Secure and Trustworthy Cyberspace (SaTC)

Secure and Trustworthy Cyberspace (SaTC) is sponsored by National Science Foundation. Funds research on secure systems design, relevant to engineering design with cybersecurity integration. This program should be reviewed carefully against your organization's mission, staffing capacity, timeline, and compliance readiness before you commit resources to a full application. Strong submissions usually translate sponsor priorities into concrete objectives, clear implementation milestones, and measurable public benefit.

For planning purposes, treat rolling deadlines or periodic funding windows as your working submission target unless the sponsor publishes an updated notice. A competitive project plan should include a documented need statement, implementation approach, evaluation framework, risk controls, and a realistic budget narrative. Even when a grant allows broad program design, reviewers still expect credible evidence that the proposed work can be executed within the grant period and with appropriate accountability.

Current published award information indicates $500,000 - $3,000,000 Organizations should verify the final funding range, matching requirements, and allowability rules directly in the official opportunity materials before preparing a budget. Finance and program teams should align early so direct costs, indirect costs, staffing assumptions, procurement timelines, and reporting obligations all remain consistent throughout drafting and post-award administration.

Eligibility guidance for this opportunity is: Universities, colleges If your organization has partnerships, subrecipients, or collaborators, define responsibilities and compliance ownership before submission. Reviewers often look for implementation credibility, so letters of commitment, prior performance evidence, and a clear governance model can materially strengthen the application narrative and reduce concerns about delivery risk.

A practical approach is to begin with a focused readiness review, then build a workback schedule from the sponsor deadline. Confirm required attachments, registration dependencies, and internal approval checkpoints early. This reduces last-minute issues and improves submission quality. For the most accurate requirements, always rely on the official notice and primary source links associated with Secure and Trustworthy Cyberspace (SaTC).

NSF 24-504: Secure and Trustworthy Cyberspace (SaTC 2. 0) | NSF - U. S.

National Science Foundation An official website of the United States government Official websites use . gov A . gov website belongs to an official government organization in the United States.

Secure . gov websites use HTTPS. or https:// means you've safely connected to the .

gov website. Share sensitive information only on official, secure websites.

Research Experiences for Undergraduates For Early-Career Researchers Proposal & Award Policies & Procedures Guide (PAPPG) How We Make Funding Decisions Request a Change to Your Award Proposal & Award Policies & Procedures Guide (PAPPG) NSF Public Access Repository Who to Contact With Questions Facilities and Infrastructure Updates on NSF Priorities Our Directorates & Offices Biological Sciences (BIO) Computer & Information Science & Engineering (CISE) Integrative Activities (OIA) International Science & Engineering (OISE) Mathematical & Physical Sciences (MPS) Social, Behavioral & Economic Sciences (SBE) Technology, Innovation & Partnerships (TIP) National Center for Science & Engineering Statistics (NCSES) National Science Board (NSB) Security, Privacy, and Trust in Cyberspace (SaTC 2.

0) Archived funding opportunity This solicitation is archived. NSF 24-504: Secure and Trustworthy Cyberspace (SaTC) Download the solicitation (PDF, 1.

5mb) National Science Foundation Directorate for Computer and Information Science and Engineering Division of Computer and Network Systems Division of Computing and Communication Foundations Division of Information and Intelligent Systems Office of Advanced Cyberinfrastructure Directorate for Social, Behavioral and Economic Sciences Division of Social and Economic Sciences Division of Behavioral and Cognitive Sciences Directorate for Mathematical and Physical Sciences Division of Mathematical Sciences Directorate for STEM Education Division of Graduate Education Directorate for Engineering Division of Electrical, Communications and Cyber Systems Full Proposal Deadline(s) (due by 5 p.

m. submitter's local time): Proposals Accepted Anytime Important Information And Revision Notes The description of partnerships has been clarified to describe post-award handling. Additional topics of interest have been added, including open-source software security, quantum computing security, generative AI security, and supply chain security.

