CCS 2019 Workshops

Pre-Conference Workshops

Post-Conference Workshops


2019 Cloud Computing Security Workshop (CCSW) (website)

CCSW is the world’s premier forum bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including secure cloud resource virtualization mechanisms, secure data management outsourcing practical privacy and integrity mechanisms for outsourcing, foundations of cloud-centric threat models, secure computation outsourcing, remote attestation mechanisms in clouds, sandboxing and VM-based enforcements, trust and policy management in clouds, secure identity management mechanisms, new cloud-aware web service security paradigms and mechanisms, cloud-centric regulatory compliance issues and mechanisms, business and security risk models and clouds, cost and usability models and their interaction with security in clouds, scalability of security in global-size clouds, trusted computing technology and clouds, binary analysis of software for remote attestation and cloud protection, network security (DOS, IDS etc.) mechanisms for cloud contexts, security for emerging cloud programming models etc. We would like to especially encourage novel paradigms and controversial ideas that are not on the above list. The workshop has historically acted as a fertile ground for creative debate and interaction in security-sensitive areas of computing impacted by clouds.

5th Workshop on Theory and Practice of Differential Privacy (TPDP) (website)

Differential privacy is a promising approach to privacy-preserving data analysis. Differential privacy provides strong worst-case guarantees about the harm that a user could suffer from participating in a differentially private data analysis, but is also flexible enough to allow for a wide variety of data analyses to be performed with a high degree of utility. Having already been the subject of a decade of intense scientific study, it has also now been deployed in products at government agencies such as the U.S. Census Bureau and companies like Apple and Google. Researchers in differential privacy span many distinct research communities, including algorithms, computer security, cryptography, databases, data mining, machine learning, statistics, programming languages, social sciences, and law. This workshop will bring researchers from these communities together to discuss recent developments in both the theory and practice of differential privacy.

Theory of Implementation Security Workshop (TIS) (website)

The traditional application of cryptography is the protection of communication lines. It is usually assumed that both sender and receiver have equipment that is protected by physical means against attacks. In modern applications like payment cards, set-top boxes, DRM protection, etc., this assumption is no longer true. The attacker often has physical access to the device that is executing the cryptographic algorithm, and can measure side channels: execution time, power consumption, electro-magnetic radiation. With the advent of the Internet of Things, the interest in embedded cryptographic systems and physical attacks on these systems is steadily increasing, both in academia and industry. On the other hand, sophisticated security certification and evaluation methods (FIPS, CC, etc.) have been established to give assurance about the security claims by independent evaluation and testing. The drawback is that certification is time consuming, expensive and sometimes the results are not repeatable. There is an emerging need from one side for further developing provably secure protection methods and automated verification tools and from another side improving the efficiency and quality of certification by integrating these tools and methods which will allow assessment of the physical attacks’ resilience of the implementations with low cost and reduced time. All these challenges motivate even more research on the Theory of Implementation Security.

6th ACM Workshop on Moving Target Defense (MTD) (website)

The static nature of current computing and network systems has made them easy to attack and hard to defend. Adversaries have an asymmetric advantage in that they have the time to study a system, identify its vulnerabilities, and choose the time and place of attack to gain the maximum benefit. The idea of moving-target defense (MTD) is to impose the same asymmetric disadvantage on attackers by making systems dynamic and therefore harder to explore and predict. With a constantly changing system and its ever-adapting attack surface, attackers will have to deal with significant uncertainty just like defenders do today. The ultimate goal of MTD is to increase the attackers’ workload so as to level the cybersecurity playing field for defenders and attackers – ultimately tilting it in favor of the defender. This workshop seeks to bring together researchers from academia, government, and industry to report on the latest research efforts on moving target defense, and to have productive discussions and constructive debate on this topic.

