ACSAC is an internationally recognized forum where practitioners, researchers, and developers in information system security meet to learn and to exchange practical ideas and experiences. If you are developing practical solutions to problems related to the protection of users, commercial enterprises, or countries\’ information infrastructures, consider submitting your work to the Annual Computer Security Applications Conference.
We solicit submissions that address the application of security technology, the implementation of systems, and the discussion of lessons learned. While we are interested in a variety of topics, we especially encourage submissions in the area of our Hard Topic Theme, Deployable and Impactful Security.
Technical Track, peer-reviewed papers on new work, deadline June 8, 2019, 11:59pm Anywhere, notification Aug. 23, 2019
Case Studies, real-world security application reports, deadline June 8, 2019, notification Aug. 23, 2019
Panels, interactive expert panels, deadline June 8, 2019, notification Aug. 23, 2019
Training Workshops, in-depth training on new and emerging security topics, deadline June 8, 2019, notification July 19, 2019
Workshops, 1-2 day sessions on hot topics, deadline June 8, 2019, notification Aug. 23, 2019
Posters, new and innovative preliminary work, Aug. 1 to Nov. 15, 2019, rolling notification
Works in Progress, short works-in-progress reports, deadline Sept. 1, 2019, notification Sept. 15, 2019
Conferenceships, student grant requests, deadline Sept. 1, 2019, notification Oct. 15, 2019
TECHNICAL TRACK PAPER SUBMISSIONS
Guofei Gu, Texas A&M University (Program Chair)
Danfeng (Daphne) Yao, Virginia Tech (Program Co-Chair)
We solicit papers offering novel contributions in any aspect of applied security. Papers are encouraged on results that have been demonstrated to be useful for improving information systems security and that address lessons learned from the actual application. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Please ensure that your submission is a PDF file of a maximum of 10 pages, excluding well-marked references and appendices limited to 5 pages. Committee members are not required to read the appendices. Submissions must be generated using the ACM acmart template available at https://www.acm.org/publications/proceedings-template, using the [sigconf, anonymous] options. Submissions should not use older ACM templates (e.g., sig-alternate).
All submissions must be anonymous (i.e., papers should not contain author names or affiliations, or obvious citations). In the rare case that citing previous work in the 3rd person is impossible, blind the reference and notify the PC Chair. Submissions violating any of the above constraints, e.g., going beyond the page limit, moving to Appendices content that belongs in the main body, or failing to properly anonymize, risk rejection without consideration of their merits.
Submissions are to be made using the HotCRP system. Only PDF files will be accepted and papers must be submitted by the deadline listed on the conference website. Papers will be reviewed in two consecutive rounds, and early-reject notifications will be sent to authors after the first round, if a paper has received only strongly negative reviews. Appeals based on factual disagreements may be submitted to the Program Chairs, who may appoint an independent reviewer to decide the appeal. In any case, papers cannot be re-submitted elsewhere until the authors are notified of acceptance or rejection, early or final, and until any appeal has been resolved.
All authors of accepted papers must guarantee that their papers will be presented at the conference. In case the authors encounter problems to obtain a VISA to participate in the conference, they are encouraged to contact the Program Chairs as soon as possible to discuss possible solutions.
HARD TOPIC THEME: DEPLOYABLE AND IMPACTFUL SECURITY
This year\’s hard topic theme solicits research results and technologies that are more practical and applied, and can be potentially deployed, where they can have a direct impact on improving the quality of cybersecurity in real-world systems. Deployable and impactful security generally involves the design and development of defensive solutions, rather than simply expose weaknesses and vulnerabilities. While ACSAC has always solicited work on applied security, by having it as a hard topic theme we hope to put greater emphasis on deployability and impactfulness.
Deployable and impactful security needs to address key real-world challenges, which may include accuracy, runtime overhead, ground-truth labeling, human aspects, usability, and energy consumption. Deployable and impactful security does not necessarily mean building a complete system, which may not be realistic, particularly in an academic environment. However, the work needs to identify key deployment challenges, explain the deficiencies in state-of-the-art solutions, and experimentally demonstrate the effectiveness of the proposed approaches and (potential) impact to the real world. The work may involve prototyping, testing, and evaluation, in testbeds or real-world pilots, possibly with operational data. Having the deployability and impactfulness goal motivates one to focus on solving the most critical real-world challenges, which may otherwise be ignored by the fast-moving research community.
Security research is often criticized for the poor reproducibility of its results. Unfortunately, authors seldom release the software they develop and the datasets they use to perform their experiments. This makes it difficult to compare different solutions and force other researchers to undergo the tedious and error-prone task of re-implementing previous approaches and to compare solutions on different datasets, which may not be a fair comparison.
To help improve this situation, ACSAC encourages authors of accepted papers to submit software and data artifacts and make them publicly available to the entire community. These artifacts are not part of the paper evaluation. Their submission is strictly optional and occurs only after a paper has been accepted – to prevent any influence on the decision process. Authors who decide to participate in this program will interact with a special committee dedicated to verifying the submitted artifacts (e.g., to test that source code compiles and runs correctly, or that datasets content match their description). Authors can decide what they want to submit (software, data, or both) and the verification procedure will take place in parallel with the preparation of the camera-ready version of the paper. The authors of the submitted artifacts need to commit to keeping them available online on a publicly accessible website for a minimum period of three months between October and December 2020.
