USENIX Security '23 Submission Policies and Instructions

USENIX Security '23 is SOLD OUT.

Please do not plan to walk into the venue and register on site.
The event has reached maximum physical capacity, and we will not be able to accommodate any additional registrations.

Submission Policies

Important: The USENIX Security Symposium moved to multiple submission deadlines in 2019 and included changes to the review process and submission policies. Detailed information is available at USENIX Security Publication Model Changes.

USENIX Security '23 submissions deadlines are as follows:

  • Summer Deadline: Tuesday, June 7, 2022, 11:59 pm AoE
  • Fall Deadline: Tuesday, October 11, 2022, 11:59 pm AoE
  • Winter Deadline: Tuesday, February 7, 2023, 11:59 pm AoE

All papers that are accepted by the end of the winter submission reviewing cycle (February–June 2023) will appear in the proceedings for USENIX Security '23. All submissions will be made online via their respective web forms: Summer Deadline, Fall Deadline, Winter Deadline. We do not accept email submissions.

Submissions should be finished, complete papers. We may reject papers without review that have severe editorial problems (broken references, egregious spelling or grammar errors, missing figures, etc.), are submitted in violation of the Submission Instructions outlined below, are outside of the scope of the symposium, or are deemed clearly of insufficient quality to appear in the program.

All paper submissions, including revisions for "Accept Conditional on Major Revision" decisions, should be at most 13 typeset pages, excluding bibliography and well-marked appendices. These appendices may be included to assist reviewers who may have questions that fall outside the stated contribution of the paper on which your work is to be evaluated, or to provide details that would only be of interest to a small minority of readers. There is no limit on the length of the bibliography and appendices but reviewers are not required to read any appendices. The paper should be self-contained without appendices. Once accepted, papers must be reformatted to fit in 18 pages, including the bibliography and any appendices.

Papers should be typeset on U.S. letter-sized pages in two-column format in 10-point Times Roman type on 12-point leading (single-spaced), in a text block 7" x 9" deep. Authors are encouraged to make use of USENIX's LaTeX template and style files when preparing your paper for submission. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Papers should not attempt to "squeeze space" by exploiting underspecified formatting criteria (e.g., columns) or through manipulating other document properties (e.g., page layout, spacing, fonts, figures and tables, headings). Papers that, in the chair's assessment, make use of these techniques to receive an unfair advantage, will be rejected, even if they comply with the above specifications. We offer several examples of observed techniques that have or could lead to rejection. Authors should seek to meet page limits through the modification of content alone. Any other techniques (whether appearing in these examples or not) may result in rejection.

Please make sure your paper successfully returns from the PDF checker (visible upon PDF submission) and that document properties, such as font size and margins, can be verified via PDF editing tools such as Adobe Acrobat. Papers where the chairs can not verify compliance with the CFP will be rejected.

Prepublication of Papers

Prepublication versions of papers accepted for USENIX Security '23 will be published and open and accessible to everyone without restrictions on the following dates:

  • Summer Deadline: Tuesday, November 8, 2022
  • Fall Deadline: Tuesday, April 4, 2023
  • Winter Deadline: TBD (final papers will be published with the full conference proceedings)

Embargo Requests

Authors may request an embargo for their papers by the deadline dates listed below. All embargoed papers will be released on the first day of the conference, Wednesday, August 9, 2023.

  • Summer Deadline: Tuesday, November 1, 2022
  • Fall Deadline: Tuesday, March 28, 2023
  • Winter Deadline: Tuesday, July 11, 2023

Conflicts of Interest

The program co-chairs require cooperation from both authors and program committee members to prevent submissions from being evaluated by reviewers who have a conflict of interest. During the submission process, we will ask authors to identify members of the program committee with whom they share a conflict of interest. This includes: (1) anyone who shares an institutional affiliation with an author at the time of submission (including secondary affiliations and consulting work), (2) anyone who was the advisor or advisee of an author at any time in the past, (3) anyone the author has collaborated or published with in the prior two years, (4) anyone who is affiliated with a party that funds your research, or (5) close personal relationships. For other forms of conflict, authors must contact the chairs and explain the perceived conflict. In addition to selecting program committee conflicts when submitting, we recommend that all authors ensure they have up-to-date HotCRP profiles listing all known conflicts.