7th Workshop on Encrypted Computing & Applied Homomorphic Cryptography (WAHC) (website)

Secure computation is becoming a key feature of future information systems. Distributed network applications and cloud architectures are at danger because lots of personal consumer data is aggregated in all kinds of formats and for various purposes. Industry and consumer electronics companies are facing massive threats like theft of intellectual property and industrial espionage. Public infrastructure has to be secured against sabotage and manipulation. A possible solution is encrypted computing: Data can be processed on remote, possibly insecure resources, while program code and data is encrypted all the time. This allows to outsource the computation of confidential information independently from the trustworthiness or the security level of the remote system. The technologies and techniques discussed in this workshop are a key to extend the range of applications that can be securely outsourced. The goal of the workshop is to bring together researchers with practitioners and industry to present, discuss and to share the latest progress in the field. We want to exchange ideas that address real-world problems with practical approaches and solutions.

18th Workshop on Privacy in the Electronic Society (WPES) (website)

The increased power and interconnectivity of computer systems available today create the ability to store and process large amounts of data, resulting in networked information accessible from anywhere at any time. It is becoming easier to collect, exchange, access, process, and link information. This global scenario has inevitably resulted in an increasing degree of awareness with respect to privacy. Privacy issues have been the theme of public debates, and the need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected society and possible solutions. The 2019 Workshop, held in conjunction with the ACM CCS conference, is the eighteenth in a yearly forum for papers on all the different aspects of privacy in today’s electronic society.

5th ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC) (website)

CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). In 2019, the workshop will run for the fifth time. Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

5th Security Standardisation Research Conference (SSR) (website)

The 5th Security Standardisation Research Conference (SSR): The purpose of this conference is to discuss the many research problems deriving from studies of existing standards, the development of revisions to existing standards, and the exploration of completely new areas of standardisation. Indeed, many security standards bodies are only beginning to address the issue of transparency, so that the process of selecting security techniques for standardisation can be seen to be as scientific and unbiased as possible. This year, we would also like to encourage active law researchers in data protection and privacy to submit to this conference. This aligns with the presence of the GDPR in the EU. Submissions about regulation-related aspects of blockchain technology and the IoT are particularly welcomed. We would also love to see more standardisation efforts being open to interaction with academics. This follows in the footsteps of IETF’s design approach for TLS 1.3, which has seen substantial academic input. Similarly, several post-quantum efforts have seen interaction between academia and industry. This conference is intended to cover the full spectrum of research on security standardisation, including, but not restricted to, work on cryptographic techniques, security management, security evaluation criteria, security policy, network security, privacy and identity management, smart cards and RFID tags, biometrics, security modules, and industry-specific security standards. An overview of the previous SSR conferences can be found at

12th ACM Workshop on Artificial Intelligence and Security (AISec) (website)

For more than a decade, AISec has been the primary meeting place for researchers working at the intersection of artificial intelligence, machine learning, deep learning, security and privacy. The workshop has favored the development of fundamental theory and practical applications supporting the use of machine learning for security and privacy. Its main topics include adversarial and privacy-preserving learning, and novel learning algorithms for security.

3rd Workshop on Forming an Ecosystem Around Software Transformation (FEAST) (website)

The 2019 Workshop on Forming an Ecosystem Around Software Transformation (FEAST 2019) will be held in conjunction with the 26th ACM Conference on Computer and Communications Security (CCS) on November 15, 2019. The workshop is geared toward discussion and understanding of several critical topics surrounding software executable transformation for improving the security and efficiency of all software used in security-critical applications. The scope of discussion for this workshop will include topics that may be necessary to fully exploit the power and impact of late-stage software customization efforts as described in the Call for Papers.

Privacy Preserving Machine Learning (PPML) (website)

This one day workshop focuses on privacy preserving techniques for training, inference, and disclosure in large scale data analysis, both in the distributed and centralized settings. We have observed increasing interest of the Machine Learning (ML) community in leveraging cryptographic techniques such as Multi-Party Computation (MPC) and Homomorphic Encryption (HE) for privacy preserving training and inference, as well as Differential Privacy (DP) for disclosure. Simultaneously, the systems security and cryptography community has proposed various secure frameworks for ML. We encourage both theory and application-oriented submissions exploring a range of approaches, including but not limited to aforementioned techniques.

