Call for Papers: IEEE Secure Development Conference

7 - 10 October 2024 | Carnegie Mellon University Software Engineering Institute Pittsburgh, PA
Share this on:
Submissions Due: 14 May 2024 

Important Dates

    • Paper and Tutorial​ ​Deadline: 14 May 2024 
    • Conference: 7-10 October​ ​2024

About IEEE Secure Development Conference

SecDev​ ​is​ ​a​ ​venue​ ​for​ ​presenting​ ​ideas,​ ​research,​ ​and​ ​experience​ ​about​ ​how​ ​to​ ​develop​ ​secure systems. It focuses on theory,​ ​techniques,​ ​and​ ​tools​ ​to ​“build​ ​security​ ​in” to​ ​existing​ ​and​ ​new​ ​computing​ ​systems, and does not focus on simply discovering​ ​the​ ​absence​ ​of​ ​security.​

The​ ​goal of SecDev​ ​is​ ​to encourage​ ​and​ ​disseminate​ ​ideas​ ​for​ ​secure​ ​system​ ​development​ ​among​ ​academia,​ ​industry, and​ ​government.​ ​It​ ​aims​ ​to bridge ​the​ ​gap​ ​between​ ​constructive​ ​security​ ​research​ ​and​ ​practice and​ to ​enable​ ​the real-world​ ​impact​ ​of security research in​ ​the​ ​long​ ​run. ​Developers​ ​have​ ​valuable​ ​experiences​ ​and​ ​ideas​ ​that​ ​can​ ​inform​ ​academic research,​ ​and​ ​researchers​ ​have​ ​concepts,​ ​studies,​ ​and​ ​even​ ​code​ ​and​ ​tools​ ​that​ ​could​ ​benefit developers.​ ​Great​ ​SecDev​ ​contributions​ ​could​ ​come​ ​from​ ​attendees​ ​of​ ​industrial​ ​conferences like​ ​AppSec and​ ​RSA;​ ​from​ ​attendees​ ​of​ ​academic​ ​conferences​ ​like IEEE​ ​S&P,​ ​IEEE​ ​CSF,​ ​USENIX​ ​Security, CCS, ​​NDSS, PLDI,​ ICSE, ​FSE,​ ​ISSTA,​ ​SOUPS, HOST,​ ​and​ ​others;​ ​and​ ​from newcomers.

Call For Research Papers and Tutorials

We solicit research and experience papers on a broad range of topics relating to secure systems development. Examples of topics that are in scope include: development libraries, tools, or processes to produce systems resilient to certain attacks; formal foundations that underpin a language, tool, or testing strategy that improves security; techniques that drastically improve the scalability of security solutions for practical deployment; and experience, designs, or applications showing how to apply cryptographic techniques effectively to secure systems.

​SecDev also ​seeks hands-on​ ​and​ ​interactive tutorials​ ​on​ ​processes,​ ​frameworks,​ ​languages,​ ​and​ ​tools​ ​for​ ​building security​ ​in.​ ​The​ ​goal​ ​is​ ​to​ ​share​ ​knowledge​ ​on​ ​the​ ​art​ ​and​ ​science​ ​of​ ​secure​ ​systems development.​

SecDev also has calls for other types of contributions such as posters and tool demos, and abstracts from practitioners. Information on these solicitations are available on the SecDev website.

Areas of interest include (but are not limited to):

