Skip to main content

Call for Papers

Paper Submissions: May 28 (23:59 Anywhere on Earth) — firm deadline
Early Rejection Notification: July 8
Authors Response Period: August 2-7 (tentative)
Acceptance Notification: August 19
Paper Artifacts Submission: Please refer to the Call for Paper Artifacts

Program Chair: Martina Lindorfer, TU Wien
Program Co-Chair: Gianluca Stringhini, Boston University
Artifacts Evaluation Co-Chair: Adwait Nadkarni, William & Mary
Artifacts Evaluation Co-Chair: Tobias Fiebig, MPI-INF

ACSAC solicits papers offering novel contributions in any aspect of applied security research. We encourage papers with results that are demonstrably useful for improving cybersecurity and that address lessons learned from practical applications. In particular, we encourage the submission of papers related to our hard topic theme: Security Applications of Generative AI. Submitted papers must not substantially overlap with papers that have been published elsewhere or that have been simultaneously submitted to another journal or conference with proceedings and are under review.

Make Submission

** New this year ** Reproduction and Replication (R+R) Papers: Security research is often criticized for the poor reproducibility of its results, a situation we aim to address through artifact evaluation. At the same time, reproduction and replication studies are often undervalued in academic publishing. Thus, in addition to regular papers and artifact evaluations, this year we are also soliciting studies that confirm, question, or clarify the results of previous research. These papers must contain the prefix “R+R:” in their title and check the corresponding option in the submission form.

We encourage submissions to follow the ACM guidelines on reproducibility (different team, same experimental setup, i.e., artifact re-use) and replicability (different team, different experimental setup, i.e., artifact re-implementation). Note, however, that submissions need to go beyond re-running the artifacts provided by the original paper(s) or re-implementing their approach. We are looking for submissions that not only replicate existing studies but also critically assess, clarify and extend their findings and limitations. This includes, but is not limited to, the verification of existing research results, ensuring their validity and reliability across different contexts, lessons learned when applying research results in real-world (industry) settings, and the adaption of artifacts to contemporary cybersecurity challenges.

Reproduction and replication papers will be held to the same scientific standards as original technical papers, will be reviewed by the full program committee, will appear in the proceedings, and will be presented at the conference as part of the technical program. We also particularly encourage these types of papers to provide their artifacts.

Review Process: Paper submissions will be judged based on novelty, relevance to the conference topics, technical correctness, quality of the evaluation, and presentation clarity. Papers will undergo a double-blind review process in two rounds. At the end of Round 1, papers for which a strong consensus towards rejection is reached will be notified of the early rejection decision, giving them the opportunity to improve their paper based on the reviewers’ feedback and to resubmit to other venues. Papers that advance to Round 2 will be assigned additional reviewers. At the end of Round 2, the authors of papers that advanced to this stage will have an opportunity to respond to the reviewers’ questions and comments. After the authors' response period, the papers will be further discussed by the Program Committee (PC) to reach a final decision.

Three outcomes are possible: Accepted, Minor Revision, and Rejected. The Minor Revision decision is reserved to papers that can be considered as conditionally accepted, assuming improvements required by the reviewers are made within the available revision time window and are approved by the PC. A PC member will be assigned as shepherd for Minor Revision papers, to guide the authors through the revision process and to lead the discussion on the revised paper among the reviewers. The revision requirements may include both presentation improvements and additional experiments that the PC believes are necessary to significantly improve the paper and that should be feasible within a limited time frame. While Minor Revision papers that do not meet the required changes may be rejected, the expectation is that most papers will be able to satisfy the required improvements and be finally accepted into the conference program. Both the author's responses and the discussions around revision requirements for Minor Revision papers will be handled anonymously, via the paper submission system.

Paper Artifacts: Authors of accepted papers are strongly encouraged to submit their software and data artifacts for formal evaluation by the Artifacts Evaluation Committee and to make them publicly available to the entire community. During submission, authors of papers whose main contributions and experimental results rely primarily on new or reproduced artifacts (e.g., code and/or data) should indicate whether they will separately submit their artifacts for evaluation, if their paper is accepted. This acknowledgement will be visible to the reviewers and may therefore be taken into consideration during the review process. Authors who have justifiable reasons to not submit their artifacts for evaluation (in case their paper is accepted) should add a comment in the corresponding comment box in the submission form. Additionally, during paper submission authors can optionally provide a URL pointing to a repository containing their paper artifacts. While artifacts will be formally evaluated only if the paper is accepted, as explained above, reviewers may also take into account the availability and quality of the paper artifacts during the main paper review process, before making a final decision (please refer to the paper submission form for additional details).