Collaboration letters for CORE and EDU proposals may now be one page, with any content, subject to standard NSF rules for font and margins. Any proposal may include no more than five (5) such letters. The descriptions for Broadening Participation in Computing have been revised.

Instructions for Medium projects with no PIs or co-PIs from computer science-related departments have been added to the Broadening Participation in Computing section of the solicitation. Any proposal submitted in response to this solicitation should be submitted in accordance with the NSF Proposal & Award Policies & Procedures Guide (PAPPG) that is in effect at the time the proposal is submitted.

The NSF PAPPG is regularly revised and it is the responsibility of the proposer to ensure that the proposal meets the requirements specified in this solicitation and the applicable version of the PAPPG.

Summary Of Program Requirements Secure and Trustworthy Cyberspace (SaTC) In today's increasingly networked, distributed, and asynchronous world, cybersecurity involves hardware, software, networks, data, people, and integration with the physical world.

Society's overwhelming reliance on this complex cyberspace, however, has exposed its fragility and vulnerabilities that defy existing cyber-defense measures; corporations, agencies, national infrastructure, and individuals continue to suffer cyber-attacks.

Achieving a truly secure cyberspace requires addressing both challenging scientific and engineering problems involving many components of a system, and vulnerabilities that stem from human behaviors and choices.

Examining the fundamentals of security and privacy as a multidisciplinary subject can lead to fundamentally new ways to design, build, and operate cyber systems; protect existing infrastructure; and motivate and educate individuals about cybersecurity.

The goals of the SaTC program are aligned with the National Science and Technology Council's (NSTC) Federal Cybersecurity Research and Development Strategic Plan (RDSP) and National Privacy Research Strategy (NPRS) to protect and preserve the growing social and economic benefits of cyber systems while ensuring security and privacy.

The RDSP identified six areas critical to successful cybersecurity research and development: (1) scientific foundations; (2) risk management; (3) human aspects; (4) transitioning successful research into practice; (5) workforce development; and (6) enhancing the research infrastructure.

The NPRS, which complements the RDSP, identifies a framework for privacy research, anchored in characterizing privacy expectations, understanding privacy violations, engineering privacy-protecting systems, and recovering from privacy violations.

In alignment with the objectives in both strategic plans, the SaTC program takes an multidisciplinary, comprehensive, and holistic approach to cybersecurity research, development, and education, and encourages the transition of promising research ideas into practice.

SaTC goals are also aligned with the Roadmap for Researchers on Priorities Related to Information Integrity Research and Development , the National Strategy to Advance Privacy-Preserving Data Sharing and Analytics , and the National Cyber Workforce and Education Strategy .

The SaTC program welcomes proposals that address cybersecurity and privacy, drawing on expertise in one or more of these areas: computing, communication, and information sciences; engineering; education; mathematics; statistics; and social, behavioral, and economic sciences.

Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both welcome. The SaTC program spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Engineering (ENG), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU).

Proposals must be submitted pursuant to one of the following designations, each of which may have additional restrictions and administrative obligations as specified in this program solicitation. CORE: This designation is the main focus of the multidisciplinary SaTC research program. EDU: The Education (EDU) designation is used to label proposals focusing on cybersecurity and privacy education and training.

TTP: The Transition to Practice (TTP) designation will be used to label proposals that are focused exclusively on transitioning existing research results to practice. CORE and TTP proposals may be submitted in one of the following project size classes: Small projects: up to $600,000 in total budget, with durations of up to three years; and Medium projects: $600,001 to $1,200,000 in total budget, with durations of up to four years.

EDU proposals are limited to $400,000 in total budget, with durations of up to three years. EDU proposals that demonstrate a collaboration, reflected in the PI, co-PI, and/or Senior Personnel composition, between a cybersecurity subject matter expert (researcher or practitioner) and an education researcher may request up to $500,000 for three years.