Program committee members who are conflicts of interest with a paper, including program co-chairs, will be excluded from both online and in-person evaluation and discussion of the paper by default.

Final versions of accepted submissions should include all sources of funding in an acknowledgments section. Authors should also disclose any affiliations, interests, or other facts that might be relevant to readers seeking to interpret the work and its implications. Authors may wish to consider the 2023 IEEE S&P Financial Conflicts Policy for examples.

Early Rejection Notification

The review process will consist of several reviewing rounds. In order to allow authors time to improve their work and submit to other venues, authors of submissions for which there is a consensus on rejection will be notified earlier.

Author Responses

Authors of papers that have not been rejected early will have an opportunity to respond to an initial round of reviews. We encourage authors to focus on questions posed by reviewers and significant factual corrections. Once reviews are released to authors for rebuttal, we will not process requests to withdraw the paper and the paper will be viewed as under submission until the end of the cycle.

Anonymous Submission

The review process will be anonymous. Papers must be submitted in a form suitable for anonymous review:

  • The title page should not contain any author names or affiliations.
  • Authors should carefully review figures and appendices (especially survey instruments) to ensure affiliations are not accidentally included.
  • When referring to your previous work, do so in the third person, as though it were written by someone else. Anonymous references are only allowed in the (unusual) case that a third-person reference is infeasible, and after approval of the chairs.
  • Authors may include links to websites that contain source code, tools, or other supplemental material. Neither the link in the paper nor the website itself should suggest the authors’ identities (e.g., the website should not contain the authors' names or affiliations).
  • Authors should carefully check any submitted prior reviews for identifying details.

Papers that are not properly anonymized may be rejected without review.

While submitted papers must be anonymous, authors may choose to give talks about their work, post a preprint of the paper online, disclose security vulnerabilities to vendors or the public, etc. during the review process.

Internet Defense Prize

The Internet Defense Prize recognizes and rewards research that meaningfully makes the internet more secure. Created in 2014, the award is funded by Meta and offered in partnership with USENIX to celebrate contributions to the protection and defense of the internet. Successful recipients of the Internet Defense Prize will provide a working prototype that demonstrates significant contributions to the security of the internet, particularly in the areas of prevention and defense. This award is meant to recognize the direction of the research and not necessarily its progress to date. The intent of the award is to inspire researchers to focus on high-impact areas of research. The USENIX Security Awards Committee—selected by the Program Chairs among the symposium Program Committee members—independently determines the prize, to be distributed by USENIX.

You may submit your USENIX Security '23 paper submission for consideration for the Prize as part of the regular submission process.

Ethical Considerations and Proactive Harm Prevention

We expect authors to carefully consider and address the potential harms associated with carrying out their research, as well as the potential negative consequences that could stem from publishing their work. Failure to do so may result in rejection of a submission regardless of its quality and scientific value.

Although causing harm is sometimes a necessary and legitimate aspect of scientific research in computer security and privacy, authors are expected to document how they have addressed and mitigated the risks. This includes, but is not limited to, considering the impact of your research on deployed systems, understanding the costs your research imposes on others, safely and appropriately collecting data, and following responsible disclosure. In particular, if the submission deals with vulnerabilities (e.g., software vulnerabilities in a given program or design weaknesses in a hardware system), the authors need to discuss in detail the steps they have already taken or plan to take to address these vulnerabilities (e.g., by disclosing vulnerabilities to the vendors).

Papers should include a clear statement about why the benefit of the research outweighs the harms, and how the authors have taken measures and followed best practices to ensure safety and minimize the potential harms caused by their research.

Due to the complexity of today's computing systems, humans can be harmed directly or indirectly in unexpected ways (see The Menlo Report). If the submitted research has potential to cause harm, and authors have access to an Institutional Review Board (IRB), we encourage authors to consult this IRB and document its response and recommendations in the paper. We note, however, that IRBs are not expected to understand computer security research well or to know about best practices and community norms in our field, so IRB approval does not absolve researchers from considering ethical aspects of their work. In particular, IRB approval is not sufficient to guarantee that the PC will not have additional concerns with respect to harms associated with the research.

