Conference Description
Key Takeaways
- Annual academic symposium dedicated to theoretical and foundational computer security research
- Core topics include formal verification, cryptographic protocols, access control, information flow and language-based security
- Designed for academic researchers, PhD students, security theorists and professionals working in formal methods
- Colocated with FLOC 2026 in Lisbon, Portugal, from 26–29 July 2026
- Sponsored by the IEEE Computer Society’s Technical Committee on Security and Privacy
Introduction
The IEEE Computer Security Foundations Symposium (CSF 2026) returns for its annual gathering of researchers working at the intersection of formal methods and computer security. Taking place in Lisbon, Portugal, from 26–29 July 2026, the symposium provides a dedicated venue for presenting and scrutinising the theoretical frameworks that underpin secure computing systems. As security threats grow more sophisticated and regulatory requirements demand provable assurances, the rigorous approaches championed at CSF have become increasingly relevant to both academic inquiry and the broader security landscape.
A Long-Standing Forum for Foundational Security Research
Established in 1988, CSF has built a reputation as one of the premier venues for foundational security research. The symposium has historically served as the platform where many seminal security papers and techniques first appeared, contributing lasting concepts to the field. Unlike industry conferences that emphasise practical implementation or commercial solutions, CSF maintains a distinctive focus on theoretical rigour and formal analysis.
The 2026 edition will be colocated with FLOC 2026, the Federated Logic Conference, which brings together multiple symposia concerned with logic and its applications in computer science. This colocation creates opportunities for cross-pollination between security researchers and the broader logic and verification community, reflecting the deep connections between formal methods and security foundations.
Core Research Areas and Discussion Topics
The symposium’s technical programme spans the breadth of foundational security research. Access control remains a central concern, examining how systems can formally specify and enforce policies governing resource access. Closely related is work on information flow, which addresses how data moves through systems and whether sensitive information can leak through unintended channels.
Research on covert channels investigates the subtle ways information can be transmitted outside normal communication mechanisms, a problem that has grown more complex as systems have become more interconnected. Cryptographic protocol analysis applies formal methods to verify that security protocols achieve their intended properties, detecting flaws that might otherwise remain hidden until exploited.
Language-based security represents another significant thread, exploring how programming language design and type systems can provide security guarantees by construction. This approach shifts security enforcement from runtime mechanisms to compile-time verification, potentially eliminating entire classes of vulnerabilities. Related work on verification techniques develops the mathematical tools needed to prove security properties hold across complex systems.
The programme also encompasses database security, examining formal models for protecting data at rest and controlling query access, alongside research on authorization and trust frameworks that reason about delegation and credential management. Work on integrity and availability models extends beyond confidentiality to address the full spectrum of security properties that systems must maintain.
The Role of Formal Methods in Modern Security
Formal methods provide mathematical techniques for specifying, developing and verifying systems. In security contexts, these approaches offer something that testing and code review cannot: the ability to prove that certain properties hold under all possible conditions, not merely the conditions that happened to be tested. This distinction matters enormously when adversaries actively seek edge cases and unexpected behaviours.
The application of formal methods to security has matured considerably since CSF’s founding. Early work focused on relatively abstract models, but contemporary research increasingly addresses realistic systems and protocols. Verified cryptographic implementations, formally specified access control policies and provably secure protocol designs have moved from academic curiosities toward practical deployment, though significant gaps remain between theoretical results and widespread adoption.
CSF serves as the venue where these advances are first presented and debated. The symposium’s emphasis on rigour ensures that claimed results receive careful scrutiny, while its focus on foundations encourages work that may take years to influence practice but ultimately shapes how the field understands security.
Programme Format and Scholarly Exchange
CSF 2026 follows the traditional academic symposium format, featuring peer-reviewed paper presentations, panel discussions and poster sessions. The paper presentations form the core of the programme, with accepted works undergoing rigorous review by programme committee members expert in the relevant areas. Panel sessions provide opportunities to discuss emerging challenges and research directions, while poster sessions allow for more informal exchange around work in progress.
This format prioritises depth over breadth. Rather than surveying the security landscape broadly, CSF concentrates on work that advances fundamental understanding. Attendees can expect technically demanding presentations that assume familiarity with formal methods and security theory.
Who Should Attend
The symposium primarily serves the academic security research community. University faculty working on security foundations will find CSF essential for staying current with theoretical advances and connecting with collaborators. PhD students researching formal methods, verification or security theory benefit from exposure to leading work and the opportunity to present their own research to expert audiences.
Research scientists at industrial laboratories with theoretical security programmes also form part of the CSF community, as do members of technical committees concerned with security standards and privacy. The common thread among attendees is an interest in rigorous, formal approaches to security problems rather than purely empirical or applied work.
Those seeking practical security guidance, product comparisons or implementation tutorials will find CSF less directly applicable to their needs. The symposium’s value lies in advancing the theoretical foundations that eventually inform practical security work, rather than providing immediately deployable solutions.
Advancing the Science of Security
CSF addresses a fundamental challenge in computer security: developing the theoretical frameworks needed to reason precisely about security properties. Without such frameworks, security arguments remain informal and incomplete, vulnerable to overlooked assumptions and subtle flaws. The symposium’s sustained focus on foundations has contributed substantially to the field’s ability to make and verify security claims with mathematical confidence.
As computing systems grow more complex and security failures carry greater consequences, the importance of foundational work only increases. CSF 2026 continues a nearly four-decade tradition of advancing the scientific understanding of security, providing a venue where the theoretical tools needed for tomorrow’s secure systems are developed and refined today.