  • Security/resiliency-focused​ ​system​ ​designs​ ​(HW/SW/architecture)
  • Tools​ ​and​ ​methodology​ ​for​ ​secure​ ​code​ ​development
  • Risk​ ​management​ ​and​ ​testing​ ​strategies​ ​to​ ​improve​ ​security
  • Security​ ​engineering​ ​processes,​ ​from​ ​requirements​ ​to​ ​maintenance
  • Security benchmarks
  • Comparative experimental evaluation
  • From research to practice – gaps and transitions
  • Programming​ ​languages,​ ​development​ ​tools,​ ​and​ ​ecosystems​ ​supporting​ ​security
  • Static​ ​program​ ​analysis​ ​for​ ​software​ ​security
  • Dynamic​ ​analysis​ ​and​ ​runtime​ ​approaches​ ​for​ ​software​ ​security
  • Automation​ ​of​ ​programming,​ ​deployment,​ ​and​ ​maintenance​ ​tasks​ ​for​ ​security
  • Software ecosystem and software supply chain security
  • Distributed​ ​systems​ ​design​ ​and​ ​implementation​ ​for​ ​security
  • Privacy by design
  • Human-centered​ ​design​ ​for​ ​systems​ ​security
  • Formal​ ​verification​ ​and​ ​other​ ​high-assurance​ ​methods​ ​for​ ​security
  • Code​ ​reviews,​ ​red​ ​teams,​ ​and​ ​other​ ​human-centered​ ​assurance

Submission Guidelines

Note that SecDev is an in-person conference. Hence, for authors of all accepted papers and tutorials, we expect them to register for, and attend the conference in person. Thus, if you can foresee that this will be problematic for you, please do not submit. In-person attendance is mandatory.

Submission​ ​Info

Submissions​ ​must​ ​be​ ​one​ ​of​ ​three ​categories:

  • Long (up to 10 pages), or Short (up to 6 pagesResearch Papers​, excluding references and well-marked appendices. These must be well-argued and worthy of publication and citation, on the topics above. Research papers must present new work, evidence, or ideas. Position papers with exceptional visions will also be considered.

 

  • Long (up to 10 pages), or Short (up to 6 pages, may be shorter) Experience Papers​, excluding references and well-marked appendices. These submissions should be reporting experience on the application of some tool(s) or methodology in a non-trivial setting. Papers in this category must include a discussion on the positive/negative results and the lessons learned. Authors of accepted Research/Experience papers will present their work at the conference (e.g., in a 30-minute slot) and their papers will appear in the conference’s formal IEEE proceedings. To improve the fairness of the reviewing process, SecDev will follow a light-weight double-blind reviewing process. Submitted papers must (a) omit any reference to the authors’ names or the names of their institutions, and (b) reference the authors’ own related work in the third person (e.g., not “We build on our previous work …” but rather “We build on the work of …”). Nothing should be done in the name of anonymity that weakens the submission or makes the job of reviewing the paper more difficult (e.g., important background references should not be omitted or anonymized). Please see the double-blind FAQ for the answers to many common concerns about SecDev’s double-blind reviewing process. When in doubt, contact the program chairs.

 

  • Tutorial​ ​proposals, up to 2 pages and cover (a) the topic; (b) a summary of the tutorial format highlighting hands-on aspects and possibly pointers to relevant materials; (c) the expected audience and expected learning outcomes; (d) prior tutorials or talks on similar topics by the authors (and audience size), if any. The title of the submission should be prefixed with “Tutorial:”. Tutorial proposals do not need to be anonymized. Accepted tutorials should aim to be either 90 minutes or 180 minutes long. We strongly encourage tutorials to have hands-on components and audience interactions. We do not recommend simply slide presentations. Accepted tutorials may have their two-page abstract appear in the conference’s formal IEEE proceedings. Tutorials will occur on the first day of the conference (Tuesday, October 8). Note that if an accepted tutorial requires special materials or environments for hands-on participation, we expect the authors to provide necessary preparation instructions for the attendees.

 

At least one author of each accepted paper and tutorial must register for the conference and present the paper/tutorial. We​ ​are​ ​devoted​ ​to​ ​seeking​ ​broad​ ​representation​ ​in​ ​the​ ​program​ ​and​ ​may​ ​take​ ​this​ ​into​ ​account when​ ​reviewing​ ​multiple​ ​submissions​ ​from​ ​the​ ​same​ ​authors.​If​ ​you​ ​have​ ​any​ ​questions​,​ please​ ​email​ ​​secdev24-pc@ieee.org.