IEEE Symposium on Security and Privacy

Add links
From Wikipedia, the free encyclopedia
IEEE Symposium on Security and Privacy
AbbreviationIEEE S&P, IEEE SSP
DisciplineComputer security and privacy
Publication details
PublisherIEEE
History1980–present
FrequencyAnnual

IEEE Symposium on Security and Privacy also known as the Oakland Conference is an annual conference focussing on topics related to computer security and privacy. The conference was founded in 1980 by Stan Ames and George Davida and is considered to be among the top conferences in the field.[1][2] The conference has a single track and follows a double-blind review process to ensure fairness during peer review.

History[edit]

The conference, initially conceived by researchers Stan Ames and George Davida in 1980 as a small workshop for discussing computer security and privacy, gradually evolved into a larger gathering within the field. Held initially at Claremont Resort, the first few iterations of the event witnessed a division between cryptographers and systems security researchers. Discussions during these early iterations predominantly focused on theoretical research, neglecting practical implementation considerations.[3] This division persisted, to the extent that cryptographers would often leave sessions focused on systems security topics.[4] In response, subsequent iterations of the conference integrated panels that encompassed both cryptography and systems security discussions within the same sessions. Over time, the conference's attendance grew, leading to a relocation to San Francisco in 2011 due to venue capacity limitations.[3]

Structure[edit]

IEEE Symposium on Security and Privacy considers papers from a wide range of topics related to computer security and privacy. Every year, a list of topics of interest is published by the Program Chairs of the conference which changes based on the trends in the field. The conference uses a single-track model for its conference proceedings, deviating from the multi-track format common in many similar conferences focused on security and privacy.[3] This approach concentrates all sessions into one cohesive track, with papers submitted for consideration reviewed using a double-blind process to ensure fairness.[5] However, this model poses challenges, as the conference is constrained in the number of papers it can accept, resulting in a low acceptance rate often in the single digits, unlike conferences which may have rates in the range of 15 to 20 percent.[3] In 2023, IEEE Symposium of Security and Privacy introduced a Research Ethics Committee that would screen papers submitted to the conference and flag instances of potential ethical violations in the submitted papers.[6]

In 2022, a study conducted by Ananta Soneji et al. showed that review processes of top security conferences, including the IEEE Symposium on Security and Privacy was exploitable. They identified a lack of objective criteria for paper evaluation and noted a degree of randomness among reviews provided by conference reviewers as the major weaknesses of the peer review process used by the conferences. To remediate this, the researchers recommended mentoring new reviewers with a focus on enhancing review quality rather than other productivity metrics. They acknowledged an initiative by IEEE S&P allowing PhD students and postdoctoral researchers to shadow reviewers on the program committee but also pointed out findings from a 2017 report suggesting that these students tended to be more critical in their assessments compared to experienced reviewers since they were not graded on review quality. [2]

Controversy[edit]

In 2021, researchers from the University of Minnesota submitted a paper titled "On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits"[7] to the 42nd iteration of a conference. They aimed to highlight vulnerabilities in the review process of Linux kernel patches, and the paper was accepted for presentation in 2021. However, their methods involved writing patches for existing trivial bugs in the Linux kernel in ways such that they intentionally introduced security bugs into the kernel.[8] This inclusion of vulnerabilities was done without Institutional Review Board (IRB) approval.[9] Despite undergoing review by the conference, this breach of ethical responsibilities was not detected during the paper's review process. This sparked significant criticism from the Linux community and broader cybersecurity circles. Greg Kroah-Hartman, one of the lead maintainers of the kernel, banned both the researchers and the university from making further contributions to the Linux project, ultimately leading the authors and the university to retract the paper and issue an apology to the Linux kernel.[10]

References[edit]

  1. ^ Carver, Jeffrey C.; Burcham, Morgan; Kocak, Sedef Akinli; Bener, Ayse; Felderer, Michael; Gander, Matthias; King, Jason; Markkula, Jouni; Oivo, Markku; Sauerwein, Clemens; Williams, Laurie (2016-04-19). "Establishing a baseline for measuring advancement in the science of security: an analysis of the 2015 IEEE security & privacy proceedings". Proceedings of the Symposium and Bootcamp on the Science of Security. ACM: 38–51. doi:10.1145/2898375.2898380. ISBN 978-1-4503-4277-3.
  2. ^ a b Soneji, Ananta; Kokulu, Faris Bugra; Rubio-Medrano, Carlos; Bao, Tiffany; Wang, Ruoyu; Shoshitaishvili, Yan; Doupé, Adam (2022-05-01). ""Flawed, but like democracy we don't have a better system": The Experts' Insights on the Peer Review Process of Evaluating Security Papers". IEEE Symposium of Security and Privacy. IEEE: 1845–1862. doi:10.1109/SP46214.2022.9833581. ISBN 978-1-6654-1316-9.
  3. ^ a b c d Neumann, Peter G.; Peisert, Sean; Schaefer, Marvin (2014-05-01). "The IEEE Symposium on Security and Privacy, in Retrospect". IEEE Security & Privacy. 12 (3): 15–17. doi:10.1109/MSP.2014.59. ISSN 1540-7993.
  4. ^ Neumann, Peter G.; Bishop, Matt; Peisert, Sean; Schaefer, Marv (2010). "Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy". 2010 IEEE Symposium on Security and Privacy. IEEE. doi:10.1109/sp.2010.43.
  5. ^ "IEEE Symposium on Security and Privacy 2024". sp2024.ieee-security.org. Retrieved 2024-05-06.
  6. ^ "Message from the Program Chairs". IEEE Symposium of Security and Privacy. IEEE: 34–35. 2023-05-01. doi:10.1109/SP46215.2023.10179462. ISBN 978-1-6654-9336-9.
  7. ^ Chin, Monica (2021-04-30). "How a university got itself banned from the Linux kernel". The Verge. Retrieved 2024-05-12.
  8. ^ "Greg Kroah-Hartman bans University of Minnesota from Linux development for deliberately buggy patches". ZDNET. Retrieved 2024-05-12.
  9. ^ "The Linux Foundation's demands to the University of Minnesota for its bad Linux patches security project". ZDNET. Retrieved 2024-05-12.
  10. ^ Salter, Jim (2021-04-26). "Linux kernel team rejects University of Minnesota researchers' apology". Ars Technica. Retrieved 2024-05-12.
Retrieved from "https://en.wikipedia.org/w/index.php?title=IEEE_Symposium_on_Security_and_Privacy&oldid=1223521500"