Call For Papers: Special Issue on Language Translation for Security

Submission deadline: 31 March 2026

Publication: Sept/Oct 2026

"The most dangerous phrase in the language is: 'We've always done it this way.'"  -  Grace Hopper

For decades, critical software systems have been built in memory unsafe languages such as C and C++. These languages remain deeply embedded in operating systems, communication stacks, cryptographic libraries, and safety-critical applications. Although the risks of undefined behavior, memory corruption, and other low-level vulnerabilities are well known, large legacy code bases and ecosystem inertia have made wholesale rewrites impractical.

Recent advances in safe programming languages, language technologies, and AI have opened a promising new direction: automated or semi-automated translation of unsafe code into safer languages with strong guarantees, such as Rust. These efforts draw on a broad range of techniques including static analysis, formal methods, program synthesis, dynamic analysis, and, increasingly, large language models (LLMs). At the same time, there is growing recognition that secure translation must not only preserve functionality but also strengthen security properties and produce code that is idiomatic, maintainable, and suitable for long-term evolution.

Although language translation has been explored for decades—for example, IBM’s Cobol to Java modernization work more than 25 years ago—the urgent need to move away from memory unsafe languages, now reflected even in high-level policy directives, combined with major advances in safe languages (such as Rust and Go) and in LLM technologies, has created a new tipping point for research. This shift is exemplified most clearly by the DARPA TRACTOR program, which is driving large-scale translation of C codebases to Rust.

This special issue of IEEE Security & Privacy aims to highlight recent advances in language translation for security, with an emphasis on practical solutions and evaluation.

Topics of interest include, but are not limited to:

• Translation of C/C++ and other unsafe languages to safer languages (for example, Rust, Go, SPARK Ada, or other high-assurance languages)
• Static analysis-based translation techniques, including type inference, alias analysis, and control/data flow reasoning for safe refactoring
• LLM-based or learning assisted translation of legacy code, including prompt design, fine tuning, and safety centric rewriting
• Hybrid approaches that combine static analysis, formal methods, synthesis, LLMs, and developer guidance
• Dynamic analyses for validating translated code, including regression testing, fuzzing, and runtime monitoring
• Metrics and evaluation of translated code for functionality, security, performance, readability, idiomaticity, and maintainability
• Techniques for transforming unsafe features (for example, manual memory management, raw pointers, unchecked concurrency) into safe abstractions
• Verification and validation of semantic preservation and security improvement in translated code
• Formal and semi-formal frameworks for reasoning about safety, concurrency, and equivalence
• Tool chains, frameworks, or infrastructure that support secure language translation at scale
• Empirical studies, case studies, and industrial experiences with language translation for security
• Challenges and opportunities in deploying translated code in operational systems and long-lived software ecosystems

Note that the special issue seeks to focus on solutions rather than attacks. In addition to full papers, opinion and “Viewpoint” pieces are welcome.

Submission Instructions:

For author information and guidelines on submission criteria, please visit the Author Information page. As stated in the Author Information, peer-reviewed articles should run between 4,900 to 7,200 words, including all main body, abstract, keyword, bibliography, biography, and table text. The word count should include 250 words for each table and figure. There should be no more than 15 references. The abstract word limit is 50 words. Please submit full papers through the IEEE Author Portal system,  and be sure to select the special-issue or special-section name. Manuscripts should not be published or currently submitted for publication elsewhere. Please submit only full papers intended for review, not abstracts, to the IEEE Author Portal. All submitted manuscripts will undergo a single-anonymous peer review.

Viewpoint pieces should contain no more than 2000 words. The title should start with the type of submission, for example, “A viewpoint on …”. There should be no more than 10 references. These submissions should be converted to PDF and emailed to the guest editors at sp5-26@computer.org by the submission deadline.

In addition to submitting your paper to IEEE Security & Privacy, you are also encouraged to upload the data related to your paper to IEEE DataPort. IEEE DataPort is IEEE's data platform that supports the storage and publishing of datasets while also providing access to thousands of research datasets. Uploading your dataset to IEEE DataPort will strengthen your paper and will support research reproducibility. Your paper and the dataset can be linked, providing a good opportunity for you to increase the number of citations you receive. Data can be uploaded to IEEE DataPort prior to submitting your paper or concurrent with the paper submission. Thank you!

Questions?

Contact the guest editor at sp5-26@computer.org.

Guest Editor

Hamed Okhravi, MIT Lincoln Laboratory, USA