shimaa Ahmed Visa Research Shuang Song Shweta Shinde ETH Zurich Siddharth Garg New York University Simon Oya The University of British Columbia (UBC) Sisi Duan Tsinghua University Song Li Zhejiang University Soteris Demetriou Imperial College London Sourav Das University of Illinois at Urbana Champaign Srdjan Capkun ETH Zurich Stéphanie Delaune Univ Rennes, CNRS, IRISA, France Stephen Herwig William & Mary Steve Kremer Inria, Nancy, France Sunil Manandhar IBM Research Sven Bugiel CISPA Helmholtz Center for Information Security Swarn Priya Virginia Tech Syed Rafiul Hussain Pennsylvania State University Sze Yiu Chau The Chinese University of Hong Kong Tahina Ramananandro Microsoft Research Tapti Palit UC Davis Teodora Baluta Georgia Institute of Technology Thang Hoang Virginia Tech Thomas Ristenpart Cornell Tech Thomas Pasquier University of British Columbia Thomas Nyman Ericsson Thorsten Holz CISPA Helmholtz Center for Information Security Thorsten Eisenhofer BIFOLD & TU Berlin Tiago Heinrich Max Planck Institute for Informatics Tianhao Wang University of Virginia Tiantian Gong Yale University Ting Wang Stony Brook University Tobias Fiebig Max-Planck-Institut für Informatik Ulfar Erlingsson Google Cloud Urs Hengartner University of Waterloo Varun Madathil Yale University Vincent Laporte Inria Nancy Vladimir Kolesnikov Georgia Tech Wajih Ul Hassan University of Virginia Wanrong Zhang TikTok Inc. Weilin Xu Intel Wenbo Guo UCSB Wenhai Sun Purdue University Wenjing Lou Virginia Tech Wenke Lee Georgia Institute of Technology Xavier de Carné de Carnavalet Radboud University Xiao Wang Northwestern University Yigitcan Kaya UC Santa Barbara Yiling He University College London Yinzhi Cao Johns Hopkins University Yizheng Chen University of Maryland Yongdae Kim KAIST Yossi Oren Ben-Gurion University of the Negev, Israel Yousra Aafer University of Waterloo Yu Ding Google Deepmind Yuan Tian University of California, Los Angeles Yuan Hong University of Connecticut Yuchen Yang Johns Hopkins University Yunang Chen Yunming Xiao University of Michigan Yupeng Zhang UIUC Yuzhe Tang Syracuse University Z. Berkay Celik Purdue University Zahra Ghodsi Purdue University Zhiqiang Lin Ohio State University Zhuotao Liu Tsinghua University Zimo Chai Stanford University & UC Berkeley Ziqi Yang Zhejiang University | « 1751 words » | Program Committee PC Chairs Cristina Nita-Rotaru Northeastern University Nicolas Papernot University of Toronto and Vector Institute and Google DeepMind Associate Chairs Adwait Nadkarni William & Mary Amir Houmansadr University of Massachusetts Amherst Andrew Paverd Microsoft Catalin Hritcu MPI-SP Christina Garman Purdue University Daniele Cono D'Elia Sapienza University of Rome David Barrera Carleton University Florian Tramer ETH Zurich Katerina Mitrokotsa University of St Gallen Mathias Lecuyer University of British Columbia Sara Rampazzi University of Florida Sascha Fahl CISPA Stephanie Roos University of Kaiserslautern-Landau Varun Chandrasekaran UIUC William Robertson Northeastern University Ziming Zhao Northeastern University REC Chairs Blase Ur University of Chicago Sofia Celi Brave PC Members Aaron Johnson U.S. Naval Research Laboratory Aarushi Goel Purdue University Aashish Kolluri Microsoft Research AbdelRahman Abdou Carleton University Abhiram Kothapalli University of California, Berkeley Adam Oest Amazon Adam Dziedzic CISPA Adil Ahmad Arizona State University Adrien Koutsos Inria Ahmad-Reza Sadeghi Technical University Darmstadt Alejandro Russo Chalmers University of Technology, Göteborg University, DPella AB Alesia Chernikova Northeastern University Alessandro Brighente University of Padova Alexander Viand Intel Labs Alexander Hoover Stevens Institute of Technology Alexandre Debant Inria Nancy Alexios