Cognizant Program Officer(s): Please note that the following information is current at the time of publishing. See program website for any updates to the points of contact. Jeremy J.

Epstein, Lead Program Director, CISE/CNS, telephone: (703) 292-8338, email: jepstein@nsf. gov Cindy Bethel, Program Director, CISE/IIS, telephone: (703) 292-4420, email: cbethel@nsf. gov Robert Beverly, Program Director, CISE/OAC, telephone: 703-292-7068, email: rbeverly@nsf.

gov Daniel R. Cosley, Program Director, CISE/IIS, telephone: (703) 292-8832, email: dcosley@nsf. gov Sol Greenspan, Program Director, CISE/CCF, telephone: (703) 292-8910, email: sgreensp@nsf.

gov Timothy Hodges, Program Director, MPS/DMS, telephone: (703) 292-5359, email: thodges@nsf. gov Karen Karavanic, Program Director, CISE/CNS, telephone: (703) 292-2594, email: kkaravan@nsf. gov Sara Kiesler, Program Director, SBE/SES, telephone: (703) 292-8643, email: skiesler@nsf.

gov Rosa A. Lukaszew, Program Director, ENG/ECCS, telephone: (703) 292-8103, email: rlukasze@nsf. gov Daniela Oliveira, Program Director, CISE/CNS, telephone: (703) 292-4352, email: doliveir@nsf.

gov Victor P. Piotrowski, Program Director, EDU/DGE, telephone: (703) 292-5141, email: vpiotrow@nsf. gov Andrew D.

Pollington, Program Director, MPS/DMS, telephone: (703) 292-4878, email: adpollin@nsf. gov Phillip A. Regalia, Program Director, CISE/CCF, telephone: (703) 292-2981, email: pregalia@nsf.

gov Ambareen Siraj, Program Director, EDU/DGE, telephone: (703) 292-8182, email: asiraj@nsf. gov Anna Squicciarini, Program Director, CISE/CNS, telephone: (703) 292-5177, email: asquicci@nsf. gov Xiaogang (Cliff) Wang, Program Director, CISE/CNS, telephone: (703) 292-2812, email: xiawang@nsf.

gov ChunSheng (Sam) Xin, Program Director, EDU/DGE, telephone: (703) 292-7353, email: cxin@nsf. gov Li Yang, Program Director, EDU/DGE, telephone: (703) 292-2677, email: liyang@nsf. gov Applicable Catalog of Federal Domestic Assistance (CFDA) Number(s): 47.

049 --- Mathematical and Physical Sciences 47. 070 --- Computer and Information Science and Engineering 47. 075 --- Social Behavioral and Economic Sciences 47.

076 --- STEM Education Anticipated Type of Award: Standard Grant or Continuing Grant Estimated Number of Awards: 90 NSF anticipates approximately 15 EDU awards, 35 Small awards, and 25 Medium awards. Anticipated Funding Amount: $69,000,000 per year, dependent on the availability of funds.

Who May Submit Proposals: Proposals may only be submitted by the following: Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members.

Special Instructions for International Branch Campuses of US IHEs: If the proposal includes funding to be provided to an international branch campus of a US institution of higher education (including through use of subawards and consultant arrangements), the proposer must explain the benefit(s) to the project of performance at the international branch campus, and justify why the project activities cannot be performed at the US campus.

Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U. S. that are directly associated with educational or research activities.

As of the date the proposal is submitted, any PI, co-PI, or other senior project personnel must hold either: a tenured or tenure-track position, a primary, full-time, paid appointment in a research or teaching position at a US-based campus of an organization eligible to submit to this solicitation (see above), with exceptions granted for family or medical leave, as determined by the submitting organization.

Individuals with primary appointments at for-profit non-academic organizations or at overseas branch campuses of U. S. institutions of higher education are not eligible.

