SecDev is a venue for presenting ideas, research, and experience about how to develop secure systems.
SecDev is distinguished by its focus on the theory, techniques, and tools for how to “build security in” to computing systems, and not simply discover the absence of security. Its goal is to encourage and disseminate ideas for secure system development between both academia and industry. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers. Great SecDev contributions could come from attendees of industrial conferences like AppSec, RSA, Black Hat, and Shmoocon; from attendees of academic conferences like IEEE S&P, USENIX Security, PLDI, FSE, ISSTA, SOUPS, and others; and from newcomers.
SecDev is soliciting two types of contributions. First, SecDev is a forum for short papers that present innovations, experience-based insights, or a vision about how to build security in to existing and new computing systems. New work is encouraged. A summary of an ongoing research agenda is also welcome. Second, SecDev is also interested in tutorials on processes, frameworks, languages, and tools for building security in. The goal is to propose useful and thought-provoking ideas, and to share knowledge on the art and science of secure systems development.
Areas of interest include (but are not limited to):
- Security engineering processes, from requirements to maintenance
- Security-focused system designs (HW/SW/architecture)
- Distributed systems design and implementation for security
- Human-centered design for systems security
- Programming languages, development tools, and ecosystems supporting security
- Risk management and testing strategies to improve security
- Static program analysis for software security
- Dynamic analysis and runtime approaches for software security
- Explorations of formal verification and other high-assurance methods for security
- Automation of programming, deployment, and maintenance tasks for security
- Code reviews, red teams, and other human-centered assurance
SecDev is interested in work that can demonstrate a practical connection to building systems that are more secure. It is not enough to show that an existing system, however prominent, is insecure. Nor is it enough to propose a new cryptosystem or formal security model with nice mathematical properties, but with no concrete experience of how it would be used to build systems more securely. Examples of topics that are in scope include: how a development library, tool, or process can produce systems resilient to certain attacks; how a formal foundation can underpin a language, tool, or testing strategy that improves security; and experience, designs, or applications showing how to apply cryptographic techniques effectively to secure systems.
A great SecDev paper resembles an elaborated vision statement, a grant proposal, or a mini-keynote summarizing prior work and proposing a new direction or future vision of how to build security in for new and existing systems. We are not seeking only complete works that manage to fit in a few pages; rather, we want bigger ideas (previously published or not) that will lead to a stimulating, thoughtful, and perhaps (gently) provocative discussion.
A great SecDev tutorial will introduce interested practitioners and researchers to technologies (e.g., languages, tools, frameworks) that show promise in aiding the development of secure systems.
Submit your papers here: [TBD]
Papers must be submitted using the two-column IEEE Proceedings style: http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
Submissions may be one of three categories:
- (Up to) 5-page papers. These must be well-argued and worthy of publication and citation, on the topics above. They may present new work or ideas, or draw substantially from the authors’ previously published results. Authors of accepted papers will present their work at the conference (likely in a 20 minute slot), and their papers will appear in the conference’s formal proceedings. The page count does not include bibliographic references.
- One-page abstracts. Abstracts will be reviewed lightly and all accepted abstracts will be published on the SecDev 2017 web page. Authors of accepted abstracts will be invited to give a talk during a “5-minute madness” session at the conference.
- Tutorial proposals. Tutorials should aim to be 90 minutes long. Preference will be given to tutorials that are hands-on, rather than simply slide presentations. Proposals should be 2 pages and cover (a) the topic; (b) a summary of the tutorial format with possible pointers to relevant materials; (c) the expected audience and expected learning outcomes; (d) prior tutorials or talks on similar topics by the authors (and audience size), if any.
Tutorials will occur on the first day of the conference and will be included as part of the conference. Note that if an accepted tutorial requires special materials or environments for the hands-on participation, we expect the authors to provide necessary preparation instructions for the attendees (we will contact the authors after we accept the proposal).
We are seeking broad representation in the program, and may take this into account when reviewing multiple submissions from the same authors. We prefer experienced presenters and each submission must indicate on the submission site which co-author will present the paper at the meeting. Accepted papers will appear in the conference proceedings.
If you have any questions about submissions, send an email to firstname.lastname@example.org.
If you have any questions about tutorials, send an email to email@example.com.
|Submission:||May 30, 2017|
|Tutorial Submission:||June 2, 2017|
|Decisions announced:||June 23, 2017|
|Final versions due:||July 21, 2017|
|Conference:||Sept. 24-26, 2017|
- Michael D. Ernst, University of Washington
- Trent Jaeger, Pennsylvania State University
- Fan Long, Massachusetts Institute of Technology