Voulimeneas TU Delft Ali Abbasi CISPA Helmholtz Center for Information Security Alin Tomescu Aptos Labs Alvaro Cardenas University of California, Santa Cruz Amit Kumar Sikder Iowa State University Amrita Roy Chowdhury University of Michigan, Ann Arbor Anca Jurcut University College Dublin Andrei Sabelfeld Chalmers University of Technology Andrew Cullen University of Melbourne Andrew Kwong UNC Chapel Hill Ang Chen University of Michigan Angelos Stavrou Virginia Tech & A2Labs Anshuman Suri Northeastern University Antonio Bianchi Purdue University Anwar Hithnawi University of Toronto Aravind Machiry Purdue University Arslan Khan Pennsylvania State University Arthur Gervais UCL Arthur Azevedo de Amorim Rochester Institute of Technology Ashwinee Panda UMD College Park Atul Prakash University of Michigan, Ann Arbor Aviv Yaish Yale University Awais Rashid University of Bristol, UK Aysajan Abidin COSIC KU Leuven Bailey Kacsmar University of Alberta Bart Copens Ghent University Ben Weintraub Northeastern University Ben Zhao University of Chicago Benjamin Beurdouche Mozilla Benjamin Dowling King's College London Benny Pinkas Apple and Bar-Ilan University Bijeeta Pal Snap Inc. Bimal Viswanath Virginia Tech Binghui Wang Illinois Institute of Technology Bo Chen Michigan Technological University Bogdan Carbunar Florida International University Boris Köpf Azure Research, Microsoft Brendan Saltaformaggio Georgia Tech Byoungyoung Lee Seoul National University Carrie Gates FS-ISAC Cas Cremers CISPA Helmholtz Center for Information Security Changyu Dong Guangzhou University Chaowei Xiao University of Wisconsin, Madison Chawin Sitawarin Google DeepMind Chengyu Song UC Riverside Christian Wressnegger Karlsruhe Institute of Technology (KIT) Christof Ferreira Torres INESC-ID / Instituto Superior Técnico (IST), University of Lisbon Christopher A. Choquette-Choo Google DeepMind Clara Schneidewind MPI-SP Claudio Soriente NEC Labs Europe Cristian-Alexandru Staicu CISPA Helmholtz Center for Information Security Dana Drachsler Cohen Technion Daniel Genkin Georgia Tech Daniel Jost Blanqet Daniele Antonioli EURECOM Dario Pasquini RSAC Labs Dave Tian Purdue University David Heath University of Illinois Urbana-Champaign David Zage Intel Corporation Deepak Garg Max Planck Institute for Software Systems Dimitris Kolonelos UC Berkeley Dominik Wermke North Carolina State University Doreen Riepel CISPA Helmholtz Center for Information Security Eleonora Losiouk University of Padua Elisa Bertino Purdue University Elisaweta Masserova Carnegie Mellon University Emiliano De Cristofaro UC Riverside Emily Wenger Duke University Emma Dauterman Stanford University Eric Pauley University of Wisconsin–Madison Eugene Bagdasarian University of Massachusetts Amherst, Google Research Evgenios Kornaropoulos George Mason University Eyal Ronen Tel Aviv University Eysa Lee Barnard College Fabian Monrose Georgia Institute of Technology Fabio De Gaspari Sapienza University of Rome Fabio Pierazzi University College London Faysal hossain Shezan University of Texas at Arlington Feargus Pendlebury Meta Fengwei Zhang Southern University of Science and Technology (SUSTech) Fengyuan Xu Nanjing University Florian Kerschbaum University of Waterloo FNU Suya University of Tennessee, Knoxville Frank Li Georgia Institute of Technology Frank Piessens KU Leuven Franziska Boenisch CISPA Gang Tan Penn State University Gautam Akiwate Stanford University / Apple Ghada Almashaqbeh University of Connecticut Ghassan Karame Ruhr University Bochum Giorgio Severi Microsoft Giovanni Camurati ETH Zurich Grant Ho University of Chicago Guanhong Tao University of Utah Habiba Farrukh University of California, Irvine Haipeng Cai University at Buffalo, SUNY Hans Hanley Meta Hanshen Xiao Purdue