Proposals from Minority Serving Institutions (MSIs) are particularly encouraged. Limit on Number of Proposals per Organization: There are no restrictions or limits. Limit on Number of Proposals per PI or co-PI: 4 An individual can participate as PI, co-PI, or senior personnel on no more than four SaTC proposals.

There is a limit of: two proposals designated as CORE (across Small and Medium); one proposal designated as TTP (across Small and Medium); and one proposal designated as EDU. These limits apply for the period from October 1st to September 30th of the following year to all proposals in response to this solicitation and are unrelated to any limits imposed in other NSF solicitations.

To treat everyone fairly and consistently, these eligibility constraints will be strictly enforced. If an individual exceeds these limits, only proposals received within the limits will be accepted, based on earliest date and time of proposal submission. No exceptions will be made.

Proposals that are withdrawn or returned without review will not count against this proposal limit. Proposal Preparation and Submission Instructions A. Proposal Preparation Instructions Letters of Intent: Not required Preliminary Proposal Submission: Not required Full Proposals submitted via Research.

gov: NSF Proposal and Award Policies and Procedures Guide (PAPPG) guidelines apply. The complete text of the PAPPG is available electronically on the NSF website at: https://www. nsf.

gov/publications/pub_summ. jsp? ods_key=pappg .

Full Proposals submitted via Grants. gov: NSF Grants. gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.

gov guidelines apply (Note: The NSF Grants. gov Application Guide is available on the Grants. gov website and on the NSF website at: https://www.

nsf. gov/publications/pub_summ. jsp?

ods_key=grantsgovguide ). Cost Sharing Requirements: Inclusion of voluntary committed cost sharing is prohibited. Indirect Cost (F&A) Limitations: Other Budgetary Limitations: Other budgetary limitations apply.

Please see the full text of this solicitation for further information. Full Proposal Deadline(s) (due by 5 p. m.

submitter's local time): Proposals Accepted Anytime Proposal Review Information Criteria National Science Board approved criteria. Additional merit review criteria apply. Please see the full text of this solicitation for further information.

Award Administration Information Additional award conditions apply. Please see the full text of this solicitation for further information. Additional reporting requirements apply.

Please see the full text of this solicitation for further information. Summary of Program Requirements Proposal Preparation and Submission Instructions Proposal Preparation Instructions Research. gov/Grants.

gov Requirements NSF Proposal Processing and Review Procedures Merit Review Principles and Criteria Review and Selection Process Award Administration Information Notification of the Award Making cyberspace secure and trustworthy is a critical challenge confronting society. The fragility and vulnerability of cyberspace has exposed societies and individuals to untold risks with severe consequences.

Achieving a more secure cyberspace demands overcoming major scientific challenges and realizing privacy and trust in cyberspace requires reconciling technology with human and societal needs. New advances in technology for cyberspace, changes in society, and adoption in new domains will also necessitate a rethinking of the interplay between security, privacy, and trust in cyberspace.

The multi-disciplinary SaTC program seeks fundamentally new, principled approaches to protect and defend cyberspace against harmful actions by determined adversaries, and to assess their effectiveness. The SaTC program also seeks to explore innovative approaches for growing a capable, next-generation cyber workforce, and for accelerating the transition of successful cybersecurity research into practice and useful products and services.

The NSTC released the Federal Cybersecurity RDSP , a broad, coordinated Federal strategic plan for cybersecurity research and development, in order to preserve the growing social and economic benefits by thwarting adversaries and strengthening public trust of cyber systems.

The plan calls for sound mathematical and scientific foundations, principled design methodologies, and metrics for evaluating success or failure for securing cyberspace. Highlighted in the plan is the need for socio-technical approaches that consider human, social, organizational, economic, and technical factors, and the complex interaction among them, in the creation, maintenance, and operation of secure systems and infrastructure.

The plan underscores the need for rapid transfer of research results to potential users, including the dissemination of best practices, outreach activities, and research infrastructure. Finally, the plan calls for research in cybersecurity education to satisfy the present and future workforce demands for qualified cybersecurity professionals.

