Papers

In this first year, IEEE Cybersecurity Development (SecDev) 2016 is soliciting short papers that present innovations, experience-based insights, or a vision. The goal is to share useful and thought provoking ideas, to push forward the art and science of secure development. In future years, the academic portion of SecDev will expand to include more complete articles.

Overview

SecDev is a new venue for presenting ideas, research, and experience about how to develop secure systems.

SecDev is distinguished by its focus on how to “build security in” (and not simply discover the absence of security). Its goal is to encourage and disseminate ideas for secure system development among both academia and industry. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers. We anticipate that attendees from academic conferences like IEEE S&P, USENIX Security, PLDI, FSE, ISSTA, SOUPS, and many others could contribute ideas to SecDev, as could attendees of industrial conferences like AppSec, RSA, Black Hat, and Shmoocon.

Papers have the option of appearing in the conference’s formal proceedings, or not. SecDev is also interested in tutorials on processes, frameworks, languages, and tools. The goal is to propose useful and thought provoking ideas, and to share knowledge on the art and science of secure system development.

Areas of interest include (but are not limited to):

  • Security engineering processes, from requirements to maintenance
  • Dynamic/static analysis and runtime approaches towards application security
  • Programming languages and frameworks supporting security
  • Testing strategies to ensure security
  • Explorations of formal verification and other high-assurance methods for security
  • Code reviews, red teams, and other human-centered assurance
  • Security-focused system (HW/SW/architecture) designs
  • Human-centered design for systems security
  • Distributed systems design and implementation for security

What makes SecDev different than other conferences?

SecDev is interested in work that has a demonstrated connection to building systems that are more secure. It is not enough to show that an existing system, however prominent, is insecure. Nor is it enough to propose a new cryptosystem or formal security model with nice mathematical properties but no concrete exploration of how it would be used to build systems more securely. Instead, papers should be about (as a few examples) how a development library, tool, or process can produce systems resilient against certain attacks; how a formal foundation could underpin a language, tool, or testing strategy that can help produce stronger systems; and experience, designs, or applications showing how cryptography can be used effectively to secure systems.

A good SecDev paper may resemble an elaborated vision statement, a grant proposal, or a mini-keynote summarizing prior work and directions. We are not interested in complete works that manage to fit in a few pages; rather we want bigger ideas (previously published or not) that will lead to a stimulating, thoughtful, and perhaps (gently) provocative discussion. A good SecDev tutorial will introduce interested practitioners and researchers to technologies (e.g., languages, tools, frameworks) that show promise in aiding the development of secure systems.

Submission Details

Submit your papers here: https://secdev16.hotcrp.com/

Papers must be submitted using the two-column IEEE Proceedings style available for various document preparation systems at the IEEE Conference Publishing Services page at http://www.ieee.org/conferences_events/conferences/publishing/templates.html. Submissions may be one of three categories:

  • (Up to) 5-page papers. These must be well-argued and worthy of publication and citation, on the topics above. They may present new work or ideas, or draw substantially from the authors’ previously published results. Authors of accepted papers will present their work at the conference (likely in a 20 minute slot), and their papers may optionally appear in the conference’s formal proceedings. The page count does not include bibliographic references.
  • One-page abstracts. Abstracts will be reviewed lightly and all accepted abstracts will be published on the SecDev 2016 web page. Authors of accepted abstracts will be invited to give a talk during a “5-minute madness” session at the conference.
  • Tutorial proposals. Tutorials should aim to be 90 minutes long. Preference will be given to tutorials that are hands-on, rather than simply slide presentations. Proposals should be 1 page and cover (a) the topic; (b) a summary of the tutorial format with possible pointers to relevant materials; (c) the expected audience and expected learning outcomes; (d) prior tutorials or talks on similar topics by the authors (and audience size), if any.

We are seeking broad representation in the program, and may take this into account when reviewing multiple submissions from the same authors. We prefer experienced presenters and each submission must indicate on the submission site which co-author will present the paper at the meeting. Accepted papers will appear in the conference proceedings.

This call for papers is inspired by SNAPL (http://snapl.org/2015/cfp.html).

If you have any questions about submissions, send an email to secdev16-pcchairs@ieee.org.

If you have any questions about tutorials, send an email to secdev16-tutorials@ieee.org.

Important Dates

  • Submission: Jun 24, 2016
  • Decisions announced: Aug. 3, 2016
  • Final versions due: Sep. 1, 2016
  • Conference: Nov. 3-4, 2016

Program Committee

  • June Andronick, Data61/CSIRO (formerly NICTA) and UNSW
  • Ivan Arce, Sadosky Foundation
  • Stephen Chong, Harvard
  • Andy Chou, Co-founded of Coverity
  • Michael D. Ernst, University of Washington
  • Michael Hicks, University of Maryland (PC Chair)
  • Jaeyeon Jung, Microsoft Research
  • Boris Koepf, IMDEA Software Institute
  • Ben Livshits, Microsoft Research
  • Milo Martin, Google
  • Gary McGraw, Cigital
  • Andrew Myers, Cornell University
  • Chris Palmer, Google
  • Daniele Perito, Square
  • Bart Preneel, KU Leuven
  • Tamara Rezk, INRIA
  • Elaine Shi, Cornell University
  • Stelios Sidiroglou-Douskos, MIT (Tutorials Chair) Gary McGraw, Cigital
  • Merrielle Spain, MIT Lincoln Laboratory
  • Deian Stefan, UCSD and Intrinsic
  • Sam Weber, CMU Software Engineering Institute
  • Chris Wysopal, Veracode
  • Danfeng Zhang, Penn State University

Download .txt file here: https://www.computer.org/cms/CYBSI/docs/2016-SecDev-CFP.txt

Download .pdf file here: https://www.computer.org/cms/CYBSI/docs/2016-SecDev-CFP.pdf

IEEE SecDev uses an experimental delayed open access model, where the content is paywalled for 12 months, then reverts to open access.  This model enables the IEEE to support future initiatives and new conferences while also enabling authors wide distribution of their work.  It is a balance, and the best agreement we could get for this new conference.  Let us know if we got it right.