Important: When preparing the artifacts repository for inclusion in the paper submission form, please take extra care to not include authors’ information in the repository or artifacts content, so as not to break the anonymity of the paper submission. Additional information and recommendations on anonymizing the artifacts repository can be found here.

Ethical Considerations: Papers that might raise ethical concerns (e.g., papers that use human subjects, leverage potentially sensitive data, or describe experiments related to vulnerabilities in software or systems) must include an Ethical Considerations section that properly describes what procedures have been followed to minimize potential harm. Such papers should discuss the steps taken to avoid negatively affecting any third-parties, whether an institutional ethics committee reviewed the research, or how the authors plan to responsibly disclose the vulnerabilities to the appropriate software/system vendors or owners before publication.

Paper Format: Please ensure that your submission consists of a PDF file of no more than 10 double-column pages, excluding well-marked references and appendices limited to a maximum of 5 pages. The full PDF document must not exceed a total of 15 pages. Please note that PC members are not required to read the appendices and that page limits will be strictly enforced.

Papers must be appropriately anonymized to the dual anonymous review process. Author names and affiliations must not be included in the PDF submission. Authors can cite and refer to their own prior work, but must do so in the third person, as if it was written by someone else. In the rare case that citing previous work in the third person is not possible, please anonymize the reference and notify the Program Chairs.

Submission Process: Submissions must be generated using the double-column ACM format (see template available at using the [sigconf, anonymous] options. Submissions should not use older ACM templates (e.g., sig-alternate). All papers must be submitted exclusively through the ACSAC 2024 paper submission system. Note that paper title and abstract registration is not necessary ahead of the paper submission.

All formatting guidelines and constraints (e.g., page limits and anonymity) will be strictly enforced. Submissions not meeting these guidelines risk rejection without consideration of their merits.

Topics: The main topics of interest to ACSAC include, but are not limited to

  • Access Control, Assurance, Audit
  • Anonymity, Privacy
  • Application Security
  • Big Data for Security
  • Cloud and Virtualization Security
  • Cyber-Physical Systems, Embedded Systems, and IoT Security
  • Data Integrity and Protection
  • Denial of Service Attacks and Defenses
  • Deployable Trustworthy Systems
  • Digital Forensics
  • Distributed Systems Security
  • Enterprise Security Management and Incident Response
  • Hardware and Supply Chain Security
  • Identity Management
  • Intrusion Detection and Prevention
  • Machine Learning Security
  • Malware
  • Mobile/Wireless Security
  • Network Security
  • OS and Systems Security
  • Resilience
  • Security Applications of Generative AI (Hard Topic)
  • Software Security
  • Software-defined Programmable Security
  • Usability and Human-centered Security
  • Web Security

Diversity, Equity, and Inclusion

ACSAC is committed to supporting diversity, equity, and inclusion (DEI) in the cybersecurity community. Authors are encouraged to consider DEI issues as they prepare their submissions (e.g., keep in mind that Words Matter). For any suggestions, concerns, or complaints regarding DEI-related biases or harassment, we encourage you to reach out to the Conference Chairs. All communications regarding DEI will be treated as confidential. For more information on diversity and inclusion, please refer to ACM’s Welcoming All to Computing page.

What makes a good ACSAC paper?

We've gone through the papers submitted in recent years, and have collected a set of characteristics of good ACSAC papers. These should be read by anyone considering submitting a paper.

Do you have any other advice regarding writing papers?

Yes, they are enumerated here. This advice covers presentation, copyright issues, alternate places at ACSAC for your submission, and restrictions on submissions.

What awards are given for papers?

Accepted papers will be judged and ranked by the Program Committee. The best papers will be considered for the Distinguished Paper Award. In addition, the best papers whose artifacts are submitted for formal evaluation and are assigned a badge by the Artifacts Evaluation Committee will be considered for the Distinguished Paper with Artifacts Award.

Who is on the Program Committee?

The list of program committee members may be found here.

How do I submit a paper?

Please visit the paper submission website, register an account and follow the submission instructions.

How do I get more information?

For additional information regarding papers, please contact the Program Chairs.