31st USENIX Security Symposium - August 10-12, 2022, Boston, MA, USA Sponsored by USENIX, the Advanced Computing Systems Association
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Announcement and Call for Papers www.usenix.org/sec22/cfp
31st USENIX Security Symposium
August 10–12, 2022, Boston, MA, USA
Sponsored by USENIX, the Advanced Computing Systems Association
The USENIX Security Symposium brings together researchers, Winter Deadline
practitioners, system administrators, system programmers, • Refereed paper submissions due: Tuesday, February 1, 2022,
and others interested in the latest advances in the security 11:59 pm AoE
and privacy of computer systems and networks. The 31st
USENIX Security Symposium will be held August 10–12, 2022,
• Early reject notification: March 11, 2022
in Boston, MA. • Rebuttal Period: April 18–20, 2022
Important: The USENIX Security Symposium moved to multiple
• Notification to authors: May 2, 2022
submission deadlines in 2019 and included changes to the review • Final paper files due: June 14, 2022
process and submission policies. Detailed information is available
at USENIX Security Publication Model Changes. • Invited talk and panel proposals due: Tuesday, February 1, 2022
All researchers are encouraged to submit papers covering • Poster proposals due: Wednesday, July 6, 2022
novel and scientifically significant practical works in computer ° Notification to poster presenters: Wednesday, July 13, 2022
security. The Symposium will span three days with a technical Conference Organizers
program including refereed papers, invited talks, posters, panel
discussions, and Birds-of-a-Feather sessions. Co-located events Program Co-Chairs
will precede the Symposium on August 8 and 9. Kevin Butler, University of Florida
Kurt Thomas, Google
Important Dates
Program Committee
Summer Deadline Yousra Aafer, University of Waterloo
• Refereed paper submissions due: Tuesday, June 8, 2021, Ruba Abu-Salma, King’s College London
11:59 pm AoE Gunes Acar, Katholieke Universiteit Leuven
• Early reject notification: July 15, 2021 Sadia Afroz, International Computer Science Institute (ICSI), Avast
• Rebuttal Period: August 23–25, 2021 Devdatta Akhawe, Dropbox
• Notification to authors: September 3, 2021 Daniel Alexander Zappala, Brigham Young University
• Final paper files due: October 5, 2021 Ardalan Amiri Sani, University of California, Irvine
Olabode Anise, Google
Fall Deadline
Daniele Antonioli, EPFL, EURECOM
• Refereed paper submissions due: Tuesday, October 12, 2021, Maria Apostolaki, ETH Zurich
11:59 pm AoE
Elias Athanasopoulos, University of Cyprus
• Early reject notification: November 20, 2021 Davide Balzarotti, EURECOM
• Rebuttal Period: January 10–12, 2022 Tiffany Bao, Arizona State University
• Notification to authors: January 20, 2022 David Barrera, Carleton Univeristy
• Final paper files due: February 22, 2022 Adam Bates, University of Illinois at Urbana–Champaign
Lejla Batina, Radboud University
Lujo Bauer, Carnegie Mellon University
Rev. 09/24/21Jethro Beekman, Fortanix Aurélien Francillon, EURECOM
Antonio Bianchi, Purdue University Michael Franz, University of California, Irvine
Battista Biggio, University of Cagliari Yanick Fratantonio, Cisco Talos
Leyla Bilge, NortonLifeLock Research Group David Freeman, Facebook
Vincent Bindschaedler, University of Florida Patrick Gage Kelley, Google
Priyam Biswas, Intel Eva Galperin, Electronic Frontier Foundation
Marina Blanton, University at Buffalo Vinod Ganapathy, Indian Institute of Science (IISc)
Tamara Bonaci, Northeastern University Christina Garman, Purdue University
Joseph Bonneau, New York University Carrie Gates, Bank of America
Glencora Borradaile, Oregon State University Genevieve Gebhart, University of Washington Information School
Marcus Botacin, Federal University of Paraná Daniel Genkin, University of Michigan