Contact the program co-chairs at sec23chairs@usenix.org if you have any questions.

Reviews from Prior Submissions

For papers that were previously submitted to, and rejected from, a conference (including USENIX Security), authors are required to submit a separate document containing the prior reviews along with a description of how those reviews were addressed in the current version of the paper. Authors are only required to include reviews from the last time the paper was submitted, but may add more if they consider it relevant for the reviewers. This includes withdrawn papers if reviews were received. Reviewers will submit their initial reviews prior to becoming aware of previous reviews and summaries of changes to avoid being biased in formulating their own opinions; once their initial reviews are submitted, however, reviewers will be given the opportunity to update their thoughts based on the submission history of the paper. Authors who try to circumvent this rule (e.g., by changing the title of the paper without significantly changing the content) may have their papers rejected without further consideration, at the discretion of the PC chairs.

Submission Instructions

All submissions will be made online via their respective web forms. Do not email submissions. Submissions must be in PDF format. LaTeX users can use the "pdflatex" command to convert a LaTeX document into PDF format. Please make sure your submission can be opened using Adobe Reader. Please also make sure your submission, and all embedded figures, are intelligible when printed in grayscale.

For revisions of submissions receiving “Accept Conditional on Major Revision” decisions during one of the USENIX Security '23 submission periods, authors who revise their papers must submit a separate PDF that includes the verbatim revision criteria, a list of changes to the paper, and a statement of how the changes address the criteria. The authors must also submit as part of the PDF a "PDF 'diff'" to assist the shepherd in identifying your modifications. Ideally this would be a latexdiff-like document. However, if papers have gone through major changes that would make the diff unreadable, authors are free to provide another format that helps the shepherd to identify changes efficiently.

For resubmissions of “Major Revisions” from USENIX Security '22, please look at USENIX Security '22 Submission Policies and Instructions for requirements.

For papers that were previously submitted to, and rejected from, another conference, the required document (see Reviews from Prior Submissions above) should be submitted as a PDF file using the "Prior Reviews" field in the submission forms, not via an appendix.

All submissions will be judged on originality, relevance, correctness, and clarity. In addition to citing relevant published work, authors should relate their submission to any other relevant submissions of theirs in other venues that are under review at the same time as their submission to the Symposium. These citations to simultaneously submitted papers should be anonymized; non-anonymous versions of these citations must, however, be emailed to the program co-chairs at sec23chairs@usenix.org.

Simultaneous submission of the same work to multiple venues, submission of previously published work, or plagiarism constitutes dishonesty or fraud. Failure to point out and explain overlap will be grounds for rejection. USENIX, like other scientific and technical conferences and journals, prohibits these practices and may take action against authors who have committed them. See the USENIX Conference Submissions Policy for details.

Note that under the changes to the USENIX Security publication model, papers that have received a decision of “Accept Conditional on Major Revision” from USENIX Security are still considered to be under review until accepted or rejected by the reviewers; authors must formally withdraw their paper if they wish to submit to another venue. See USENIX Security Publication Model Changes for details. For submissions that received Reject decisions from USENIX Security '22, resubmissions must follow the rules laid out for when they can be resubmitted.

Questions? Contact your program co-chairs, sec23chairs@usenix.org, or the USENIX office, submissionspolicy@usenix.org.

The program committee and external reviewers are required to treat all submissions as confidential. However, the program co-chairs or designated committee members may share submissions outside the program committee to allow chairs of other conferences to identify dual submissions.

Papers that do not comply with the submission requirements, including length and anonymity, that do not comply with resubmission policies, or that do not have a clear application to security or privacy may be rejected without review. Papers accompanied by nondisclosure agreement forms will not be considered.

All papers will be available online before the symposium. If your accepted paper should not be published prior to the event, please notify production@usenix.org after you submit your final paper. See the Embargo Requests section for deadlines.

Specific questions about submissions may be sent to the program co-chairs at sec23chairs@usenix.org. The chairs will respond to individual questions about the submission process if contacted at least a week before the submission deadline.

Go to Call for Papers.