The NSTC also announced the NPRS with the goal of enabling individuals, companies, and the government to benefit from cyber systems while effectively balancing those benefits with their risks to privacy.

The strategy calls for characterizing key socio-technical issues that challenge privacy, and articulating goals for research in social, behavioral, and economic sciences needed for designing, using, and evaluating these socio-technical systems. The NPRS highlights the need for networking and information technology research for underlying privacy-enhancing technologies and related topics.

This solicitation supports these NSTC strategies for a secure and trustworthy cyberspace with privacy imperatives, which are critical to our national priorities in commerce, education, energy, financial services, healthcare, manufacturing, and defense.

In strong alignment with the objectives in these plans, the SaTC program, in collaboration with industrial and international partners, takes a multidisciplinary, comprehensive, and holistic approach to cybersecurity and privacy research, development, technology transfer, and education. Cyberspace is a complex ecosystem that involves computer hardware, software, networks, data, people, and integration with the physical world.

Society's overwhelming reliance on this complex cyberspace, however, has exposed its fragility and vulnerabilities that defy existing cyber-defense measures: corporations, agencies, national infrastructure, and individuals continue to suffer cyber-attacks.

Achieving cybersecurity while protecting the privacy of individuals requires not only understanding the technical weaknesses of the components of a system and how they can be addressed, but also understanding the human-centric aspects of secure cyber systems.

Examining the fundamentals of security and privacy from many different perspectives can, in turn, lead to fundamentally new and holistic ways to design, build, and operate cyber systems, protect existing infrastructure, and motivate and educate individuals about security and privacy.

The SaTC program welcomes proposals that address cybersecurity and privacy, and that draw on expertise in one or more of these areas: computing, communication, and information sciences; engineering; education; mathematics; statistics; and social, behavioral, and economic sciences.

Proposals that advance the field of cybersecurity and privacy within a single discipline or interdisciplinary efforts that span multiple disciplines are both welcome. The SaTC program spans the interests of NSF's Directorates for Computer and Information Science and Engineering (CISE), Engineering (ENG), Mathematical and Physical Sciences (MPS), Social, Behavioral and Economic Sciences (SBE), and STEM Education (EDU).

Proposals must be submitted pursuant to one of the following designations, each of which may have additional restrictions and administrative obligations: CORE: This designation is the main focus of the SaTC research program. EDU: The Education (EDU) designation is used to label proposals focusing entirely on cybersecurity and privacy education and training.

TTP: The Transition to Practice (TTP) designation is used to label proposals that are focused exclusively on transitioning existing research results to practice. Core and TTP proposals may be submitted in either of the following project size classes: Small projects: up to $600,000 in total budget, with durations of up to three years; and Medium projects: $600,001 to $1,200,000 in total budget, with durations of up to four years.

EDU proposals are limited to $400,000 in total budget, with durations of up to three years. EDU proposals that demonstrate a collaboration, reflected in the PI, co-PI, and/or Senior Personnel composition, between a cybersecurity subject matter expert (researcher or practitioner) and an education researcher may request up to $500,000 for three years.

Any proposal submitted to the CORE designation for this solicitation must be consistent with the Small or Medium project classes defined below. Proposals submitted to the TTP designation for this solicitation must be consistent with the Small or Medium project classes defined below. Proposals will be considered for funding within their project class.

EDU Projects have their own budget class, described below in the EDU Designation section. SMALL Projects: Small projects, with total budgets up to $600,000 for durations of up to three years , are well suited to one or two investigators (PI and one co-PI or other Senior Personnel) and at least one student and/or postdoc.

MEDIUM Projects: Medium projects, with total budgets ranging from $600,001 to $1,200,000 for durations of up to four years , are well suited to one or more investigators (PI, co-PI and/or other Senior Personnel) and several students and/or postdocs.