Ioana Boureanu, University of Surrey Ryan Gerdes, Virginia Tech
Nathan Burow, MIT Lincoln Laboratory Arthur Gervais, Imperial College London
Joseph Calandrino, Federal Trade Commission Irene Giacomelli, Protocol Labs
Stefano Calzavara, Università Ca’ Foscari Venezia Yossi Gilad, The Hebrew University of Jerusalem
Yinzhi Cao, Johns Hopkins University Neil Gong, Duke University
Srdjan Capkun, ETH Zurich Tyrone Grandison, The Data-Driven Institute
Alvaro Cardenas, University of California, Santa Cruz Daniel Gruss, Graz University of Technology
Nicholas Carlini, Google Guofei Gu, Texas A&M University
Lorenzo Cavallaro, University College London Le Guan, University of Georgia
Z. Berkay Celik, Purdue University Shuang Hao, The University of Texas at Dallas
Sang Kil Cha, Korea Advanced Institute of Science and Technology Wajih Ul Hassan, University of Illinois at Urbana–Champaign
(KAIST) Christophe Hauser, USC/Information Sciences Institute
Neha Chachra, Facebook Xiali Hei, University of Louisiana at Lafayette
Rahul Chatterjee, University of Wisconsin—Madison Grant Hernandez, Qualcomm
Sze Yiu Chau, The Chinese University of Hong Kong Matthew Hicks, Virginia Tech
Kai Chen, Institute of Information Engineering, Chinese Academy Ralph Holz, University of Twente
of Sciences Thorsten Holz, Ruhr University Bochum
Qi Alfred Chen, University of California, Irvine Nick Hopper, University of Minnesota
Yizheng Chen, Columbia University Diane Hosfelt, Apple
Sherman S. M. Chow, The Chinese University of Hong Kong Syed Rafiul Hussain, The Pennsylvania State University
Amrita Roy Chowdhury, University of Wisconsin—Madison Luca Invernizzi, Google
Nicolas Christin, Carnegie Mellon University Sotiris Ioannidis, Technical University of Crete
Chitchanok Chuengsatiansup, The University of Adelaide Cynthia Irvine, Naval Postgraduate School
Camille Cobb, Carnegie Mellon University Suman Jana, Columbia University
Shaanan Cohney, Princeton University and University of Melbourne Ramya Jayaram Masti, Intel
Andrea Continella, University of Twente Yuseok Jeon, UNIST (Ulsan National Institute of Science and
Cas Cremers, CISPA Helmholtz Center for Information Security Technology)
Bruno Crispo, University of Trento Yier Jin, University of Florida
Weidong Cui, Microsoft Research Brent Byunghoon Kang, Korea Advanced Institute of Science and
Anupam Das, North Carolina State University Technology (KAIST)
Pubali Datta, University of Illinois at Urbana–Champaign Chris Kanich, University of Illinois at Chicago
Nathan Dautenhahn, Rice University Apu Kapadia, Indiana University Bloomington
Alexandra Dmitrienko, University of Wuerzburg Alexandros Kapravelos, North Carolina State University
Adam Doupe, Arizona State University Vasileios Kemerlis, Brown University
Tudor Dumitras, University of Maryland Florian Kerschbaum, University of Waterloo
Zakir Durumeric, Stanford University Taesoo Kim, Georgia Institute of Technology
Manuel Egele, Boston University Yongdae Kim, Korea Advanced Institute of Science and Technology
Thomas Eisenbarth, University of Lübeck (KAIST)
Mary Ellen Zurko, MIT Lincoln Laboratory Sam King, University of California, Davis and Bouncer Technologies
Mohamed Elsabagh, Kryptowire Michel Kinsy, TAMU
Pardis Emami-Naeini, University of Washington Engin Kirda, Northeastern University
William Enck, North Carolina State University Katharina Kohls, Radboud University
Roya Ensafi, University of Michigan Tadayoshi Kohno, University of Washington
Birhanu Eshete, University of Michigan Kari Kostiainen, ETH Zurich
Sascha Fahl, CISPA Helmholtz Center for Information Security Srikanth Krishnamurthy, University of California, Riverside
Kassem Fawaz, University of Wisconsin—Madison Katharina Krombholz, CISPA Helmholtz Center for Information
Yunsi Fei, Northeastern University Security
Earlence Fernandes, University of Wisconsin—Madison Christopher Kruegel, University of California, Santa Barbara
