CPSIoTSec 2024
October 18th, 2024
Salt Lake City, U.S.A.
Queries: Kassem Fawaz, kfawaz[at]wisc.edu
The 6th Joint Workshop on
CPS & IoT Security and Privacy
In conjunction with the
ACM Conference on Computer and Communications Security 2024
Background
The Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec) is the result of the merger of the Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) and Workshop on the Internet of Things Security and Privacy (IoTS&P) previously organized annually in conjunction with ACM Conference on Computer and Communications Security.
Scope
The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2024) invites academia, industry, and governmental entities to submit:
- Original research papers on the security and privacy of CPS&IoT
- Systematization of Knowledge (SoK) papers on the security and privacy of CPS&IoT
- Demos (hands-on or videos) of testbeds/experiences of CPS&IoT security and privacy research
We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS&IoT, including but not limited to:
- Mathematical foundations for secure CPS/IoT
- Control-theoretic approaches
- High assurance security architectures
- Security and resilience metrics
- Metrics and risk assessment approaches
- Identity and access management
- Privacy and trust
- Network security
- Game theory applied to CPS/IoT security
- Human factors, humans in the loop, and usable security
- Understanding dependencies among security, reliability and safety in CPS/IoT
- Economics of security and privacy
- Intrusion and anomaly detection
- Model-based security systems engineering
- Sensor and actuator attacks
- CPS/IoT malware analysis
- CPS/IoT firmware analysis
- Hardware-assisted CPS/IoT security
Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS/IoT security and privacy. There will be a best paper award.
Program
| 9:00 - 10:30 | Session 1: Security in the Physical World | |
| Opening Remarks, Kassem Fawaz (University of Wisconsin-Madison) | ||
| Keynote: Physics and Security: Then and Now, Álvaro Cárdenas (University of California, Santa Cruz) Abstract: In this talk we will cover the state of Cyber-Physical Systems (CPS) security in 2007 and how it has evolved in almost two decades. In particular, attacks that were only hypothetical two decades ago have been developed and deployed by researchers and malicious foreign actors. To defend and anticipate future threats, our research community has adopted well-known models of the physical world to understand the risks of attacks, to detect attacks, and to recover from attacks. We will summarize these cases through examples from industrial control systems, the power grid, and autonomous vehicles. |
||
| ICSNet: A Hybrid-Interaction Honeynet for Industrial Control Systems. Luis Salazar (University of California Santa Cruz), Efrén López-Morales (Texas A&M University-Corpus Christi), Juan Lozano (UC Santa Cruz), Carlos Rubio-Medrano (Texas A&M University-Corpus Christi), Álvaro Cárdenas (University of California, Santa Cruz) | ||
| 10:30 - 11:00 | Morning Coffee Break | |
| 11:00 - 12:00 | Session 2: Developer and End User Engagement – Full Papers | |
| RTFM: How hard are IoT platform providers making it for their developers? Andy Baldrian (University of Bristol), Joseph Hallett (University of Bristol) | ||
| "If you build it, they will come" - A blueprint for ICS-focused Capture-The-Flag Competitions. Joseph Gardiner (University of Bristol), Stanislav Abaimov (University of Bristol), Jacob Williams (University of Bristol), Feras Shahbi (University of Bristol), Konstantinos Anastasakis (University of Bristol), Partha Das Chowdhury (University of Bristol), Winston Ellis (University of Bristol), Maria Sameen (University of Bristol), Emmanouil Samanis (University of Bristol), Awais Rashid (University of Bristol) | ||
| Transforming In-Vehicle Network Intrusion Detection: VAE-based Knowledge Distillation Meets Explainable AI. Muhammet Anıl Yağız (Clemson University and Kırıkkale University), Pedram MohajerAnsari (Clemson University), Mert D. Pesé (Clemson University), Polat Goktas (University College Dublin) | ||
| 12:00 - 13:30 | Lunch | |
| 13:30 - 15:00 | Session 3: Security and Privacy in Collaborative Systems – Short Papers | |
| Towards Linking Indicators of Compromise to Operational Resilience and Safety Requirements. Konstantinos Anastasakis (University of Bristol), Awais Rashid (University of Bristol) | ||
| Detecting Mobile Crowdsensing Sybil Attackers via Presence Verification. Cihan Eryonucu (KTH Royal Institute of Technology), Panos Papadimitratos (KTH Royal Institute of Technology) | ||
| Three Taps for Secure Machine-to-Machine Communication: Towards High Assurance yet Fully Local Machine Pairing. Sibylle Fröschle (Hamburg University of Technology), Martin Kubisch (Airbus CRT) | ||
| Detection of Wake Word Jamming. Prathyusha Sagi (University College Cork), Arun Sankar (South East Technological University), Utz Roedig (University College Cork) | ||
| Exploring Usability of Data Flow Visualizations in a Privacy-focused Smart Home Dashboard.Brennan Vanden Bos (Western Washington University), Victor Calzada (Western Washington University), Raghav Puri (Woodinville High School), Shrirang Mare (Western Washington University) | ||
| Stealthy Data Fabrication in Collaborative Vehicular Perception. Qingzhao Zhang (University of Michigan), Morley Mao (University of Michigan and Google) | ||
