CSF 2025: Call for Papers

The Computer Security Foundations Symposium (CSF) is an annual conference for researchers in computer security. CSF seeks papers on foundational aspects of computer security, such as formal security models, relationships between security properties and defenses, principled techniques and tools for design and rigorous analysis of security mechanisms, as well as their application to practice.

CSF 2025 continues to have rolling deadlines, inviting submissions three times a year: Spring, Fall, and Winter.

Topics

New results in security and privacy are welcome. We also encourage challenge/vision papers, which may describe open questions and raise fundamental concerns about security and privacy. Possible topics for all papers include, but are not limited to:

• access control
• accountability
• anonymity
• attack models
• authentication
• blockchains and smart contracts
• cloud security
• cryptography
• data provenance
• data and system integrity
• database security
• decidability and complexity
• decision theory
• distributed systems security
• electronic voting
• embedded systems security
• forensics
• formal methods and verification
• hardware-based security
• information flow control
• intrusion detection
• language-based security
• mobile security
• network security
• privacy
• security and privacy aspects of machine learning
• security and privacy for the Internet of Things
• security architecture
• security metrics
• security policies
• security protocols
• software security
• socio-technical security
• trust management
• usable security
• web security
• SoK papers: Systematization of Knowledge Papers

Important Dates (AoE - UTC-12h)

• Spring cycle paper submission: May 28, 2024
• Spring cycle author notification: July 30, 2024
• Fall cycle paper submission: October 1, 2024
• Fall cycle author notification: December 3, 2024
• Winter cycle paper submission: February 4, 2025
• Winter cycle author notification: April 8, 2025
• CSF Symposium: June 16-20, 2025

Submission Instructions

• Submitted papers must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with published proceedings.
• Papers must be submitted using the two-column IEEE Proceedings style available at the IEEE Conference Publishing Services page.
• All papers should be at most 12 pages long, not counting bibliography and well-marked appendices.
• Anonymized supplementary material such as proof scripts can be uploaded as a tar ball on the submission site.
• Papers failing to adhere to these instructions will be rejected without consideration of their merits.
• At least one coauthor of each accepted paper is required to attend CSF to present the paper. Exceptions can be made for visa difficulties.
• CSF 2025 will employ double-blind reviewing. Submitted papers must:
  • Omit any reference to the authors’ names or the names of their institutions.
  • Reference the authors’ own related work in the third person (e.g., not "We build on our previous work…" but rather "We build on the work of …").
• Submissions should be made via the submission server: https://hotcrp.csf2025.ieee-security.org/

Ethics

We expect authors to carefully consider and address the potential harms associated with carrying out the research, as well as the potential negative consequences that could stem from publishing their work. Failure to do so will result in summary rejection of a submission regardless of its quality and scientific value.

Authors are expected to document how they have addressed and mitigated the risks, including considering the impact of their research on deployed systems, understanding costs and risks, safely collecting data, and following responsible disclosure. If the submitted research has the potential to cause harm, the paper should include a clear statement about why the benefit of the research outweighs the harms, and how the authors have taken measures to ensure safety and minimize harms.

If the submitted research has potential to cause harm and authors have access to an Institutional Review Board (IRB), we expect that this IRB is consulted and its approval and recommendations are documented in the paper. IRB approval does not absolve researchers from considering ethical aspects of their work.

We encourage authors to consult with existing documentation, e.g., "Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them" or the Menlo Report and existing Safety consultation entities, e.g., the Tor Safety Research Board.

Decisions and Revisions

• The outcome of the review process can be accept, reject, or major revision.
• Papers with a "major revision" decision must be re-submitted within the following two cycles, accompanied by a writeup explaining how the revision meets reviewers’ requirements. These papers may use 16 pages.
• Rejected papers can be re-submitted at any time. If re-submitted within 11 months of the last deadline, previous reviews and an explanation must be submitted as supplementary material.

Contact

• Owen Arden
• Mohsen Lesani