Domenic Forte, University of Florida Deepak Kumar, Stanford University
Anil Kurmus, IBM Research EuropeAndrea Lanzi, University of Milan Radia Perlman, Dell EMC Pavel Laskov, University of Liechtenstein Peter Peterson, University of Minnesota Byoungyoung Lee, Seoul National University Fabio Pierazzi, King’s College London Kyu Hyung Lee, University of Georgia Christina Poepper, New York University Abu Dhabi Sangho Lee, Microsoft Research Niels Provos, Stripe Wenke Lee, Georgia Institute of Technology Amir Rahmati, Stony Brook University Tancrède Lepoint, Google Jeyavijayan Rajendran, Texas A&M University Ada Lerner, Wellesley College Sara Rampazzi, University of Florida Frank Li, Georgia Institute of Technology Mariana Raykova, Google Qi Li, Tsinghua University Joel Reardon, University of Calgary Tianshi Li, Carnegie Mellon University Bradley Reaves, North Carolina State University David Lie, University of Toronto Elissa Redmiles, Max Planck Institute for Software Systems Zhiqiang Lin, Ohio State University (MPI-SWS) Martina Lindorfer, TU Wien Michael K. Reiter, Duke University Guyue Liu, Carnegie Mellon University Konrad Rieck, Technische Universität Braunschweig Kangjie Lu, University of Minnesota William Robertson, Northeastern University Wouter Lueks, EPFL Franziska Roesner, University of Washington Xiapu Luo, The Hong Kong Polytechnic University Eyal Ronen, Tel Aviv University Matteo Maffei, TU Wien Stefanie Roos, TU Delft Stefan Mangard, Graz University of Technology Ahmad-Reza Sadeghi, Technische Universität Darmstadt Mohammad Mannan, Concordia University Brendan Saltaformaggio, Georgia Institute of Technology Ivan Martinovic, Oxford University Nitesh Saxena, University of Alabama at Birmingham Michelle Mazurek, University of Maryland Michael Schwarz, CISPA Helmholtz Center for Information Security Patrick McDaniel, The Pennsylvania State University Jörg Schwenk, Ruhr University Bochum Shagufta Mehnaz, Dartmouth College Wendy Seltzer, W3C and Massachusetts Institute of Technology Aastha Mehta, University of British Columbia, Vancouver Johanna Sepulveda, Airbus Sarah Meiklejohn, University College London and Google Mahmood Sharif, Tel Aviv University and VMware Marcela Melara, Intel Labs Imani N. Sherman, University of Florida Nele Mentens, Leiden University and Katholieke Universiteit Leuven Shweta Shinde, ETH Zurich Jiang Ming, The University of Texas at Arlington Fatemeh Shirazi, Web3 Foundation Ariana Mirian, University of California, San Diego Maliheh Shirvanian, Visa Research Jelena Mirkovic, University of Southern California Yan Shoshitaishvili, Arizona State University Daniel Moghimi, University of California, San Diego Haya Shulman, Fraunhofer SIT Esfandiar Mohammadi, University of Lübeck Peter Snyder, Brave Browser Mainack Mondal, Indian Institute of Technology, Kharagpur Sooel Son, Korea Advanced Institute of Science and Technology Soo-Jin Moon, Google (KAIST) Veelasha Moonsamy, Ruhr University Bochum Chengyu Song, University of California, Riverside Thomas Moyer, University of North Carolina Alessandro Sorniotti, IBM Research Europe Marius Muench, Vrije Universiteit Amsterdam Michael Specter, Massachusetts Institute of Technology Takao Murakami, AIST Drew Springall, Auburn University Toby Murray, University of Melbourne Jessica Staddon, JPMorgan Chase Nick Nikiforakis, Stony Brook University Emily Stark, Google Anita Nikolich, University of Illinois at Urbana–Champaign Angelos Stavrou, Virginia Tech Shirin Nilizadeh, The University of Texas at Arlington Deian Stefan, University of California, San Diego Adam Oest, PayPal Ben Stock, CISPA Helmholtz Center for Information Security Hamed Okhravi, MIT Lincoln Laboratory Gianluca Stringhini, Boston University Cristina Onete, University of Limoges/XLIM/CNRS 7252 Yixin Sun, University of Virginia Yossi Oren, Ben-Gurion University of the Negev Yuqiong