Medium project descriptions must be comprehensive, well-integrated, and make a convincing case that the collaborative contributions of the project team will be greater than the sum of each of their individual contributions. Rationale must be provided to explain why a budget of this size is required to carry out the proposed work.

Because the success of collaborative research efforts is known to depend on thoughtful coordination mechanisms that regularly bring together the various participants of the project, Medium proposals with more than one investigator must include a Collaboration Plan of up two pages as a Supplementary Document.

The length of, and level of detail provided in, the Collaboration Plan should be commensurate with the complexity of the proposed project. If a Medium proposal with more than one investigator does not include a Collaboration Plan, that proposal will be returned without review. Please see Proposal Preparation Instructions Section V.

A for additional guidelines on collaboration plans. Collaboration plans, budgets, and budget justifications should demonstrate that key personnel, and especially lead PIs, have allocated adequate time for both their individual technical contributions and the leadership of collaborative activities necessary to realize the synergistic effects of larger-scale research.

All SaTC proposals must be submitted to one of the following designations: CORE, EDU, or TTP. The focus of each designation is described below, along with any additional restrictions and administrative obligations.

No matter the designation, all proposals must have a separate section in the project description titled "Relevance to Secure and Trustworthy Cyberspace" that discusses the potential impact of the research with respect to the goals of the SaTC program, and clearly justifies the keywords selected in the Project Summary with respect to the research plan. (More information on keyword selection is available in Section V.

A; keywords roughly align with the research topics described below.) Secure and Trustworthy Cyberspace core research (CORE) designation This solicitation focuses only on research directly supporting a safe, privacy-aware, secure, resilient, and trustworthy cyberspace, conducted ethically with the highest scientific standards.

Of special interest are proposals that are transformative, forward-looking, and offer innovative or clean-slate approaches that provide defenders a distinct advantage. Proposals whose security science exposes underlying principles having predictive value that extends across different security domains are especially encouraged.

The program discourages proposals that address a sole vulnerability or device without advancing security science or considering the broader consequences of the proposed remedy. The program discourages proposals that simply address quick fixes or ad-hoc solutions without much scientific merit.

The program likewise discourages research focused primarily on the design, development, or use of offensive techniques when it would be harmful to the operation of existing cyberinfrastructure and/or are at odds with ethical, legal, and diplomatic concerns and US rules and regulations. Proposers should give considerable thought to unintended consequences of offensive research.

All proposals should (a) include a clear and concise description of the threat model(s) or specific risk(s) to privacy, security, or trustworthy cyberspace that the proposed research addresses; (b) discuss the generalizable theories and research methods that will be developed; and (c) discuss the trade-offs and risks involved in the research plan.

Some specific research topics of interest for CORE proposals include, but are not limited to: Authentication and Access Control : Proposals addressing innovative and robust identity management and authentication approaches are of interest.

Topics include but are not limited to: continuous authentication; multi-factor authentication; biometric authentication; device-level authentication; identity and credential management; federated identity; privacy-preserving authentication; defense approaches and verification techniques for authentication systems; and usable authentication.

Also of interest are access control and authorization solutions that are essential for protecting systems, networks, and applications; topics of interest include, but are not limited to: models of access control and authorization; cryptographic techniques for access control (e. g. , attribute-based encryption); and formal policy analysis methods, models, and frameworks for privacy-preserving and secure inter-operation.

Also of interest are foundational techniques for building trust in cyberspace; topics such as models and frameworks for trust in computing, trust metrics, zero-trust architecture, trusted execution environments, and trust through transparency and accountability.

Cryptography (Applied and Theoretical) : Topics of interest include all applications of cryptography, especially in networks, edge and cloud computing, Internet of Things (IoT), electronic commerce, or in any other real-world setting.

Innovative design and application of cryptography and related techniques such as attribute-based encryption, functional encryption, lightweight low-latency encryption, error correction through message authentication codes, unified lightweight solutions for encryption, authentication and error correction, efficient schemes for homomorphic encryption, program obfuscation, information theoretic security, steganography, cryptanalysis, and post-quantum cryptography are of interest.

