CODASPY 2026 is the 16th ACM Conference on Data and Application Security and Privacy.
Data and applications security and privacy has rapidly expanded as a research field with many important challenges to be addressed. The goal of the ACM Conference on Data and Applications Security (CODASPY) is to discuss novel, exciting research topics in data and application security and privacy, and to lay out directions for further research and development in this area.

The conference seeks submissions from diverse communities, including corporate and academic researchers, open-source projects, standardization bodies, governments, system and security administrators, software engineers and application domain experts. Topics of interest include, but are not limited to:
* Access control for applications
* Access control for databases
* Application-layer security policies
* Artificial intelligence / machine learning for security
* Data-dissemination controls
* Data forensics
* Data leak detection and prevention
* Enforcement-layer security policies
* Privacy-preserving techniques
* Private information retrieval
* Search on protected/encrypted data
* Secure auditing
* Secure collaboration
* Secure data provenance
* Secure electronic commerce
* Secure information sharing
* Secure knowledge management
* Secure multiparty computation
* Secure software development
* Securing data/apps on untrusted platforms
* Securing the semantic web
* Security and privacy in GIS/spatial data
* Security and privacy in healthcare
* Security and privacy in the Internet of Things
* Security policies for databases
* Social computing security and privacy
* Social networking security and privacy
* Trust metrics for applications, data, and users
* Trustworthy artificial intelligence / machine learning
* Usable security and privacy
* Web application security

CODASPY 2026 will also feature a dataset and tool paper track, which will provide a unique venue for researchers and practitioners to make available and citable their work done to achieve datasets or tools relevant in the security and privacy domain. Papers accepted in this track have to describe the available datasets or reporting on the design and implementation of application security and privacy tools. Dataset/tool papers are limited to 6 pages.


Instructions for Research Paper Authors
Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed.

Submissions must be at most 12 pages in double-column ACM "sigconf" format (as specified at ACM Proceedings Template). Submissions must be anonymized and avoid obvious self-references. Only PDF files will be accepted. Submissions not meeting these guidelines will be rejected without review.

Submissions should be made electronically at https://codaspy26.hotcrp.com


Instructions for Dataset/Tool Paper Authors
Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed.

Submissions must be at most 6 pages in double-column ACM "sigconf" format (as specified at ACM Proceedings Template) and must include "Data/Toolset paper" as a subtitle. Submissions must be anonymized and avoid obvious self-references. Only PDF files will be accepted. Submissions not meeting these guidelines will be rejected without review.

Submissions should be made electronically at https://codaspy26.hotcrp.com


Additional Submission Instructions
Note that, for both research papers and dataset/tool papers, the page limits above include the main body and references. Submissions can also include up to 2 additional pages of appendices. The appendices should only be used to add information that might help reviewers, such as additional figures/tables/proofs/etc. They are not compulsory reading for reviewers, so the paper should be self-contained and understandable without appendices.

By submitting your article to an ACM Publication, you are hereby acknowledging that you and your co-authors are subject to all ACM Publications Policies, including ACM's new Publications Policy on Research Involving Human Participants and Subjects. Alleged violations of this policy or any ACM Publications Policy will be investigated by ACM and may result in a full retraction of your paper, in addition to other potential penalties, as per ACM Publications Policy.

Please ensure that you and your co-authors obtain an ORCID ID, so you can complete the publishing process for your accepted paper. ACM has been involved in ORCID from the start and we have recently made a commitment to collect ORCID IDs from all of our published authors. We are committed to improve author discoverability, ensure proper attribution and contribute to ongoing community efforts around name normalization; your ORCID ID will help in these efforts.


Ethics and Open Science Statements
Authors submitting to CODASPY 2026 are highly encouraged to include Ethics and Open Science statements in their submissions. The ethics statement should discuss ethical aspects of the work, including but not limited to real-world implications of the research on system and user security as well as measures that the authors have taken to ensure ethical conduct throughout their work (e.g., responsible disclosure and review of research protocols by ethics boards). The open science statement should describe how the authors intend to enable future research to build on their work and facilitate reproducibility (e.g., by open-sourcing code and data with clear instructions to recreate key results from the paper). Each of these statements may be added as an unnumbered section (i.e., \section*{Ethics Statement} and \section*{Open Science Statement}), after the references, at the beginning of the appendix. Note that these statements are not mandatory, but they can help address certain concerns reviewers and readers might have, such as ones concerning research integrity or other violations of ACM’s policies.


Important Dates
* Abstract submission deadline: December 12, 2025
* Research paper submission deadline: December 19, 2025
* Dataset/tool paper submission deadline: December 19, 2025
* Rebuttal phase: February 18-20, 2026
* Notification to authors: February 27, 2026
* Camera-ready deadline (for accepted papers): March 13, 2026

All dates are Anywhere on Earth (AoE).


Organization
Program Co-Chairs
* Mahmood Sharif, Tel Aviv University, Israel
* Jaideep Vaidya, Rutgers University, USA

General Chair
* Haya Schulmann, Goethe-Universität Frankfurt | National Research Center for Applied Cybersecurity ATHENE, Germany