Sun, Facebook Rebekah Overdorf, EPFL Qiang Tang, The University of Sydney Miroslav Pajic, Duke University Dave ( Jing) Tian, Purdue University Dimitrios Papadopoulos, The Hong Kong University of Science Yuan Tian, University of Virginia and Technology Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Bryan Parno, Carnegie Mellon University Security Mathias Payer, EPFL Shruti Tople, Microsoft Research Paul Pearce, Georgia Institute of Technology, International Com- Santiago Torres-Arias, Purdue University puter Science Institute (ICSI) Florian Tramèr, Stanford University Giancarlo Pellegrino, CISPA Helmholtz Center for Information Patrick Traynor, University of Florida Security Carmela Troncoso, EPFL Roberto Perdisci, University of Georgia and Georgia Institute of Güliz Seray Tuncay, Google Technology Selcuk Uluagac, Florida International University
Blase Ur, University of Chicago • Network security
Anjo Vahldiek-Oberwagner, Intel Labs ° Intrusion and anomaly detection and prevention
Michel van Eeten, Delft University of Technology ° Network infrastructure security
Mayank Varia, Boston University ° Denial-of-service attacks and countermeasures
Ingrid Verbauwhede, Katholieke Universiteit Leuven
° Wireless security
Hayawardh Vijayakumar, Samsung Research America
Bimal Viswanath, Virginia Tech
• Security analysis
° Malware analysis
Daniel Votipka, Tufts University
David Wagner, University of California, Berkeley ° Analysis of network and security protocols
Michael Waidner, Technische Universität Darmstadt ° Attacks with novel insights, techniques, or results
Gang Wang, University of Illinois at Urbana–Champaign ° Forensics and diagnostics for security
Ting Wang, The Pennsylvania State University ° Automated security analysis of hardware designs and
XiaoFeng Wang, Indiana University Bloomington implementation
Michael Weissbacher, Square, Inc. ° Automated security analysis of source code and binaries
Tara Whalen, Carleton University ° Program analysis
Christian Wressnegger, Karlsruhe Institute of Technology (KIT) • Machine learning security and privacy
Matthew Wright, Rochester Institute of Technology • Data-driven security and measurement studies
Eric Wustrow, University of Colorado Boulder ° Measurements of fraud, malware, spam
Jason (Minhui) Xue, The University of Adelaide ° Measurements of human behavior and security
Daphne Yao, Virginia Tech
Yuval Yarom, The University of Adelaide and Data61
• Privacy-enhancing technologies and anonymity
Tuba Yavuz, University of Florida
• Usable security and privacy
Yanfang (Fanny) Ye, Case Western Reserve University • Language-based security
Heng Yin, University of California, Riverside • Hardware security
Qiang Zeng, University of South Carolina ° Secure computer architectures
Sarah Zennou, Airbus ° Embedded systems security
Fengwei Zhang, Southern University of Science and Technology ° Methods for detection of malicious or counterfeit
(SUSTech) hardware
Xiangyu Zhang, Purdue University ° Side channels
Yang Zhang, CISPA Helmholtz Center for Information Security • Research on surveillance and censorship
Yuan Zhang, Fudan University • Social issues and security
Yajin Zhou, Zhejiang University ° Research on computer security law and policy
Haojin Zhu, Shanghai Jiao Tong University
° Ethics of computer security research
Steering Committee ° Research on security education and training
Michael Bailey, University of Illinois at Urbana–Champaign ° Information manipulation, misinformation, and
Matt Blaze, University of Pennsylvania disinformation
Dan Boneh, Stanford University ° Protecting and understanding at-risk users
Srdjan Capkun, ETH Zurich ° Emerging threats, harassment, extremism, and
William Enck, North Carolina State University online abuse
Kevin Fu, University of Michigan
• Applications of cryptography
Rachel Greenstadt, New York University
° Analysis of deployed cryptography and cryptographic
