The 28th ACM Conference on Computer and Communications Security (CCS) seeks submissions presenting novel contributions related to all real-world aspects of computer security and privacy. Theoretical papers must make a convincing case for the relevance of their results to practice. Authors are encouraged to write the abstract and introduction of their paper in a way that makes the results accessible and compelling to a general computer-security researcher. In particular, authors should bear in mind that anyone on the program committee may be asked to review any paper.

As in 2020, CCS will have two review cycles in 2021. For each submission, one of the following decisions will be made:

• Accept: Papers in this category will be accepted for publication in the proceedings and presentation at the conference, possibly after making minor changes with the oversight of a shepherd.
• Major Revision: Papers in this category are considered to be promising but need additional work (e.g., new experiments, proofs, or implementations). Authors will be given the opportunity to resubmit such papers, with appropriate revisions, in which case they should clearly explain in a well-marked appendix how the revisions address the comments of the reviewers. The revised paper will then be re-evaluated, and either accepted or rejected.
• Reject: Papers in this category are declined for inclusion in the conference. Papers rejected from the first review cycle may not be submitted again (even in revised form) to the second review cycle.

Authors of each accepted paper must ensure that at least one author registers for the conference, and that their paper is presented in-person at the conference.

Paper Submission Information

All submissions must be received by 11:59 PM AoE (UTC-12) on the day of the corresponding deadline. Submitted papers must not substantially overlap with papers that have been published or accepted for publication, or that are simultaneously in submission to a journal, conference, or workshop with published proceedings. All submissions should be properly anonymized; papers not properly anonymized may be rejected without review.

All submitted papers will be evaluated based on their merits, particularly their importance to practical aspects of computer and communications security and privacy, novelty, quality of execution, and presentation. For papers that might raise ethical concerns, authors are expected to convince reviewers that proper procedures (such as IRB approval or responsible disclosure) have been followed, and due diligence has been made to minimize potential harm.

Submitted papers may be rejected for being out of scope, at the discretion of the PC chairs. Authors who have questions about whether their paper is in scope are encouraged to ask the PC chairs in advance.

Paper Format

Submissions must be a PDF file in double-column ACM format (see https://www.acm.org/publications/proceedings-template, with a simpler version at https://github.com/acmccs/format), no more than 12 pages long, excluding the bibliography, well-marked appendices, and supplementary material. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format. Submissions not following the required format may be rejected without review.

Conference Tracks

This year the ACM CCS Conference features a multi-track format. Each track operates as a separate mini-conference, with its own Track Program Chair and Track Program Committee. The overall process is managed by the Conference Co-Chairs (Giovanni Vigna and Elaine Shi). At the time of submission, authors must select one track, which should be the most relevant to the topic of the paper. We understand that some papers might span multiple topics. In specific cases, PC members might be asked to provide reviews for papers outside their track, in an effort to provide the best possible reviews to the authors.

This is the list of tracks and their Track Chairs:

Software Security	Herbert Bos
Web Security	Adam Doupe
Network Security	Phillipa Gill
Formal Methods and Programming Languages	Limin Jia
Hardware, Side Channels, and CyberPhysical Systems	Wenyuan Xu
Applied Cryptography	Muthuramakrishnan Venkitasubramaniam
Machine Learning and Security	Prateek Saxena
Security Usability and Measurement	Jelena Mirkovic
Blockchain and Distributed Systems	Sarah Meiklejohn
Privacy and Anonymity	Jonathan Ullman

Resubmissions

For papers that were previously submitted to, and rejected from, another conference, authors are required to submit a separate document containing the prior reviews along with a description of how those reviews were addressed in the current version of the paper. (Authors are only required to include reviews from the last time the paper was submitted.) Reviewers will be able to read the previous reviews only after having their own review, to avoid being biased in formulating their own opinions; once their reviews are complete, however, reviewers will be given the opportunity to provide additional comments based on the submission history of the paper. Authors who try to circumvent this rule (e.g., by changing the title of the paper without significantly changing the contents) may have their papers rejected without further consideration, at the discretion of the PC chairs.

Updated on Apr 28, 2021: The paragraph above (rebusmissions) is deleted.

Conflicts of Interest

The conference requires cooperation from both authors and program-committee members to ensure a fair review process. For this purpose, authors must report all program-committee members who, in their opinion, have a conflict of interest and therefore may not be able to provide an unbiased review. Mandatory declared conflicts of interest include current or former doctoral advisor/advisee, members of the same institution, close family members, and recent co-authors (within the past 2 years). For any other declared conflict, authors are required to explain the nature of the conflict, which will be reviewed by the Conference Co-Chairs and the Track Chairs. The chairs reserve the right to request further explanation and can remove non-mandatory conflicts at their discretion.

Track Program Chairs are allowed to submit papers, and those papers will be handled by the Conference Co-Chairs.

Program-committee members who have a genuine conflict of interest with a paper, including the Conference Co-Chairs and the Track Chairs, will be excluded from evaluation and discussion of that paper. When a Track Program Chair has a conflict, the paper will be handled by the Conference Co-Chairs. When a Conference Co-Chair is conflicted, the other Co-Chair will be responsible for managing that paper. When both Conference Co-Chairs are in conflict, a committee member will be appointed to handle the paper. Conference Co-Chairs are not allowed to be authors or co-authors of any submissions.

Important Dates

First Review Cycle

• Paper submission deadline: January 20, 2021
• Rebuttal period: March 5-20, 2021
• Author notification: March 20, 2021 March 22, 2021
• Resubmission of revised papers: April 20, 2021 April 22, 2021
• Decisions on revised papers: May 5, 2021
• Camera-ready deadline: September 20, 2021 September 15, 2021

Second Review Cycle

• Paper submission deadline: May 6, 2021
• Rebuttal period: June 29-July 20, 2021 June 29-July 13, 2021
• Author notification: July 20, 2021
• Resubmission of revised papers: August 20, 2021
• Decisions on revised papers: September 4, 2021
• Camera-ready deadline: September 20, 2021 September 15, 2021

Submission Site

Submissions for the first review cycle go to https://ccs2021-a.hotcrp.com.

Submissions for the second review cycle go to https://ccs2021-b.hotcrp.com

Please Note: The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to two weeks prior to the first day of the conference. The official publication date affects the deadline for any patent filings related to published work.

Diversity and Inclusion

ACM CCS is committed to promoting diversity and inclusion in our community. If you have suggestions, concerns, or complaints related biases or sexual harassment, we encourage you to reach out to the Conference Co-Chairs. We are committed to protecting the anonymity of such reports and helping to address your concerns. We value your feedback and ideas to help us all build a healthier and more welcoming community.

We encourage the authors to be mindful of not using language or examples that further the marginalization, stereotyping, or erasure of any group of people, especially historically marginalized and/or under-represented groups (URGs) in computing. Of course, exclusionary treatment can arise unintentionally. Be vigilant and actively guard against such issues in your writing. Reviewers will also be empowered to monitor and demand changes if such issues arise in your submissions. Please check the link for more information.