| 15:00 - 15:30 | Afternoon Coffee Break | |
| 15:30 - 17:00 | Session 4: Detection in Critical Systems – Full Papers | |
| IntelliMD: A Hybrid Approach for Local Misbehaviour Detection in Cooperative Intelligent Transport Systems. Mohamed Ahzam Amanullah (Deakin University), Mohan Baruwal Chhetri (CSIRO's Data61), Seng W. Loke (Deakin University), Robin Doss (Deakin University) | ||
| BT²X: Multi-Leveled Binary Transparency to Protect the Software Supply Chain of Operational Technology. Michael P. Heinl (Technical University of Munich / Fraunhofer AISEC / Munich University of Applied Sciences HM), Victor Embacher (Technical University of Munich / Fraunhofer AISEC) | ||
| EmbedWatch: Fat Pointer Solution for Detecting Spatial Memory Errors in Embedded Systems. Davide Rusconi (University of Milan), Matteo Zoia (University of Milan), Luca Buccioli (University of Milan), Fabio Pierazzi (King's College London), Danilo Bruschi (University of Milan), Lorenzo Cavallaro (University College London), Flavio Toffalini (EPFL), Andrea Lanzi (University of Milan) | ||
| An Intelligent Hierarchical Framework for Efficient Fault Detection and Diagnosis in Nuclear Power Plants. Jean C Tonday Rodriguez (Florida International University), David Perry (Florida International University), Mohammad Ashiqur Rahman (Florida International University), Syed Alam (University of Illinois Urbana-Champaign) | ||
| 17:00 - 17:30 | Session 5: Wrap-up | |
| Finish best paper voting process | ||
| Best paper announcement, Closing Remarks (Kassem Fawaz) | ||
Submission Guidelines
Submissions include long papers (12 pages), short papers (6 pages), or 1-page abstracts:
- Long papers include a) Original research on a CPS/IoT security and privacy topic, b) Systematization of Knowledge of CPS/IoT security and privacy;
- Short papers include original work-in-progress research on a CPS/IoT security and privacy topic;
- 1-page abstracts include demos/interesting findings/insights on CPS/IoT security and privacy, which will be accompanied by a hands-on demo during the workshop.
Submitted papers can be up to 12 or 6 pages excluding appendices and references, and should provide enough details to enable reproducibility. All submitted papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references, for double blind reviews. Submissions must use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template, with a simpler version here: https://github.com/acmccs/format). Only PDF files will be accepted.
Accepted papers will be published by the ACM Press and/or the ACM Digital Library. We expect all authors to consider diversity and inclusion, especially when preparing their own submission (see https://www.acm.org/diversity-inclusion/about). Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by a registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.
- Paper Submission Site: https://cpsiotsec24.hotcrp.com/
Important Dates
- Submission deadline:
June 25, 2024 (23:59 Anywhere on Earth)July, 18 AoE (firm) - Notification of acceptance/rejection (tentative): Aug 12, 2024
- Deadline for submission of camera-ready papers: Aug 29, 2024
- Workshop date: October 18th, 2024
Program Chairs
- Magnus Almgren, Chalmers University of Technology, Sweden
- Kassem M. Fawaz, University of Wisconsin, USA
Technical Program Committee
- Alessandro Brighente, University of Padua
- Amir Rahmati, Stony Brook University
- Awais Rashid, University of Bristol
- Cristina Alcaraz, University of Malaga
- Gang Tan, Penn State
- George Stergiopoulos, University of the Aegean
- Gerhard Hancke, City University of Hong Kong
- Habiba Farrukh, Purdue University
- Kassem Fawaz, University of Wisconsin-Madison
- Le Guan, University of Georgia
- Luis Garcia, University of Utah
- Luis Salazar, UC Santa Cruz
- Magnus Almgren, Chalmers University of Technology
- Marina Krotofil, MaK security
- Marios Anagnostopoulos, Aalborg University
- Mauro Conti, University of Padua
- Mikael Asplund, Linköping University
- Monowar Hasan, Washington State University
- Muslum Ozgur Ozmen, Purdue University & Arizona State University
- Nils Ole, Tippenhauer, CISPA Helmholtz Center for Information Security
- Pablo Picazo-Sanchez, Halmstad University. Halmstad. Sweden
- Peng Liu, The Pennsylvania State University
- Rishabh Khandelwal, University of Wisconsin-Madison
- Sachin Kumar, Singh University of Utah
- Saman Zonouz, Georgia Institute of Technology
- Sara Rampazzi, University of Florida
- Shimaa Ahmed, Visa Research
- Sokratis Katsikas, Norwegian University of Science & Technology
- Sridhar Adepu, University of Bristol
- Stefano Longari, Politecnico di Milano
- Vasileios Gkioulos, Norwegian University of Science and Technology
- Weizhi Meng, Technical University of Denmark
- Yongkai Fan, State Key Laboratory of Media Convergence and Communication, China University of Communication
- Yuqing Zhang, National Computer Network Intrusion Protection Center, University of Chinese Academy of Sciences
Steering Committee
- Rakesh Bobba, Oregon State University
- Alvaro Cardenas, University of California, Santa Cruz
- Peng Liu, Penn State University
- Sibin Mohan, University of Illinois at Urbana-Champaign
- Awais Rashid, University of Bristol
- Gang Tan, Penn State University
- Nils Ole Tippenhauer, CISPA
- Roshan Thomas, MITRE
- Yuqing Zhang, University of CAS
Publicity Chair
- Pablo Picazo-Sanchez, Halmstad University
- Masoom Rabbani, COSIC, KU Leuven, Belgium