Casey Henderson, USENIX Association protocols
Nadia Heninger, University of California, San Diego
° Cryptographic implementation analysis
Thorsten Holz, Ruhr-Universität Bochum
° New cryptographic protocols with real-world
Engin Kirda, Northeastern University applications
Tadayoshi Kohno, University of Washington
This topic list is not meant to be exhaustive; USENIX Security is
Thomas Ristenpart, Cornell Tech interested in all aspects of computing systems security and pri-
Franziska Roesner, University of Washington vacy. Papers without a clear application to security or privacy of
Patrick Traynor, University of Florida computing systems, however, will be considered out of scope
David Wagner, University of California, Berkeley and may be rejected without full review.
Symposium Topics Refereed Papers
Refereed paper submissions are solicited in all areas relating Papers that have been formally reviewed and accepted will
to systems research in security and privacy, including but not be presented during the Symposium and published in the
limited to: Symposium Proceedings. By submitting a paper, you agree
• System security that at least one of the authors will attend the conference to
Operating systems security present it. Alternative arrangements will be made if global
°
health concerns persist. If the conference registration fee will
° Web security
pose a hardship for the presenter of the accepted paper,
° Mobile systems security please contact conference@usenix.org.
° Distributed systems security
° Cloud computing securityA major mission of the USENIX Association is to provide for the Submission Policies
creation and dissemination of new knowledge. In keeping with Important: The USENIX Security Symposium moved to multiple
this and as part of USENIX’s open access policy, the Proceed- submission deadlines in 2019 and included changes to the review
ings will be available online for registered attendees before the process and submission policies. Detailed information is available
Symposium and for everyone starting on the opening day of the at USENIX Security Publication Model Changes at www.usenix.org/
technical sessions. USENIX also allows authors to retain owner- conference/usenixsecurity22/publication-model-change.
ship of the copyright in their works, requesting only that USENIX
be granted the right to be the first publisher of that work. See USENIX Security ’22 submissions deadlines are as follows:
our sample consent form at www.usenix.org/sample_consent_ • Summer Deadline: Tuesday, June 8, 2021, 11:59 pm AoE
form.pdf for the complete terms of publication.
• Fall Deadline: Tuesday, October 12, 2021, 11:59 pm AoE
Go to Paper Submission Policies and Instructions page at www. • Winter Deadline: Tuesday, February 1, 2022, 11:59 pm AoE
usenix.org/conference/usenixsecurity22/submission-policies- All papers that are accepted by the end of the winter submis-
and-instructions for more information. sion reviewing cycle (February–May 2022) will appear in the
proceedings for USENIX Security ’22. All submissions will be
Artifact Evaluation made online via their respective web forms, linked from the
The Call for Artifacts will be available soon. USENIX Security ’22 Call for Papers web page: Summer Dead-
line, Fall Deadline, Winter Deadline. Do not email submissions.
Symposium Activities Submissions should be finished, complete papers, and we
Invited Talks, Panels, Poster Session, Lightning Talks, and BoFs may reject papers without review that have severe editorial
In addition to the refereed papers and the keynote presenta- problems (broken references, egregious spelling or grammar
tion, the technical program will include invited talks, panel errors, missing figures, etc.) or are submitted in violation of the
discussions, a poster session, and Birds-of-a-Feather sessions Submission Instructions outlined below.