We believe that this is an important initiative that can help the entire community increase its reputation, and make research in the security field proceeds faster by taking advantage of systems previously built by other researchers. Therefore we plan to reward authors who participate in this program with a special mention during the conference and on the ACSAC webpage, a stamp of reproducibility on their papers, and (if enough authors participate to the program) by reserving a Distinguished Paper Award for this group.
CASE STUDIES IN APPLIED SECURITY
Larry Wagoner, NSA (Case Studies Co-Chair)
Randy Smith, Boeing (Case Studies Co-Chair)
The Case Studies in Applied Security Track is a critical part of the technical conference. It is an opportunity for professionals to share information that is current without writing a detailed technical paper, but enables attendees to learn about the next generation of products and solutions. It is open to anyone in the community such as vendors, network providers, systems integrators, government civil/federal/military programs or users across the spectrum of computer security applications. Potentially this is where attendees can learn about client needs and vendors solutions. In keeping with this year\’s theme of \”Big Data for Security\”, we seek presentations where Big Data techniques and Emergent Properties of Data were leveraged to solve cybersecurity problems; both successful examples and lessons learned are encouraged. We also welcome broader submissions addressing solutions to current cybersecurity challenges. While the Case Studies will not be included in the Proceedings, the presentations will be posted to the ACSAC site following the conference.
Daniel Faigin, The Aerospace Corporation, USA. (Training Chair)
Training Workshops are a full day (6 hours) hands-on experience that combines traditional training segments with hands-on application of the material presented. The goal should be to have the formal instructional portions be no more than 50% of the overall experience. General cybersecurity training is available from a wide variety of in-person and online sources, so ACSAC courses must provide a unique spin and hands-on experience not easily available elsewhere. Instructors receive an honorarium and expenses. If you would like to indicate a topic you would like to see, you may do that as well; please suggest an instructor if you can.
NATIONAL INTEREST TRACK AND PANELS
Tomas Vagoun, NITRD (NIT Chair)
Charles Payne, Adventium Labs (Panels Chair)
Panels should encourage audience participation and focus on the sharp edges of a topic where there is controversy or where there are widely varying positions. Panels focused on a topic related to the conference theme are especially welcomed, but this is not a hard requirement; some additional topics are listed here. A typical panel proposal should list the moderator, three panel members and an abstract of the proposed topic. Full details are provided on the Panels webpage.
Harvey Rubinovitz, The MITRE Corporation (Workshops Chair)
ACSAC workshops are on up to date topics that attendees usually rate to provide a useful and exciting forum for information technology professionals (e.g., standards developers, software developers, security engineers, security officers) to exchange ideas, concerns, and opinions.
Adam Aviv, USNA (Poster Co-Chair)
Kevin Roundy, Symantec Research Labs (Poster Co-Chair)
The poster session provides an opportunity for researchers and practitioners to present their new and innovative preliminary work in an informal, interactive setting. Conference attendees can learn about novel on-going research projects that might not yet be complete, but whose preliminary results are already interesting. Poster presenters will have an opportunity to discuss their work and get invaluable feedback from knowledgeable sources at an early stage of their research.
WORKS IN PROGRESS
Adam Aviv, USNA (WiP Co-Chair)
Kevin Roundy, Symantec Research Labs (WiP Co-Chair)
The Works in Progress (WiP) session offers short presentations (5 minutes maximum) of ongoing work. These presentations highlight the most current work in both business and academia, emphasizing goals and value added, accomplishments to date, and future plans. Special consideration is given to topics that discuss real life security experience, including system implementation, deployment, and lessons learned.
STUDENT CONFERENCESHIP GRANTS
ACSAC offers conferenceships to enable students to attend the conference. This program will help pay for some of the cost to attend ACSAC. Additional information about this program is available on the Student Conferenceships page.
ACSAC does not accept \”speaking proposals\” per se, however; you are encouraged to submit suggestions in the form of a one paragraph description of a topic and a biography of the proposed presenter. Depending on a proposal\’s technical content, it may be acceptable as a case study. If a full paper is available, it may be acceptable as a technical paper. If a presentation by a group of related speakers is contemplated, a proposal for this session may be acceptable as a panel. If a proposal for a half day or full day seminar is appropriate, it may be acceptable as a professional development course. If a one or two page technical write-up is available that describes work that is not yet completed, it may be acceptable as a poster. Finally, if your have an interest in a full day interactive dialogue, exchanging ideas, opinions and concerns between multiple presenters and attendees, consider being a workshop presenter.
ABOUT THE SPONSOR
Applied Computer Security Associates (ACSA) had its genesis in the first Aerospace Computer Security Applications Conference in 1985. That conference was a success and evolved into the Annual Computer Security Applications Conference (ACSAC). Several years ago the word \”Aerospace\” was dropped from the name to promote a wider range of government and commercial applications. ACSA was incorporated in 1987 as a non-profit association of computer security professionals who have a common goal of improving the understanding, theory, and practice of computer security. ACSA continues to be the primary sponsor of the annual conference.
In 1989, ACSA began the Distinguished Lecture Series at the annual conference. Each year, an outstanding computer security professional is invited to present a lecture of current topical interest to the security community. In 1991, ACSA began a Best-Paper by a Student Award, presented at the Annual conference. This award is intended to encourage active student participation in the annual conference. The award-winning student author receives an honorarium and all expenses to the conference.
ACSA continues to be committed to serving the security community by finding additional approaches for encouraging and facilitating dialogue and technical interchange. ACSA is always interested in suggestions from interested professionals and computer security professional organizations on how to achieve these goals.