CCSW 2021: The ACM Cloud Computing Security Workshop
in conjunction with the ACM Conference on Computer and Communications Security (CCS)

November 15, 7am-10:40am, 5pm-8:50pm Korea time (GMT+9)
First Part: 5:00-8:40pm EST on Sunday 14th
Second Part: 3:00-6:50am EST on Monday 15th
Seoul, Korea virtual online event

Clouds and massive-scale computing infrastructures are starting to dominate computing and will likely continue to do so for the foreseeable future. Major cloud operators are now comprising millions of cores hosting substantial fractions of corporate and government IT infrastructure. CCSW is the world's premier forum bringing together researchers and practitioners in all security aspects of cloud-centric and outsourced computing, including:
  • side channel attacks
  • practical cryptographic protocols for cloud security
  • secure cloud resource virtualization mechanisms
  • secure data management outsourcing (e.g., database as a service)
  • practical privacy and integrity mechanisms for outsourcing
  • foundations of cloud-centric threat models
  • secure computation outsourcing
  • remote attestation mechanisms in clouds
  • sandboxing and VM-based enforcements
  • trust and policy management in clouds
  • secure identity management mechanisms
  • new cloud-aware web service security paradigms and mechanisms
  • cloud-centric regulatory compliance issues and mechanisms
  • business and security risk models and clouds
  • cost and usability models and their interaction with security in clouds
  • scalability of security in global-size clouds
  • trusted computing technology and clouds
  • binary analysis of software for remote attestation and cloud protection
  • network security (DOS, IDS etc.) mechanisms for cloud contexts
  • security for emerging cloud programming models
  • energy/cost/efficiency of security in clouds
  • machine learning for cloud protection
CCSW especially encourages novel paradigms and controversial ideas that are not on the above list. The workshop has historically acted as a fertile ground for creative debate and interaction in security-sensitive areas of computing impacted by clouds.

Important Dates

Submissions due: August 8, 2021 July 27, 2021 (11:59pm anywhere in the world)
Author notification: on/about September 4, 2021
Camera-ready: on/about September 20, 2021
Workshop: November 15, 7am-10:40am, 5pm-8:50pm Korea time (GMT+9) (First Part: 5:00-8:40pm EST on Sunday 14th, Second Part: 3:00-6:50am EST on Monday 15th)


The submissions window is closed. For any related concerns please contact us by email at

CCSW is soliciting full papers of up to 12 pages which will be judged based on the quality per page. Thus, shorter, high-quality papers are encouraged, and papers may be perceived as too long if they are repetitive or verbose. Submissions must be single PDF files, no more than 12 pages long in double-column ACM format (the sigconf template from, with a simpler version at, excluding the bibliography, well-marked appendices, and supplementary material. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format. Submissions not following the required format may be rejected without review. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

Submissions must be anonymous, and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

One best paper award will be presented during the workshop.

Proposals for panels are also solicited. The proposals are to be concise, up to 2 pages in length, describe the handled topics, name potential panelists and briefly scope the panel for CCSW. Disruptive and controversial panels are particularly encouraged. Please submit your panel proposals as a PDF by email at

Papers can be accessed at
this link.

All times below are in Korea time November 15 (GMT+9)

7:00-7:10am Opening remarks (5pm EST, 11pm Amsterdam time on Nov 14th)


7:10-8:00am Keynote

Session Chair: Yinqian Zhang (Southern University of Science and Technology)

Guofei Gu (Department of Computer Science & Engineering at Texas A&M University):

"Programmable Security in the Age of Software-Defined Infrastructure"

Today's network and computing infrastructure rests on inadequate foundations. An emerging, promising new foundation for computing is software-defined infrastructure (SDI), which offers a range of technologies including: compute, storage, and network virtualization; novel separation of concerns at the systems level; and new approaches to system and device management. As a representative example of SDI, software-defined networking (SDN) is a new networking paradigm that decouples the control logic from the closed and proprietary implementations of traditional network data plane infrastructure. SDN is now becoming the networking foundation for cloud/data-center, future Internet and 5G infrastructures. We argue that we should leverage software-defined infrastructure to design new methodologies and principles to make security programmable. In this talk, I will discuss some new opportunities as well as challenges in this new direction, and demonstrate with case studies from our recent research results. Our vision is that future security will be programmable thus more intelligent and powerful to secure a software-defined world.