(BoFs). You are invited to make suggestions regarding topics
or speakers in any of these sessions via email to the contacts All paper submissions, including Major Revisions, should be at
listed below or to the program co-chairs at sec22chairs@ most 13 typeset pages, excluding bibliography and well-marked
usenix.org. appendices. These appendices may be included to assist
reviewers who may have questions that fall outside the stated
Invited Talks and Panel Discussions contribution of the paper on which your work is to be evaluated
Invited talks and panel discussions will be held in parallel with or to provide details that would only be of interest to a small
the refereed paper sessions. Please submit topic suggestions minority of readers. There is no limit on the length of the bibli-
and talk and panel proposals via email to sec22it@usenix.org ography and appendices but reviewers are not required to read
by February 1, 2022. any appendices so the paper should be self-contained without
them. Once accepted, papers must be reformatted to fit in 18
Poster Session pages, including the bibliography and any appendices.
Would you like to share a provocative opinion, an interesting Papers should be typeset on U.S. letter-sized pages in two-
preliminary work, or a cool idea that will spark discussion at this column format in 10-point Times Roman type on 12-point
year’s USENIX Security Symposium? The poster session is the leading (single-spaced), in a text block 7” x 9” deep. Authors are
perfect venue to introduce such new or ongoing work. Poster encouraged to make use of USENIX’s LaTeX template and style
presenters will have the entirety of the evening reception to files available at www.usenix.org/paper-templates when pre-
discuss their work, get exposure, and receive feedback from paring your paper for submission. Failure to adhere to the page
attendees. limit and formatting requirements can be grounds for rejection.
To submit a poster, please submit a draft of your poster, in Papers should not attempt to “squeeze space” by exploiting
PDF (maximum size 36” by 48”), or a one-page abstract via underspecified formatting criteria (e.g., columns) or through
the poster session submission form, linked from the USENIX manipulating other document properties (e.g., page layout,
Security ’22 Call for Papers web page, by July 6, 2022. Decisions spacing, fonts, figures and tables, headings). Papers that, in the
will be made by July 13, 2022. Posters will not be included in the chair’s assessment, make use of these techniques to receive an
proceedings but may be made available online if circumstances unfair advantage, will be rejected, even if they comply with the
permit. Poster submissions must include the authors’ names, above specifications.
affiliations, and contact information. At least one author of
each accepted poster must register for and attend the Sympo- Please make sure your paper successfully returns from the
sium to present the poster. PDF checker (visible upon PDF submission) and that document
properties, such as font size and margins, can be verified via
Lightning Talks PDF editing tools such as Adobe Acrobat. Papers where the
Information about lightning talks will be available soon. chairs can not verify compliance with the CFP will be rejected.
Birds-of-a-Feather Sessions (BoFs) Prepublication of Papers
Birds-of-a-Feather sessions (BoFs) will be held Tuesday, Prepublication versions of papers accepted for USENIX Secu-
Wednesday, and Thursday evenings. Birds-of-a-Feather rity ’22 will be published and open and accessible to everyone
sessions are informal gatherings of persons interested in a without restrictions on the following dates:
particular topic. BoFs often feature a presentation or a demon-
stration followed by discussion, announcements, and the shar-
• Summer Deadline: Tuesday, November 9, 2021
ing of strategies. BoFs can be scheduled on-site or in advance. • Fall Deadline: Tuesday, April 5, 2022
To schedule a BoF, please send an email to the USENIX Confer- • Winter Deadline: TBD (final papers will be published with the
ence Department at bofs@usenix.org with the title and a brief full conference proceedings)
description of the BoF; the name, title, affiliation, and email
address of the facilitator; and your preference of date and time.Embargo Requests While submitted papers must be anonymous, authors may
Authors may request an embargo for their papers by the dead- choose to give talks about their work, post a preprint of the
line dates listed below. All embargoed papers will be released paper online, disclose security vulnerabilities to vendors or the
on the first day of the conference, Wednesday, August 10, 2022. public, etc. during the review process.