3rd Software Protection Workshop (SPRO) (website)

Software Protection techniques aim to defend the confidentiality and integrity of software applications that are exposed to an adversary that shares the execution host and access privileges of the application. This is often denoted as protection against MATE (Man-At-The-End) attacks. This is an area of growing importance: for industry, in many cases the deployment of such techniques is crucial for the survival of their business. The aim of SPRO workshop is to bring together researchers and industrial practitioners both from software protection and the software engineering community to discuss software protection techniques, security evaluation methodologies, and practical aspects such as tools. The objective is to stimulate the community working in this growing area of security, and to increase the synergies between the research areas of software protection engineering and their practical deployment.

2nd Workshop on the Internet of Things Security and Privacy (IoT S&P) (website)

The Internet of Things (IoT) is believed to be the next generation of the Internet and has deeply influenced our daily lives. While bringing convenience to our lives, IoT also introduces potential security hazards. Since increasing IoT devices directly process user-generated data, once compromised, leave users or even the entire smart society at risk. Furthermore, large-scale data generated by IoT devices also gives opportunities to attackers. The 2019 workshop aims to bring together researchers from academia, government, and industry to discuss the challenge and solutions regarding practical and theoretical aspects of IoT security and privacy. We hope that this workshop will be the main conference for IoT security of ACM CCS community.

3rd Attacks and Solutions in Hardware Security Workshop (ASHES) (website)

ASHES deals with any aspects of hardware security, and welcomes any contributions in this area. Among others, it particularly highlights emerging techniques and methods as well as recent application areas within its field. This includes new attack vectors, novel designs and materials, lightweight security primitives, nanotechnology, and PUFs on the methodological side, as well as the internet of things, automotive security, smart homes, pervasive and wearable computing on the applications side. To account for the special nature of hardware security as a rapidly developing discipline, ASHES hosts four different categories of papers: (i) Classical full papers, (ii) short papers, (iii) wild and crazy (WaC) papers (whose purpose is rapid dissemination of promising, potentially game-changing novel ideas), and (iv) systematization of knowledge (SoK) papers (which overview, structure, and categorize a certain subarea). The workshop will host several technical sessions and two invited keynotes by Ross Anderson (Cambridge) and Francois-Xavier Standaert (UC Louvain).

14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security (PLAS) (website)

PLAS provides a forum for exploring and evaluating the use of programming language and program analysis techniques for promoting security in the complete range of software systems, from compilers to machine learnt models. The workshop encourages proposals of new, speculative ideas, evaluations of new or known techniques in practical settings, and discussions of emerging threats and problems. We also host position papers that are radical, forward-looking, and lead to lively and insightful discussions influential to the future research at the intersection of programming languages and security.

1st Workshop on Cyber-Security Arms Race (CYSARM) (website)

Cybersecurity is a complex ecosystem that is based on several contradicting requirements. For this reason, it is often defined as an arms race between attackers and defenders: for example, when a new security model or algorithm is devised, it could act as a double-edged sword since it might both enhance the security posture of a system and introduce additional vulnerabilities. Similarly, many of the novel technological solutions that are used to improve the security of systems and networks are also being used by those who wish to threaten well-established algorithms and protocols. For example, it is already known that when large-scale quantum computers become available they will be able to break almost all the public-key cryptographic algorithms currently in use. Security is also about balancing several trade-offs, e.g. security vs privacy, security vs trust, security vs usability, security vs cost, research vs standardization, academic research vs real applications, just to name a few. For example, while artificial intelligence provides the ability to efficiently analyse massive data streams to detect patterns of anomalous behaviour, it also threatens user privacy by enabling the analysis of individual behaviours, and democratic government by subverting opinions via electronic media. Likewise, the use of trustworthy computing and trusted hardware: while it fortifies systems by providing stronger security and operational assurance guarantees, it also allows attackers to perform stealthy attacks and could be used to damage user privacy. The goal of CYSARM workshop is to foster collaboration and discussion among cyber-security researchers and practitioners to discuss the various facets and trade-offs of cybersecurity and how new security technologies and algorithms might impact the security of existing or future security models.