8:00-8:10am Break


8:10-9:30am Presentations accepted papers (4x 20min)

Session Chair: Guoxing Chen (Shanghai Jiao Tong University)

"Private Hierarchical Clustering and Efficient Approximation," Xianrui Meng (Amazon Web Services), Dimitrios Papadopoulos (Hong Kong University of Science and Technology), Alina Oprea (Northeastern University), Nikos Triandopoulos (Stevens Institute of Technology) - RUNNER UP FOR BEST PAPER AWARD

"Secure Featurization and Applications to Secure Phishing Detection," Akash Shah (Microsoft Research, India), Nishanth Chandran (Microsoft Research, India), Mesfin Dema (Microsoft Corporation), Divya Gupta (Microsoft Research), Arun Gururajan (Microsoft Corporation), Huan Yu (Microsoft Corporation)

"Privacy-enhanced OptiSwap," Sepideh Avizheh (University of Calgary), Preston Haffey (University of Calgary), Reihaneh Safavi-Naini (University of Calgary)

"Privacy-Preserving Randomized Controlled Trials: A Protocol for Industry Scale Deployment," Mahnush Movahedi (Facebook), Benjamin M. Case (Facebook), James Honaker (Facebook), Andrew Knox (Facebook), Li Li (Facebook), Yiming Paul Li (Facebook), Sanjay Saravanan (Facebook), Shubho Sengupta (Facebook), Erik Taubeneck (Facebook)


9:30-9:40am Break


9:40-10:30am Keynote

Session Chair: Marten van Dijk (Centrum Wiskunde & Informatica)

Orran Krieger (Department of Electrical and Computer Engineering at Boston University):

"Security in a Cloud Bazaar"

While cloud computing is transforming society, today's public clouds are black boxes, implemented and operated by a single provider that makes all business and technology decisions. In 2013 we launched the Mass Open Cloud (MOC) with the vision of creating a production cloud that would enable innovation by a broad industry and research community. This open cloud has become a laboratory for cloud research and innovation, resulting in hundreds of publications, contributions to open source software, and collaborations between researchers, open source developers, and production operations staff. Recently we launched the Open Research Cloud Initiative (ORCI) to provide a framework to coordinate the bazaar of interrelated projects and initiatives that have evolved since 2013, including the Red Hat Collaboratory@BU, Open Cloud Testbed (OCT), New England Research Cloud (NERC), Northeast Storage Exchange (NESE), Operate First, and OpenInfra Labs. With its launch, the MOC inspired and enabled research in cloud security. For example, the Modular Approach to Cloud Security (MACS) SaTC NSF frontier project, launched in 2014, brought together cryptographers, operating system, database and computer architecture researchers from BU, MIT, UConn and NEU. This security research resulted in new open-source software and products that are today enabling new services in the ORCI bazaar. This talk will discuss the ORCI cloud bazaar, some of the security research and projects it inspired, and some exciting new collaborations happening now to make the cloud both open and secure.


10:30-10:40am "Stay Tuned" remark


10:40am-5pm Break


5:00-5:10pm Opening remarks repeated (3am EST, 9am Amsterdam time on Nov 15th)


5:10-6:10pm Presentations accepted papers (3x 20min)

Session Chair: Dimitrios Papadopoulos (Hong Kong University of Science and Technology)

"m-Stability: Threshold Security Meets Transferable Utility," Osman Bicer (Koc University), Burcu Yildiz (Koc University), Alptekin Kupcu (Koc University)

"ACCO: Algebraic Computation with Comparison," Xiaoqi Duan (Tsinghua University), Vipul Goyal (CMU and NTT Research), Hanjun Li (University of Washington), Rafail Ostrovsky (UCLA), Antigoni Polychroniadou (J.P. Morgan AI Research), Yifan Song (CMU)

"ROSEN: RObust and SElective Non-repudiation (for TLS)," Srdjan Capkun (ETH Zurich), Ercan Ozturk (UC Irvine), Gene Tsudik (UC Irvine), Karl Wuest (ETH Zurich)


6:10-6:40pm Lightning talks (3x 10min)

Session Chair: Sisi Duan (Tsinghua University)

"Confidential Computing-Induced Privacy Benefits for the Bootstrapping of New Business Relationships," Jan Pennekamp (RWTH Aachen University), Frederik Fuhrmann (RWTH Aachen University) , Markus Dahlmanns (RWTH Aachen University), Timo Heutmann (Fraunhofer IPT), Alexander Kreppein (Fraunhofer IPT), Dennis Grunert (Fraunhofer IPT), Christoph Lange (Fraunhofer IPT & RWTH Aachen University), Robert H. Schmitt (Fraunhofer IPT & RWTH Aachen University), Klaus Wehrle (RWTH Aachen University)

"We Can Make Mistakes: Fault-tolerant Forward Private Verifiable Dynamic Searchable Symmetric Encryption," Dandan Yuan (The University of Auckland), Shujie Cui (Monash University), Giovanni Russello (The University of Auckland)

"SecuHub: Distributing Kernel-level Security Policies for Container Vulnerabilities Mitigation," Maxime Belair (Orange Labs, IMT Atlantique, LS2N), Sylvie Laniepce (Orange Labs), Jean Marc Menaud (IMT Atlantique, STACK, INRIA, LS2N)


6:40-6:50pm Break


6:50-7:50pm Presentations accepted papers (3x 20min)

Session Chair: Byoungyoung Lee (Seoul National University)

"Guardian: symbolic validation of orderliness in SGX enclaves," Pedro Antonino (The Blockhouse Technology Limited), A. W. Roscoe (The Blockhouse Technology Limited & University College Oxford Blockchain Research Centre & Department of Computer Science, Oxford University), Wojciech Woloszyn (The Blockhouse Technology Limited & Mathematical Institute, University of Oxford & St Hilda's College, Oxford)