• Summer Deadline: Tuesday, November 2, 2021 Facebook Internet Defense Prize
• Fall Deadline: Tuesday, March 29, 2022 The Internet Defense Prize recognizes and rewards research
• Winter Deadline: Tuesday, July 12, 2022 that meaningfully makes the internet more secure. Created in
2014, the award is funded by Facebook and offered in partner-
Conflicts of Interest
ship with USENIX to celebrate contributions to the protection
The program co-chairs require cooperation from both authors and defense of the internet. Successful recipients of the Inter-
and program committee members to prevent submissions net Defense Prize will provide a working prototype that demon-
from being evaluated by reviewers who have a conflict of strates significant contributions to the security of the internet,
interest. During the submission process, we will ask authors to particularly in the areas of prevention and defense. This award
identify members of the program committee with whom they is meant to recognize the direction of the research and not
share a conflict of interest. This includes: (1) anyone who shares necessarily its progress to date. The intent of the award is to
an institutional affiliation with an author at the time of submis- inspire researchers to focus on high-impact areas of research.
sion, (2) anyone who was the advisor or advisee of an author at
any time in the past, (3) anyone the author has collaborated or You may submit your USENIX Security ’22 paper submission for
published within the prior two years, (4) anyone who is serv- consideration for the Prize as part of the regular submission
ing as the sponsor or administrator of a grant that funds your process. Find out more about the Internet Defense Prize at
research, or (5) close personal friendships. For other forms www.internetdefenseprize.org.
of conflict, authors must contact the chairs and explain the Human Subjects and Ethical Considerations
perceived conflict.
Submissions that describe experiments on human subjects,
Program committee members who are conflicts of interest with that analyze data derived from human subjects (even anony-
a paper, including program co-chairs, will be excluded from mized data), or that otherwise may put humans at risk should:
both online and in-person evaluation and discussion of the
1. Disclose whether the research received an approval or
paper by default.
waiver from each of the authors’ institutional ethics review
Early Rejection Notification boards (e.g., an IRB).
The review process will consist of several reviewing rounds. In 2. Discuss steps taken to ensure that participants and others
order to allow authors time to improve their work and submit who might have been affected by an experiment were
to other venues, authors of submissions for which there is a treated ethically and with respect.
consensus on rejection will be notified earlier. If the submission deals with vulnerabilities (e.g., software
vulnerabilities in a given program or design weaknesses in a
Author Responses hardware system), the authors need to discuss in detail the
Authors of papers that have not been rejected early will have steps they have already taken or plan to take to address these
an opportunity to respond to an initial round of reviews. We en- vulnerabilities (e.g., by disclosing vulnerabilities to the vendors).
courage authors to focus on questions posed by reviewers and The same applies if the submission deals with personally
significant factual corrections. Once reviews are released to identifiable information (PII) or other kinds of sensitive data. If
authors for rebuttal, we will not process requests to withdraw a paper raises significant ethical and legal concerns, it might be
the paper and the paper will be viewed as under submission rejected based on these concerns.
until the end of the cycle.
Contact the program co-chairs at sec22chairs@usenix.org if
Anonymous Submission you have any questions.
The review process will be double-blind. Papers must be Reviews from Prior Submissions
submitted in a form suitable for anonymous review:
Drawn from the ACM CCS 2020 CFP, IEEE S&P 2021
• The title page should not contain any author names or For papers that were previously submitted to, and rejected
affiliations. from, another conference, authors are required to submit a
• Authors should carefully review figures and appendices separate document containing the prior reviews along with a
(especially survey instruments) to ensure affiliations are not description of how those reviews were addressed in the current
accidentally included. version of the paper. Authors are only required to include re-
• When referring to your previous work, do so in the third views from the last time the paper was submitted. This includes
person, as though it were written by someone else. Only withdrawn papers (if reviews were received) as well as papers
blind the reference itself in the (unusual) case that a third- whose last submission was at USENIX. Reviewers will be asked
person reference is infeasible. to complete their reviews before reading the provided supple-
mentary material to avoid being biased in formulating their own
• Authors may include links to websites that contain source opinions; once their reviews are complete, however, reviewers
code, tools, or other supplemental material. Neither the
link in the paper nor the website itself should contain the will be given the opportunity to provide additional comments
authors’ names or affiliations. based on the submission history of the paper. Authors who try
to circumvent this rule (e.g., by changing the title of the paper
Papers that are not properly anonymized may be rejected
without significantly changing the contents) may have their
without review.