University/NVIDIA Hao Chen University of California, Davis Haya Schulmann Goethe-Universität Frankfurt Heather Zheng University of Chicago Heng Yin UC Riverside Hervé Debar Télécom SudParis Hieu Le Independent Researcher Hiraku Morita Aarhus University Hongxin Hu University at Buffalo Hugo Lefeuvre The University of British Columbia Hyungsub Kim Indiana University Bloomington Ian Miers University of Maryland Ilia Shumailov Google DeepMind Imtiaz Karim Purdue University Insu Yun KAIST Ioana Boureanu Surrey Centre for Cyber Security Ioannis Demertzis UCSC Ivan Evtimov Meta Ivan De Olveira Nunes University of Zurich Jamie Hayes Google DeepMind Jana Hofmann Max Planck Institute for Security and Privacy (MPI-SP) Jason Nieh Columbia University Jay Bosamiya Microsoft Research Jean-Luc Watson NVIDIA Jean-Philippe Monteuuis Qualcomm Jeremiah Blocki Purdue University Jianliang Wu Simon Fraser University Jingxuan He UC Berkeley Jinyuan Jia The Pennsylvania State University Jiska Classen Hasso Plattner Institute, University of Potsdam John Mitchell Stanford University Jon McCune Jonas Hielscher CISPA Helmholtz Center for Information Security Jonathan Katz Joseph Lallemand CNRS, IRISA, Univ. Rennes Joshua Gancher Northeastern University Julia Len UNC Chapel Hill Kari Kostiainen ETH Zurich Karthikeyan Bhargavan Cryspen Kartik Nayak Duke University Kasper Rasmussen University of Oxford Kassem Fawaz University of Wisconsin-Madison Kathrin Grosse IBM Research Kaushal Kafle University of South Florida Keewoo Lee UC Berkeley Kelsey Fulton Colorado School of Mines Kentrell Owens University of Washington Kexin Pei The University of Chicago Klaus v. Gleissenthall VU Amsterdam Konrad Rieck BIFOLD & TU Berlin Lachlan Gunn Aalto University Lea Schönherr CISPA Helmholtz Center for Information Security Lenka Mareková ETH Zurich Lesly-Ann Daniel KU Leuven Liang Wang Princeton University Lianying Zhao Carleton University Limin Jia Carnegie Mellon University Lorenzo Cavallaro University College London Lorenzo De Carli University of Calgary Lucianna Kiffer IMDEA Networks Lujo Bauer Carnegie Mellon University Lydia Zakynthinou UC Berkeley Mahak Pancholi IMDEA Software Institute Mahmood Sharif Tel Aviv University Man-Ki Yoon North Carolina State University Marco Squarcina TU Wien Marco Guarnieri IMDEA Software Institute Marcus Botacin Texas A&M University Mario D'Onghia University College London Martin Henze RWTH Aachen University & Fraunhofer FKIE Marzieh Bitaab Amazon Matthew Jones Matthew Lentz Duke University Matthew Jagielski Google DeepMind Maura Pintor University of Cagliari Mauro Conti University of Padova Meera Sridhar University of North Carolina Charlotte Michael Hicks University of Pennsylvania and Amazon Michelle Mazurek University of Maryland Milad Nasr Google Deepmind Miuyin Yong Wong University of Maryland Mohannad Alhanahnah Chalmers University Moritz Schloegel Arizona State University Morley Mao University of Michigan Mridula Singh CISPA Helmholtz Center for Information Security Mu Zhang University of Utah Muhammad Ikram Macquarie University Muoi Tran Chalmers University of Technology Murtuza Jadliwala University of Texas at San Antonio Muslum Ozgur Ozmen Arizona State University Nader Sehatbakhsh UCLA Natalia Stakhanova University of Saskathchewan, Canada Nathan Malkin New Jersey Institute of Technology Neil Gong Duke University Nguyen Phong Hoang University of British Columbia Nidhi Hegde University of Alberta Nikita Borisov University of Illinois at Urbana-Champaign Nils Lukas MBZUAI Ning Zhang Washington University in St. Louis Ning Luo University of Illinois Urbana-Champaign Ninghui Li Purdue University Nuno Santos INESC-ID / Instituto Superior Técnico, University of Lisbon Olya Ohrimenko The University of Melbourne Om Thakkar