CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). In 2018, the workshop will run for the fourth time, co-located with CCS. We seek original research papers from interdisciplinary backgrounds, tackling security and privacy issues in Cyber-Physical Systems.
More info on previous iterations
Call for Papers
Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.
Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control, and to the people who depend, use or operate it. In particular, critical cyber-physical infrastructures such as electric power generation, transmission and distribution grids, oil and natural gas systems, water and waste-water treatment plants, and transportation networks play a fundamental and large-scale role in our society. Their disruption can have a significant impact on individuals, and nations at large. Securing these CPS infrastructures is, therefore, vitally important.
Similarly because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore, in addition to security, CPS systems must be designed with privacy considerations. To address these issues, we invite original research papers on the security and/or privacy of Cyber-Physical Systems. We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS, including but not limited to:
- mathematical foundations for secure CPS
- control theoretic approaches to secure CPS
- high assurance security architectures for CPS
- security and resilience metrics for CPS
- metrics and risk assessment approaches for CPS
- privacy in CPS
- network security for CPS
- game theory applied to CPS security
- security of embedded systems, IoT and real-time systems in the context of CPS
- human factors and humans in the loop
- understanding dependencies among security, reliability and safety in CPS
- economics of security and privacy in CPS
- intrusion detection in CPS
- model-based security systems engineering
- experimental insights from real-world CPS or CPS testbeds
CPS domains of interest include but are not limited to:
- health care and medical devices
- industrial control systems
- SCADA systems
- smart building environments
- unmanned aerial vehicles (UAVs)
- autonomous vehicles
- transportation systems and networks
Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS security and privacy.
Submitted papers can be up to 12 pages including appendices and references. Submissions must be written in English, and use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template, with a simpler version here: https://github.com/acmccs/format). Note: CPS-SPC is not double-blinded, please remove the anonymous argument from the documentclass specification in the template. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.
Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.
- Paper Submission Deadline:
July 1July 8, 2018 (23:59 Anywhere on Earth time)
- Notification of Acceptance/Rejection:
July 30Aug 5, 2018
- Camera Ready Papers Due: August 22, 2018 (hard deadline, see notification mails)
- Rakesh Bobba, Oregon State University, USA
- Alvaro Cardenas, University of Texas at Dallas, USA
- Roshan Thomas, MITRE Corporation
Technical Program Committee
- Cristina Alcaraz, University of Malaga, Spain
- Magnus Almgren, Chalmers Univ., Sweden
- Pauline Anthonysamy, Google, Switzerland
- Raheem Beyah, Georgia Tech., USA
- Rakesh Bobba, Oregon State Univ., USA
- Alvaro Cardenas, UT Dallas, USA
- Nora Cuppens, IMT Atlantique, France
- Simon Foley, IMT-Atlantique, France
- Sylvain Frey, Google DeepMind,
- Benjamin Green, Lancaster, UK
- Gerhard Hancke, City University of Hong Kong, Hong Kong
- Marina Krotofil, FireEye, USA
- Emil Lupu, Imperial College, UK
- Michail (Mihalis) Maniatakos, NYU-Abu Dhabi, UAE
- Daisuke Mashima, ADSC, Singapore
- Aditya Mathur, SUTD, Singapore
- Katerina Mitrokotsa, Chalmers University of Technology, Sweden
- Martín Ochoa, Universidad del Rosario, Colombia
- Chris Poskitt , SUTD, Singapore
- Jose M. Such, King's College, UK
- Claire Vishik, Intel, USA
- Avishai Wool, Tel Aviv Univ., Israel
- Stefano Zanero, Politecnico di Milano, Italy
- Jianying Zhou, SUTD, Singapore
- Quanyan Zhu, NYU, USA
- Saman Zonouz, Rutgers Univ., USA
Best Paper Award
In 2018, we selected a best paper for the first time. The TPC awarded the following paper: Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control. Jed Liu, Joe Corbett-Davies, Andrew Ferraiuolo, Alexander Ivanov, Mulong Luo, G. Edward Suh, Andrew C. Myers, and Mark Campbell (Cornell University, USA). Congratulatuions to the authors!
Keynote: Coping with tensions between security and safety in simple IoT/CPS devices
Abstract: Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover's memory and/or storage, which can be harmful to the device's safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. This talk identifies some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. It also overviews some mitigation techniques, including periodic self-measurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms.
Joint work with N. Rattanavipanon, I. Oliveira Nunes, K. Eldefrawy, X. Carpent and A. Sadeghi.
Bio: Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, a fellow of ACM, IEEE and AAAS, as well as a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper.
|7h30||Registration (Prefunction B) / Breakfast (Ballroom)||-|
|9h15||Session 1: Keynote Chair: Awais Rashid|
|10h45||Session 2: Intrusion and Anomaly detection Chair: Alvaro Cardenas||
|13h45||Session 3: Security and Safety Analysis Chair: Simon Foley||
|15h45||Session 4: Industrial Control and SCADA Systems Chair: Rakesh Bobba||
|17h15||Closing and Final Remarks||-|
Contact the workshop chairs at email@example.com