USENIX Security '17: 26th USENIX Security Symposium

Announcement and Call for Papers www.usenix.org/sec17/cfp

August 16–18, 2017 • Vancouver, BC, Canada

USENIX Security ’17: 26th USENIX

Security Symposium

Important Dates

• Paper submissions due: Thursday, February 16, 2017, 5:00 p.m. PST

• Invited talk and panel proposals due: Thursday, February 16, 2017,

9:00 p.m. PST

• Early reject notification: Tuesday, March 21, 2017

• Notification to authors: Friday, May 12, 2017

• Final papers due: Thursday, June 29, 2017, 9:00 pm PDT

• Poster proposals due: Thursday, July 6, 2017, 9:00 pm PDT

• Notification to poster presenters: Thursday, July 13, 2017

• Work-in-Progress submissions due: Wednesday, August 16, 2017,

12:00 pm PDT

Symposium Organizers

Program Co-Chairs

Engin Kirda, Northeastern University

Thomas Ristenpart, Cornell Tech

Program Committee

Devdatta Akhawe, Dropbox

Manos Antonakakis, Georgia Institute of Technology

Michael Backes, CISPA, Saarland University, and Max Planck Institute for

Software Systems (MPI-SWS)

Michael Bailey, University of Illinois at Urbana-Champaign

Davide Balzarotti, Eurecom

Lujo Bauer, Carnegie Mellon University

Karthikeyan Bhargavan, Inria

Leyla Bilge, Symantec

Joseph Bonneau, Electronic Frontier Foundation and Stanford University

Dolan-Gavitt Brendan, New York University

Kevin Butler, University of Florida

Juan Caballero, IMDEA Software Institute

Srdjan Capkun, ETH Zurich

David Cash, Rutgers University

Stephen Checkoway, University of Illinois at Chicago

Nicolas Christin, Carnegie Mellon University

Manuel Costa, Microsoft Research

Adam Doupé, Arizona State University

Rev. 12/7/16

Tudor Dumitras, University of Maryland

Manuel Egele, Boston University

Serge Egelman, International Computer Science Institute and University of

California, Berkeley

William Enck, North Carolina State University

Roya Ensafi, Princeton University

Cédric Fournet, Microsoft Research

Matthew Fredrikson, Carnegie Mellon University

Guofei Gu, Texas A&M University

Nadia Heninger, University of Pennsylvania

Thorsten Holz, Ruhr-Universtät Bochum

Suman Jana, Columbia University

Martin Johns, SAP Research

Ari Juels, Cornell Tech

Chris Kanich, University of Illinois at Chicago

Alexandros Kapravelos, North Carolina State University

Tadayoshi Kohno, University of Washington

Farinaz Koushanfar, University of California, San Diego

Andrea Lanzi, University of Milan

Wenke Lee, Georgia Institute of Technology

Tim Leek, MIT Lincoln Laboratory

Zhenkai Liang, National University of Singapore

David Lie, University of Toronto

Zhiqiang Lin, The University of Texas at Dallas

Ben Livshits, Microsoft Research

Long Lu, Stony Brook University

Ivan Martinovic, Oxford University

Michelle Mazurek, University of Maryland

Damon McCoy, New York University

Jonathan McCune, Google

Sarah Meiklejohn, University College London

Andrew Miller, University of Illinois at Urbana–Champaign

Prateek Mittal, Princeton University

Nick Nikiforakis, Stony Brook University

Alina Oprea, Northeastern University

Kenny Paterson, Royal Holloway, University of London

Mathias Payer, Purdue University

Roberto Perdisci, University of Georgia

Michalis Polychranakis, Stony Brook University

Christina Pöpper, New York University

Sponsored by USENIX, the Advanced Computing Systems Association

Adrienne Porter Felt, Google

Georgios Portokalidis, Stevens Institute of Technology

William Robertson, Northeastern University

Franziska Roesner, University of Washington

Andrei Sabelfeld, Chalmers University of Technology

Thomas Shrimpton, University of Florida

Stelios Sidiroglou-Douskos, Massachusetts Institute of Technology

Robin Sommer, International Computer Science Institute

Deian Stefan, University of California, San Diego

Gianluca Stringhini, University College London

Kurt Thomas, Google

Patrick Traynor, University of Florida

Blaze Ur, University of Chicago

Giovanni Vigna, University of California, Santa Barbara

XiaoFeng Wang, Indiana University

Xi Wang, University of Washington

Yuval Yarom, University of Adelaide

Yinqian Zhang, The Ohio State University

Steering Committee

Matt Blaze, University of Pennsylvania

Dan Boneh, Stanford University

Kevin Fu, University of Michigan

Casey Henderson, USENIX Association

Thorsten Holz, Ruhr-Universtät Bochum

Jaeyeon Jung, Microsoft Research

Tadayoshi Kohno, University of Washington

Niels Provos, Google

David Wagner, University of California, Berkeley

Dan Wallach, Rice University

Symposium Overview

The USENIX Security Symposium brings together researchers, practitio-

ners, system administrators, system programmers, and others interested