Research on side channel and leakage resilience, memory-hard functions, verifiable computation, non-malleable codes, computer-aided cryptographic proofs, and digital currencies are also in scope, as are efficient schemes for secure multi-party computation (including querying and machine learning over distributed datasets), particularly when there are clear contributions toward the cryptographic aspects of the problem.

Cyber-Physical Systems (CPS): Topics of interest include research on security and privacy of cyber-physical systems that integrate sensing, computation, control, and networking into physical objects and infrastructure, connecting them to other systems, to users, and to each other. Systems of interest may or may not include humans in the loop.

Also of interest are techniques for leveraging fundamental physical properties to improve security or privacy; system vulnerabilities and mitigations; system models; measuring and assessing security or privacy characteristics of systems; and human-centric design of protection mechanisms.

Data Science, Machine Learning (ML), and Artificial Intelligence (AI): Topics of interest include advances in techniques and tools for modeling, analysis, and visualization of data and metadata to predict, detect, and mitigate security and privacy risks.

This includes advances in secure and/or privacy-preserving infrastructure for data science, including dataset management, provenance, validation, and linking; secure and privacy-preserving methods for publishing actual or synthetic datasets including but not limited to differential privacy; and methods for retrieval, querying, and text and network analysis over datasets that effectively trade off security, privacy, and utility.

It also includes robustness and risks of the methods themselves, including adversarial ML threats in model training, deployment, and reuse; privacy risks including model inversion, membership inference, attribute inference, re-identification, and de-anonymization; and forensic and formal methods for analyzing, auditing, and verifying security- and privacy-related aspects of AI components.

Also of interest are security, privacy, and trust in data science and AI/ML, with respect to transparency and interpretability/explainability of models and algorithms, and associated issues of fairness and bias. Use of generative AI systems for improving security, the risks of generative AI systems to security, and the security of generative AI systems are all of interest.

Formal Methods and Language-based Security: Topics of interest include formal definitions, models, and frameworks for security, privacy, and trust; security and privacy preserving composition; and principled, secure design, analysis, verification, and synthesis techniques that bridge the gap between high-level security models and software development.

Also of interest are information flow, programming language-based approaches, secure compilation, verification techniques for cryptography and other security protocols, and secure-by-construction techniques. All applications of formal techniques for security and/or privacy, especially those applied in distributed, operating, networked and hardware systems, are of special interest.

Hardware Security Architecture: Topics of interest include architectural support for authenticating devices and firmware, secure booting, secure firmware/software updates, secure execution environments, multi-party computation, information flow tracking, privacy protection, and acceleration of security primitives and protocols.

Also of interest are detection and mitigation of cache/memory side channels, covert channels, instruction-set architecture (ISA) to support security and privacy, identification/mitigation of security vulnerabilities in emerging technologies and paradigms, and hardware-assisted techniques for the security of systems including the Internet of Things (IoT) and software.

Hardware Security Design: Topics of interest include techniques for the development of secure and tamper-resistant hardware; identification, detection, and mitigation of Trojans; watermarking; side channel attacks; reverse engineering of hardware designs; and hardware obfuscation.

Also of interest are hardware implementations of cryptography, acceleration of security primitives, agile hardware implementations, modeling attacks and countermeasures, proximity verification, security metrics, trusted manufacturing, tamper proofing, and securing the hardware supply chain.

Human-Centric Computing: Topics of interest include the analysis, design, implementation, and evaluation of user-facing aspects of online systems that have significant privacy and security elements.

These include design research and needs analyses around applications, devices, and tools that help end users and other stakeholders accomplish privacy- and security-related goals; the application of data science and social science techniques and theories to the design of these tools; techniques focused on the security, privacy, and trust concerns that arise from the tools themselves, and the analysis and evaluation of their usability, utility, and effects around privacy and security at the level of individuals, dyads, groups, organizations, and societies.

