SecDev is a venue for presenting ideas, research, and experience about how to develop secure systems.
SecDev is distinguished by its focus on the theory, techniques, and tools for how to “build security in” to computing systems, and not simply discover the absence of security. Its goal is to encourage and disseminate ideas for secure system development among academia, industry, and government. Developers have valuable experiences and ideas that can inform academic research, and researchers have concepts, studies, and even code and tools that could benefit developers. Great SecDev contributions could come from attendees of industrial conferences like AppSec, RSA, Black Hat, and Shmoocon; from attendees of academic conferences like IEEE S&P, IEEE CSF, USENIX Security, PLDI, FSE, ISSTA, SOUPS, and others; and from newcomers.
SecDev solicits four types of contributions. First, SecDev is a forum for novel research papers that present innovations, experience-based insights, or a vision about how to “build security in” to existing and new computing systems. Position papers with exceptional visions will also be considered. Second, SecDev seeks Best Practices (BP) papers that provide an in-depth clarification and integration of solutions on a major security area. The paper needs to provide new perspectives and insights, although it could draw upon prior work. Third, SecDev seeks hands-on and interactive tutorials on processes, frameworks, languages, and tools for building security in. The goal is to share knowledge on the art and science of secure systems development. Fourth, SecDev seeks abstracts from practitioners to share their practical experiences and challenges in security development.
- Security engineering processes, from requirements to maintenance
- Security-focused system designs (HW/SW/architecture)
- Distributed systems design and implementation for security
- Human-centered design for systems security
- Tools and methodology for secure code development
- Programming languages, development tools, and ecosystems supporting security
- Risk management and testing strategies to improve security
- Static program analysis for software security
- Dynamic analysis and runtime approaches for software security
- Explorations of formal verification and other high-assurance methods for security
- Automation of programming, deployment, and maintenance tasks for security
- Code reviews, red teams, and other human-centered assurance
- Security assistance for software developers and security analysts
SecDev is interested in work that can demonstrate a practical connection to building systems that are more secure. It is not enough to show that an existing system, however prominent, is insecure. Nor is it enough to propose a new cryptosystem or formal security model with nice mathematical properties, but with no concrete experience of how it would be used to build systems more securely. Examples of topics that are in scope include: how a development library, tool, or process can produce systems resilient to certain attacks; how a formal foundation can underpin a language, tool, or testing strategy that improves security; techniques that drastically improve the scalability of security solutions for practical deployment; and experience, designs, or applications showing how to apply cryptographic techniques effectively to secure systems.
SecDev provides an integrated forum for researchers and practitioners to share their experiences. It aims at bridging the gap between constructive security research and the practice and enabling real-world impact in the long run.
Submit your papers here: https://secdev18.hotcrp.com
Papers must be submitted using the two-column IEEE Proceedings style: http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
All submissions of research papers, best practices papers, and practitioners session abstracts have to be anonymized. Tutorial abstracts are not anonymized and must show the authors’ names and affiliations.
Submissions must be one of the four categories:
- Research papers, up to 8 pages. These must be well-argued and worthy of publication and citation, on the topics above. The research papers must present new work or ideas. Position papers with exceptional visions will also be considered. Authors of accepted papers will present their work at the conference (likely in a 30-minute slot) and their papers will appear in the conference’s formal IEEE proceedings.
- Best Practices (BP) papers, up to 10 pages. Suitable papers are those that provide an integration and clarification of ideas on an established, major research area, support or challenge long-held beliefs in such an area with compelling evidence, or present a convincing, comprehensive new taxonomy of some aspect of secure development. Such a paper would be marked with the prefix “BP:” in the title, and would need to provide new insights, although it could draw upon prior work. Authors of accepted papers will present their work at the conference (likely in a 30-minute slot) and their papers will appear in the conference’s formal IEEE proceedings.
- Tutorial proposals. Tutorials should aim to be either 90 minutes or 180 minutes long. We strongly encourage tutorials to have hands-on components and audience interactions. We do not recommend simply slide presentations. Tutorial proposals should be 2 pages and cover (a) the topic; (b) a summary of the tutorial format with possible pointers to relevant materials; (c) the expected audience and expected learning outcomes; (d) prior tutorials or talks on similar topics by the authors (and audience size), if any. Accepted tutorials may provide an abstract that will appear in the conference’s formal IEEE proceedings. Tutorials will occur on the first day of the conference and will be included as part of the conference registration. Note that if an accepted tutorial requires special materials or environments for the hands-on participation, we expect the authors to provide necessary preparation instructions for the attendees.
- Practitioners session abstracts, up to one page. The abstracts will be lightly reviewed. We strongly encourage practitioners from the industry and government to submit, to share their security experiences and insights, challenges and obstacles encountered. Authors of accepted abstracts will be invited to give a short talk during the practitioners sessions at the conference. The abstracts will be included in the conference’s IEEE proceedings. The submission of Practitioners Session Abstracts (anonymized) will begin in June.
The page limits (8 pages for research papers, 10 for BPs, and 2 for tutorials) include the references, i.e., total lengths of the paper.
SecDev also seeks poster submissions. See the Call for Posters. The submission of Posters (anonymized) will begin in August.
If you have any questions submissions, send an email to firstname.lastname@example.org.
|Paper and tutorial submission (extended):||11:59 PM, March 12, 2018 PST|
|Paper and tutorial notification:||May 15, 2018|
|Practitioners session abstract submission:||July 20, 2018 [FIRM]|
|Practitioners session notification:||August 3, 2018|
|Camera-ready versions due:||TBA|
|Conference:||Sept. 30 – Oct. 2, 2018|