in the latest advances in the security and privacy of computer systems

and networks. The 26th USENIX Security Symposium will be held August

16–18, 2017, in Vancouver, BC.

All researchers are encouraged to submit papers covering novel and

scientifically significant practical works in computer security. Submis-

sions are due on Thursday, February 16, 2016, 5:00 p.m. PST. The

Symposium will span three days, with a technical program including

refereed papers, invited talks, posters, panel discussions, and Birds-of-a-

Feather sessions. Co-located workshops will precede the Symposium

on August 14 and 15.

Symposium Topics

Refereed paper submissions are solicited in all areas relating to systems

research in security and privacy, including but not limited to:

• System security

Operating systems security

Web security

Mobile systems security

Distributed systems security

Cloud computing security

• Network security

Intrusion and anomaly detection and prevention

Network infrastructure security

Denial-of-service attacks and countermeasures

Wireless security

• Cryptographic implementation analysis and construction

• Applied cryptography

• Security analysis

Malware analysis

Analysis of network and security protocols

Attacks with novel insights, techniques, or results

Forensics and diagnostics for security

Automated security analysis of hardware designs and

implementation

Automated security analysis of source code and binaries

Program analysis

• Data-driven security and measurement studies

Measurements of fraud, malware, spam

Measurements of human behavior and security

• Privacy-enhancing technologies and anonymity

• Usable security and privacy

• Language-based security

• Hardware security

Secure computer architectures

Embedded systems security

Methods for detection of malicious or counterfeit hardware

Side channels

• Research on surveillance and censorship

• Social issues and security

Research on computer security law and policy

Ethics of computer security research

Research on security education and training

This topic list is not meant to be exhaustive; USENIX Security is interested

in all aspects of computing systems security and privacy. Papers without

a clear application to security or privacy, however, will be considered out

of scope and may be rejected without full review.

Refereed Papers

Papers that have been formally reviewed and accepted will be present-

ed during the Symposium and published in the Symposium Proceed-

ings. It is required that one of the paper authors attend the conference

and present the work. It is the responsibility of the authors to find a

suitable replacement presenter for their work, if the need arises.

A registration discount will be available for one author per paper. If

the registration fee poses a hardship to the presenter, USENIX will offer

complimentary registration.

A major mission of the USENIX Association is to provide for the

creation and dissemination of new knowledge. In keeping with this and

as part of USENIX’s open access policy, the Proceedings will be available

online for registered attendees before the Symposium and for everyone

starting on the opening day of the technical sessions. USENIX also allows

authors to retain ownership of the copyright in their works, requesting

only that USENIX be granted the right to be the first publisher of that

work. See our sample consent form at www.usenix.org/sites/default/

files/2016_consent_author.pdf for the complete terms of publication.

Symposium Activities

In addition to the refereed papers and the keynote presentation, the

technical program will include invited talks, panel discussions, a poster

session, and Birds-of-a-Feather sessions (BoFs). You are invited to make

suggestions regarding topics or speakers in any of these sessions via

email to the program co-chairs at sec17chairs@usenix.org.

Invited Talks

Invited talks will be held in parallel with the refereed paper sessions.

Please submit topic suggestions and talk proposals via email to

sec17it@usenix.org by Thursday, February 16, 2017, 9:00 p.m. PST.

Panel Discussions

The technical sessions may include topical panel discussions. Please

send topic suggestions and proposals to sec17chairs@usenix.org by

Thursday, February 16, 2017, 9:00 p.m. PST.

Poster Session

Would you like to share a provocative opinion, an interesting pre-

liminary work, or a cool idea that will spark discussion at this year’s

USENIX Security Symposium? The poster session is the perfect venue

to introduce such new or ongoing work. Poster presenters will have

the entirety of the evening reception to discuss their work, get expo-

sure, and receive feedback from attendees.