papers rejected without further consideration, at the discretion
of the PC chairs.Submission Instructions Note that under the changes to the USENIX Security publication
All submissions will be made online via their respective web model, papers that have received a decision of Major Revisions
forms. Do not email submissions. Submissions must be in PDF from USENIX Security are still considered to be under review
format. LaTeX users can use the “pdflatex” command to convert for the following two review cycles after notification; authors
a LaTeX document into PDF format. Please make sure your sub- must formally withdraw their paper if they wish to submit to
mission can be opened using Adobe Reader. Please also make another venue. See USENIX Security Publication Model Changes
sure your submission, and all embedded figures, are intelligible at www.usenix.org/conference/usenixsecurity22/publication-
when printed in grayscale. model-change for details. For submissions that received Reject
or Reject and Resubmit decisions from USENIX Security ’21,
For resubmissions of Major Revisions, authors must submit a resubmissions must follow the rules laid out for when they can
separate PDF that includes the verbatim Major Revision criteria, be resubmitted (i.e., not in the next deadline for Reject and
a list of changes to the paper, and a statement of how the Resubmit, and not in the next two deadlines for Reject).
changes address the review comments. While not required,
authors are strongly encouraged to submit as part of the PDF a Questions? Contact your program co-chairs, sec22chairs@
“PDF ‘diff’” to assist reviewers in identifying your modifications. usenix.org, or the USENIX office, submissionspolicy@usenix.org.
For papers that were previously submitted to, and rejected The program committee and external reviewers are required to
from, another conference, the required document (see Reviews treat all submissions as confidential. However, the program co-
from Prior Submissions above) should be submitted as a PDF chairs or designated committee members may share submis-
file using the “Prior Reviews” field in the submission forms, not sions outside the program committee to allow chairs of other
via an appendix. conferences to identify dual submissions.
All submissions will be judged on originality, relevance, cor- Papers that do not comply with the submission requirements,
rectness, and clarity. In addition to citing relevant published including length and anonymity, that do not comply with
work, authors should relate their submission to any other resubmission policies, or that do not have a clear application
relevant submissions of theirs in other venues that are under to security or privacy may be rejected without review. Papers
review at the same time as their submission to the Symposium. accompanied by nondisclosure agreement forms will not be
These citations to simultaneously submitted papers should be considered.
anonymized; non-anonymous versions of these citations must, Each accepted submission may be assigned a member of the
however, be emailed to the program co-chairs at sec22chairs@ program committee to act as its shepherd through the prepa-
usenix.org. Simultaneous submission of the same work to ration of the final paper. The assigned member will act as a
multiple venues, submission of previously published work, or conduit for feedback from the committee to the authors.
plagiarism constitutes dishonesty or fraud. Failure to point out
and explain overlap will be grounds for rejection. USENIX, like All papers will be available online before the symposium. If your
other scientific and technical conferences and journals, prohib- accepted paper should not be published prior to the event,
its these practices and may take action against authors who please notify production@usenix.org after you submit your
have committed them. See the USENIX Conference Submissions final paper. See the Embargo Requests section for deadlines.
Policy at www.usenix.org/submissions-policy for details. Specific questions about submissions may be sent to the
program co-chairs at sec22chairs@usenix.org. The chairs will
respond to individual questions about the submission process
if contacted at least a week before the submission deadline.You can also read