"Live Migration of Operating System Containers in Secure Encrypted Virtual Machines," Joana Pecholt (Fraunhofer AISEC), Monika Huber (Fraunhofer AISEC), Sascha Wessel (Fraunhofer AISEC)

Automating Seccomp Filter Generation for Linux Applications," Claudio Canella (Graz University of Technology), Mario Werner (Graz University of Technology), Daniel Gruss (Graz University of Technology), Michael Schwarz (CISPA Helmholtz Center for Information Security) - BEST PAPER AWARD


7:50-8:40pm Keynote

Session Chair: Marten van Dijk (Centrum Wiskunde & Informatica)

Christian Banse (Fraunhofer Institute of Applied and Integrated Security AISEC)

"Data Sovereignty in the Cloud - Wishful Thinking or Reality?"

The idea of data sovereignty has been at the core of various research activities over the last years, especially in Europe. The topic gained additional traction through various regulations and initiatives such as the EU General Data Protection Regulation (GDPR), the European Cybersecurity Certification Scheme for Cloud Services (EUCS) and lastly, Gaia-X. While asserting digital control over your data is relatively easy in a closed ecosystem, such as your own on-premises or a community data space, it is infinitely more challenging in a public open ecosystem, such as the Cloud. On one hand, recent advantages in the field of confidential computing, such as the introduction of secure enclaves and encrypted virtual machine memory are promising new ways to enforce data sovereignty even in Cloud infrastructures. On the other hand, the mere existence of these techniques does not ensure an overall secure system, demonstrated by various flaws found in confidential computing techniques themselves, such as AMD SEV. So, the question remains if data sovereignty in the cloud is already reality or still wishful thinking? Keeping the requirements from initiatives such as Gaia-X and the EUCS in mind, this talk will explore what it means to achieve data sovereignty and security in the Cloud. It is important to understand, that it is not only necessary to implement appropriate security measures, but also (continuously) demonstrate the effectiveness of them. Therefore, this talk will show an overview of different technical means to leverage confidential computing for data sovereignty in the Cloud, especially using remote attestation and integrity verification. Furthermore, it will explore techniques to demonstrate the effectiveness of these measures with regards to regulation compliance. One such example is the MEDINA framework, which aims to continuously verify the requirements of EUCS and Gaia-X, both on the infrastructure as well as the application level in cloud systems.


8:40-8:50pm Closing remarks


Please register
here on the main CCS website.



Yinqian Zhang, Southern University of Science and Technology (SUSTech), China
Marten van Dijk, Centrum Wiskunde & Informatica (CWI), Netherlands


Nicolas Alhaddad, Boston University
Erik-Oliver Blass, AirBus
Bogdan Carbunar, FIU
Anrin Chakraborti, Duke University
Bala Chandrasekaran, Vrije Universiteit Amsterdam
Fei Chen, Shenzhen University
Guoxing Chen, Shanghai Jiao Tong University
Joel Coffman, United States Air Force Academy
Reza Curtmola, New Jersey Institue of Technology
Roberto DiPietro, HBKU College of Science and Engineering Doha-Qatar
Sisi Duan, Tsinghua University
Sotiris Ioannidis, Technical University of Crete
Chenglu Jin, CWI
Ghassan Karame, NEC Laboratories Europe
Stefan Katzenbeisser, University of Passau
Alptekin Kupcu, Koc University
Byoungyoung Lee, Seoul National University
Zhou Li, University of California, Irvine
Zhiqiang Lin, Ohio State University
Tarik Moataz, MongoDB
Dimitrios Papadopoulos, UST Hong Kong
Giuseppe Persiano, University of Salerno
Reza Rahaeimehr, University of Augusta
Uli Ruhrmair, LMU Munich & University of Connecticut
Ahmad Sadeghi, TU Darmstadt
Reihaneh Safavi-Naini, University of Calgary
Pierangela Samarati, Universita` degli Studi di Milano
Sean Smith, Dartmouth College
Anil Somayaji, Carleton University
Alin Tomescu, VMware Research
Nikos Triandopoulos, Stevens Institute of Technology
Alpa Trivedi, Intel
Katja Tuma, Vrije Universiteit Amsterdam
Leendert vanDoorn, Microsoft Azure
Mayank Varia, Boston University
Giorgos Vasiliadis, Foundation for Research and Technology - Hellas
Klaus von Gleissenthal, Vrije Universiteit Amsterdam
Charles Wright, Kombucha Digital Privacy Systems and Portland State University
Meng Yu , Roosevelt University
Yang Zhang, CISPA Helmholtz Center for Information Security
Xiaokuan Zhang, Ohio State University
Haibin Zhang, Shandong Institute of Blockchain
Michael Zohner, Hochschule Fulda


Srdjan Capkun, ETH Zurich
Emiliano De Cristofaro, University College London
Kristin Lauter, Facebook
Radu Sion, Stony Brook University (chair)
Yinqian Zhang, Ohio State University


Interested in sponsoring CCSW (this or next year)? Please
contact us directly.

Bronze Sponsors

© 2009-2021 NSAC Lab.

All Rights Reserved.