To submit a poster, please submit a draft of your poster, in PDF

(maximum size 36” by 48”), or a one-page abstract via the poster

session submission form on the Call for Papers Web site, www.

usenix.org/sec17/cfp , by Thursday, July 6, 2017, 9:00 p.m. PDT. Deci-

sions will be made by Thursday, July 13, 2017. Posters will not be

included in the proceedings but may be made available online if

circumstances permit. Poster submissions must include the authors’

names, affiliations, and contact information. At least one author of

each accepted poster must register for and attend the Symposium

to present the poster.

Work-in-Progress Session

We will host a WiP session (also previously known as rump session)

on the evening of Wednesday, August 16, 2017. This is intended as

an informal session for short and engaging presentations on recent

unpublished results, work in progress, or other topics of interest to

the USENIX Security attendees. As in the past, talks do not always

need to be serious and funny talks are encouraged! To submit a WiP

talk, email sec17wip[email protected] by Wednesday, August 16, 2017,

12:00 pm PDT.

Doctoral Colloquium

What opportunities await security students graduating with a PhD?

On Thursday evening, students will have the opportunity to listen to

informal panels of faculty and industrial researchers providing per-

sonal perspectives on their post-PhD career search. Learn about the

academic job search, the industrial research job search, research fund

raising, dual-career challenges, life uncertainty, and other idiosyn-

crasies of the ivory tower. The event is organized by Thorsten Holz.

If you would like to speak in the Doctoral Colloquium, please email

sec17[email protected].

Birds-of-a-Feather Sessions (BoFs)

Birds-of-a-Feather sessions (BoFs) will be held Tuesday, Wednesday,

and Thursday evenings. Birds-of-a-Feather sessions are informal gath-

erings of persons interested in a particular topic. BoFs often feature a

presentation or a demonstration followed by discussion, announce-

ments, and the sharing of strategies. BoFs can be scheduled on-site

or in advance. To schedule a BoF, please send email to the USENIX

Conference Department at [email protected]g with the title and a brief

description of the BoF; the name, title, affiliation, and email address of

the facilitator; and your preference of date and time.

Submission Policies

Important: Note that some past USENIX Security Symposia have had

different policies and requirements, please read the following text

carefully.

Submissions are due by Thursday, February 16, 2017, 5:00 p.m.

PST (hard deadline). All submissions will be made online via the

Web form on the Call for Papers Web site, www.usenix.org/sec17/cfp.

Submissions should be finished, complete papers, and we may reject

papers without review that have severe editorial problems (broken

references, egregious spelling or grammar errors, figures, etc.).

Paper submissions should be at most 13 typeset pages, exclud-

ing bibliography and well-marked appendices. These appendices

may be included to assist reviewers who may have questions that fall

outside the stated contribution of the paper on which your work is

to be evaluated or to provide details that would only be of inter-

est to a small minority of readers. There is no limit on the length of

the bibliography and appendices but reviewers are not required to

read any appendices so the paper should be self-contained without

them. Once accepted, papers must be reformatted to fit in 18 pages,

including bibliography and any appendices. The submission must

be formatted in 2 columns, using 10-point Times Roman type on

12-point leading, in a text block of 6.5”x9”, on 8.5”x11” (letter-sized)

paper. If you wish, please make use of USENIX’s LaTeX template and

style files, available at www.usenix.org/conferences/author-resources/

paper-templates, when preparing your paper for submission. Failure

to adhere to the page limit and formatting requirements can be

grounds for rejection.

Conflicts of Interest

The program co-chairs require cooperation from both authors and

program committee members to prevent submissions from being

evaluated by reviewers who have a conflict of interest. During the

submission process, we will ask authors to identify members of the

program committee with whom they share a conflict of interest. This

includes: (1) anyone who shares an institutional affiliation with an

author at the time of submission, (2) anyone who was the advisor or

advisee of an author at any time in the past, or (3) anyone the author

has collaborated or published with in the prior two years. For other

forms of conflict, authors must contact the chairs and explain the

perceived conflict.

Program committee members who are conflicts of interest with a

paper, including program co-chairs, will be excluded from both on-

line and in-person evaluation and discussion of the paper by default.

Early Rejection and Rebuttals

Papers will receive a first round of reviews. Papers marked as early

reject will not be considered further. The authors of papers not

rejected early will receive the ability to provide a short rebuttal that

will be considered in subsequent discussions. Authors’ rebut-

tals must

clearly and explicitly identify concrete issues with factual

statements in the initial reviews, or provide clarification to explicit

reviewer questions.