Also of interest is research on access to and accessibility of security and privacy supporting technologies and interfaces for special populations, broadly construed as people or groups with diverse characteristics that might affect their cybersecurity risks and needs.

Information Integrity : Topics of interest include emerging threat models stemming from unverifiable information and information provenance; methods for detecting, countering, or mitigating information manipulation (e. g.

, altered, false, injected, and hidden content) and manipulators across media including text, audio, images, video, and virtual/augmented/mixed/extended reality; multimedia forensics; steganalysis; assessing, predicting, and demonstrating how people decide that information is trustworthy; studying and modeling the methods and motivations of actors in the creation, dissemination, consumption, sharing, and evolution of (mis/dis)information online; imbalance and polarization due to misinformation and/or lack of accountability; computational techniques, systems, and interfaces, and/or behavioral, social, or economic interventions for mitigating risks of manipulated information in specific domains, especially critical domains such as elections and voting, public health, and child safety where potential harm can be significant; and enhancing authenticity and trustworthy information and dissemination to prevent or mitigate harm in cyberspace as a whole.

Intrusion Detection: Topics of interest include detection of malicious attacks on systems, networks, datasets, algorithms, software, sensors, or other system-critical elements.

Also of interest are techniques for profiling normal or abnormal system behaviors, the role of human cognition in the detection of attacks, techniques for improving human usability of intrusion detection systems, metrics of attack severity or attacker effort, and methods for evaluating effectiveness of intrusion detection techniques. Mathematics and Statistics: SaTC encourages the participation of mathematical scientists.

Topics of interest include research on the mathematical foundations of cryptography, in particular, research into the questions arising out of the development of secure post-quantum cryptographic methods such as those based on lattices, codes, multivariate functions, and super-singular isogenies; cryptographically effective multi-linear maps; and novel applications of statistics and probability to security and privacy problems such as private information retrieval, information-theoretic privacy, intrusion detection and differential privacy.

Networking, Wired and Wireless: Topics of interest include research on communication and network system security, including but not limited to security and privacy for wireless systems; jamming attack and defense; security of fifth-generation ("5G") and beyond wireless networks; covert channel detection; anonymization and privacy methods; secure localization and location privacy; cross-layer methods for enhancing security and privacy; distributed denial-of-service (DDoS) attack and defense; key management and public key infrastructure (PKI) for networks; security and privacy in the home; enterprise, data center, edge, and cloud networks; software-defined networking (SDN); optical networks; Internet and IoT-scale networks; as well as security and privacy in mobile sensing systems, future Internet architectures and next-generation cellular networks, cognitive radio, and dynamic spectrum access systems.

Also of interest are anonymizing (e. g. , onion routing) networks, anti-censorship, network forensics, network risk management, network measurement and modeling for advancing security and privacy, and networked systems and mobile applications that rely on a secure communication substrate.

Research on analysis techniques and large-scale measurement of security and privacy concerns associated with social networking applications, tools, and infrastructures are also in scope. Social, Behavioral, and Economic Sciences: SaTC supports research on the ethical, political, legal, cultural, and societal dimensions of security and privacy.

Topics of interest include trolling and cyber-bullying, spamming, phishing, and ransoming cyber-crime and electronic markets for illegal activity, manipulations of polling and voting data, and other destructive behaviors and information; understanding fundamental social, economic, behavioral, and/or cognitive dimensions of privacy, security, and trustworthiness associated with creating, sharing, disseminating, and filtering of information; intended and unintended consequences of security or privacy practices and policies; predicting, understanding, and countering effective responses by individuals or organizations to misinformation and manipulation of online content and processes, and cyber-attacks and threats; cybersecurity organizational strategies including cyber insurance and risk management, investments, or governance; and risks and benefits for security, privacy, or trust arising from emerging online technologies and algorithms.

Approaches to these and other topics