OpenAI Omar Chowdhury Stony Brook University Orfeas Thyfronitis Litos Imperial College London Pedro Moreno-Sanchez IMDEA Software Institute Peng Gao Virginia Tech Phani Vadrevu Louisiana State University Piyush Kumar Sharma University of Michigan Pratik Sarkar Supra Research Pratyush Mishra University of Pennsylvania Priyanka Nanayakkara Harvard University Qiben Yan Michigan State University Raouf Kerkouche CISPA Helmholtz Center for Information Security Ravishankar Borgaonkar University of Stavanger and SINTEF AS Reethika Ramesh Palo Alto Networks Rei Safavi-Naini University of Calgary Rex Fernando Aptos Labs Rohit Sinha Hashgraph Ryan Sheatsley University of Wisconsin–Madison Saeed Mahloujifar Meta Sahar Abdelnabi Microsoft Saikrishna Badrinarayanan Sajin Sasy CISPA Helmholtz Center for Information Security Sam Kumar University of California, Los Angeles Saman Zonouz Georgia Tech Samuel Marchal VTT Technical Research Centre of Finland Sandra Siby New York University Abu Dhabi Sanghyun Hong Oregon State University Santiago Zanella-Beguelin Microsoft Santiago Torres-Arias Purdue University Sarbartha Banerjee University of Texas at Austin Sathvik Prasad North Carolina State University Sebastian Angel University of Pennsylvania Sebastian Szyller Intel Sebastien Gambs Université du Québec à Montréal Sébastien Bardin CEA List & Université Paris Saclay Shagufta Mehnaz The Pennsylvania State University Shih-Wei Li National Taiwan University Shimaa Ahmed Visa Research Shuang Song Shweta Shinde ETH Zurich Siddharth Garg New York University Simon Oya The University of British Columbia (UBC) Sisi Duan Tsinghua University Song Li Zhejiang University Soteris Demetriou Imperial College London Sourav Das University of Illinois at Urbana Champaign Srdjan Capkun ETH Zurich Stéphanie Delaune Univ Rennes, CNRS, IRISA, France Stephen Herwig William & Mary Steve Kremer Inria, Nancy, France Sunil Manandhar IBM Research Sven Bugiel CISPA Helmholtz Center for Information Security Swarn Priya Virginia Tech Syed Rafiul Hussain Pennsylvania State University Sze Yiu Chau The Chinese University of Hong Kong Tahina Ramananandro Microsoft Research Tapti Palit UC Davis Teodora Baluta Georgia Institute of Technology Thang Hoang Virginia Tech Thomas Ristenpart Cornell Tech Thomas Pasquier University of British Columbia Thomas Nyman Ericsson Thorsten Holz CISPA Helmholtz Center for Information Security Thorsten Eisenhofer BIFOLD & TU Berlin Tiago Heinrich Max Planck Institute for Informatics Tianhao Wang University of Virginia Tiantian Gong Yale University Ting Wang Stony Brook University Tobias Fiebig Max-Planck-Institut für Informatik Ulfar Erlingsson Google Cloud Urs Hengartner University of Waterloo Varun Madathil Yale University Vincent Laporte Inria Nancy Vladimir Kolesnikov Georgia Tech Wajih Ul Hassan University of Virginia Wanrong Zhang TikTok Inc. Weilin Xu Intel Wenbo Guo UCSB Wenhai Sun Purdue University Wenjing Lou Virginia Tech Wenke Lee Georgia Institute of Technology Xavier de Carné de Carnavalet Radboud University Xiao Wang Northwestern University Yigitcan Kaya UC Santa Barbara Yiling He University College London Yinzhi Cao Johns Hopkins University Yizheng Chen University of Maryland Yongdae Kim KAIST Yossi Oren Ben-Gurion University of the Negev, Israel Yousra Aafer University of Waterloo Yu Ding Google Deepmind Yuan Tian University of California, Los Angeles Yuan Hong University of Connecticut Yuchen Yang Johns Hopkins University Yunang Chen Yunming Xiao University of Michigan Yupeng Zhang UIUC Yuzhe Tang Syracuse University Z. Berkay Celik Purdue University Zahra Ghodsi Purdue University Zhiqiang Lin Ohio State University Zhuotao Liu Tsinghua University Zimo Chai Stanford University & UC Berkeley Ziqi Yang Zhejiang University |