Anonymous Submission

The review process will be double blind. Papers must be submit-

ted in a form suitable for anonymous review: no author names or

affiliations may appear on the title page and authors should avoid

revealing their identity in the text. When referring to your previous

work, do so in the third person, as though it were written by some-

one else. Only blind the reference itself in the (unusual) case that

a third- person reference is infeasible. Papers that are not properly

anonymized may be rejected without review.

Facebook Internet Defense Prize

The Internet Defense Prize recognizes and rewards research that

meaningfully makes the internet more secure. Created in 2014, the

award is funded by Facebook and offered in partnership with USENIX

to celebrate contributions to the protection and defense of the inter-

net. Successful recipients of the Internet Defense Prize will provide

a working prototype that demonstrates significant contributions

to the security of the internet, particularly in the areas of preven-

tion and defense. This award is meant to recognize the direction of

the research and not necessarily its progress to date. The intent of

the award is to inspire researchers to focus on high-impact areas of

research.

You may submit your USENIX Security ’17 paper submission for

consideration for the Prize as part of the regular submission process.

More details will be available here soon. Find out more about the

Internet Defense Prize at internetdefenseprize.org.

Human Subjects and Ethical Considerations

Submissions that describe experiments on human subjects, that

analyze data derived from human subjects (even anonymized data),

or that otherwise may put humans at risk should:

1. Disclose whether the research received an approval or waiver

from each of the authors’ institutional ethics review boards (e.g.,

an IRB).

2. Discuss steps taken to ensure that participants and others who

might have been affected by an experiment were treated ethi-

cally and with respect.

If the submission deals with vulnerabilities (e.g., software vulnerabili-

ties in a given program or design weaknesses in a hardware system),

the authors need to discuss in detail the steps they plan to take to

address these vulnerabilities (e.g., by disclosing vulnerabilities to the

vendors). The same applies if the submission deals with personally

identifiable information (PII) or other kinds of sensitive data. If a paper

raises significant ethical and legal concerns, it might be rejected

based on these concerns.

Submission Instructions

All submissions will be made online via the Web form, which will

be available soon. Submissions must be in PDF format. LaTeX users

can use the “pdflatex” command to convert a LaTeX document into

PDF format. Please make sure your submission can be opened using

Adobe Reader. Please also make sure your submission, and all em-

bedded figures, are intelligible when printed in grayscale.

All submissions will be judged on originality, relevance, correct-

ness, and clarity. In addition to citing relevant published work,

authors should relate their submission to any other relevant submis-

sions of theirs in other venues that are under review at the same time

as their submission to the Symposium. These citations to simultane-

ously submitted papers should be anonymized; non-anonymous

versions of these citations must, however, be emailed to the program

co-chairs at sec17chairs@usenix.org. Simultaneous submission of the

same work to multiple venues, submission of previously published

work, or plagiarism constitutes dishonesty or fraud. Failure to point

out and explain overlap will be grounds for rejection. USENIX, like

other scientific and technical conferences and journals, prohibits

these practices and may take action against authors who have

committed them. See the USENIX Conference Submissions Policy at

www.usenix.org/conferences/author-resources/submissions-policy

for details. Questions? Contact your program co-chairs, sec17chairs@

usenix.org, or the USENIX office, submissionspolic[email protected]rg.

The program committee and external reviewers are required to

treat all submissions as confidential. However, the program co-chairs

or designated committee members may share submissions outside

the program committee to allow chairs of other conferences to

identify dual submissions.

Papers that do not comply with the submission requirements,

including length and anonymity, or that do not have a clear applica-

tion to security or privacy may be rejected without review. Papers ac-

companied by nondisclosure agreement forms will not be considered.

Authors will be notified of acceptance by Friday, May 12, 2017. The

final paper due date is Thursday, June 29, 2017, 9:00 p.m. PDT. Each

accepted submission may be assigned a member of the program

committee to act as its shepherd through the preparation of the final

paper. The assigned member will act as a conduit for feedback from

the committee to the authors.

All papers will by default be available online to registered attend-

ees before the symposium. If your accepted paper should not be

published prior to the event, please notify production@usenix.org.

The papers will be available online to everyone beginning on the

first day of the symposium, August 16, 2017.

Specific questions about submissions may be sent to the pro-

gram co-chairs at sec17chairs@usenix.org. The chairs will respond to

individual questions about the submission process if contacted at

least a week before the submission deadline.