The workshop is co-located with the 11th IEEE European Symposium on Security and Privacy (EuroS&P 2026).

Overview

The increasing reliance on identity management systems in key sectors such as healthcare, finance, and public administration has made them a critical component of digital infrastructures. However, as the adoption of identity management solutions expands, it brings forth a growing need to assess and manage the security and risks associated with these systems. Addressing the complex and evolving security and privacy threats to identity management requires not only a deep understanding of potential vulnerabilities but also the development of advanced risk assessment techniques.

This workshop aims at exploring security and risk assessment in identity management systems, by investigating how to evaluate the security posture of identity solutions, assess risks, identify suitable security controls together with privacy enhancing techniques, and ensure compliance with regulations. Through peer-reviewed research papers, live demonstrations of tools, and expert keynote sessions, it will provide a unique venue to discuss the latest trends and innovations to make identity management infrastructures more resilient and supporting fundamental rights and freedom.

Topics of Interest

We encourage submissions on a range of topics related to the security and risk assessment applied to identity management, including but not limited to:

• Case Studies in Secure Identity Management
• Formal Verification of Identity Management Protocols
• Risk Assessment Methodologies and Strategies
• Security Metrics for Identity Systems
• Specification Languages for Automated Analysis
• Threat Modeling and Vulnerability Assessment
• Tools for Security Analysis

Submission Guidelines

Submitted manuscripts must present original research that does not substantially overlap with any previously published work or submissions under consideration by other venues.

Submissions must be in English and provided in PDF format, following the IEEE conference proceedings format. They will be categorized into (page limits exclude references and well-marked appendices):

• Regular Papers: full-length research papers (up to 10 pages).
• Short Papers: research papers presenting preliminary results (up to 6 pages).
• Tool Papers: description of tools or practical implementations (up to 4 pages). They will be presented in a Demo Session, where attendees can see live demonstrations of the tools.

Submissions must be made through the EasyChair conference management system.

Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing their identity in the text. Authors should also take care in not including acknowledgments that help identify them (e.g., funding information, names of colleagues who gave feedback on the paper). When referring to your previous work, do so in the third person, as though it were written by someone else. Any source code or other material (e.g., data sets) which requires hosting must use anonymous services. This explicitly excludes hosting on GitHub or Google Drive (which could leak reviewer identities). Instead, authors are encouraged to use services such as Anonymous GitHub.

Failure to comply with the above requirements may result in rejection without review.

Please note that at least one author of each accepted paper must register for the workshop and present the paper in person.

Workshop Proceedings

All accepted papers (regular, short and tool) will be included in the workshop proceedings. Specifically, they will be published in a volume within IEEE Xplore, accompanying the main proceedings of IEEE EuroS&P 2026.

Important Dates

All deadlines are 11:59 PM Anywhere on Earth.

• Paper Submission: March 1, 2026
• Notification to Authors: April 3, 2026
• Camera Ready: April 16, 2026
• Workshop: July 10, 2026

Committees

General Co-Chairs

• Riccardo Focardi (Ca' Foscari University of Venice)
• Silvio Ranise (Fondazione Bruno Kessler and University of Trento)

Program Co-Chairs

• Flaminia Luccio (Ca' Foscari University of Venice)
• Giada Sciarretta (Fondazione Bruno Kessler)

Organization Co-Chairs

• Matteo Busi (Ca' Foscari University of Venice)
• Marco Pernpruner (Fondazione Bruno Kessler)

Program Committee

• Under definition.

Proactive Prevention of Harm

We expect authors to carefully consider and address the potential harms associated with carrying out their research, as well as the potential negative consequences that could stem from publishing their work. Failure to adequately discuss such potential harms within the body of the submission may result in rejection of a submission, regardless of its quality and scientific value.

Open Science Expectations

As for the main conference, our expectation for SeRIM is that researchers will maximize the scientific and community value of their work by making it as open as possible. This means that, by default, all of the code, data, and other materials (such as survey instruments) needed to reproduce your work described in an accepted paper will be released publicly under an open source license. Sometimes it is not possible to share work this openly, such as when it involves malware samples, data from human subjects that must be protected, or proprietary data obtained under agreement that precludes publishing the data itself. All submissions are encouraged to include a clear statement on Data Availability that explains how the artifacts needed to reproduce their work will be shared, or an explanation of why they will not be shared. If data reproducibility is required for significant contributions of the work and the authors do not explain reproducibility and/or share the artifacts, papers that fail to satisfy these commitments may be removed from the workshop.

AI Guidelines

The use of AI-generated content (including but not limited to text, figures, images, and code) shall be disclosed in the acknowledgments section. At the time of submission, the acknowledgments do not count towards the page limit. The AI system used shall be identified, and specific sections of the article that use AI-generated content shall be identified and accompanied by a brief explanation regarding the level at which the AI system was used to generate the content.

The use of AI systems for editing and grammar enhancement is common practice and, as such, is generally outside the intent of the above policy. In this case, disclosure as noted above is not required, but recommended.

To uphold the highest standards of integrity and confidentiality, the use of generative AI for paper reviews is expressly prohibited.