CPS-SPC 2018

ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)
In Conjunction with the ACM Conference on Computer and Communications Security (CCS)
October 19 2018, Toronto, Canada

Status: 2019 edition of CPS-SPC was announced: link


CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). In 2018, the workshop will run for the fourth time, co-located with CCS. We seek original research papers from interdisciplinary backgrounds, tackling security and privacy issues in Cyber-Physical Systems.

More info on previous iterations

Call for Papers

Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control, and to the people who depend, use or operate it. In particular, critical cyber-physical infrastructures such as electric power generation, transmission and distribution grids, oil and natural gas systems, water and waste-water treatment plants, and transportation networks play a fundamental and large-scale role in our society. Their disruption can have a significant impact on individuals, and nations at large. Securing these CPS infrastructures is, therefore, vitally important.

Similarly because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore, in addition to security, CPS systems must be designed with privacy considerations. To address these issues, we invite original research papers on the security and/or privacy of Cyber-Physical Systems. We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS, including but not limited to:

  • mathematical foundations for secure CPS
  • control theoretic approaches to secure CPS
  • high assurance security architectures for CPS
  • security and resilience metrics for CPS
  • metrics and risk assessment approaches for CPS
  • privacy in CPS
  • network security for CPS
  • game theory applied to CPS security
  • security of embedded systems, IoT and real-time systems in the context of CPS
  • human factors and humans in the loop
  • understanding dependencies among security, reliability and safety in CPS
  • economics of security and privacy in CPS
  • intrusion detection in CPS
  • model-based security systems engineering
  • experimental insights from real-world CPS or CPS testbeds

CPS domains of interest include but are not limited to:

  • health care and medical devices
  • manufacturing
  • industrial control systems
  • SCADA systems
  • Robotics
  • smart building environments
  • unmanned aerial vehicles (UAVs)
  • autonomous vehicles
  • transportation systems and networks

Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS security and privacy.

Submission Instructions

Submitted papers can be up to 12 pages including appendices and references. Submissions must be written in English, and use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template, with a simpler version here: https://github.com/acmccs/format). Note: CPS-SPC is not double-blinded, please remove the anonymous argument from the documentclass specification in the template. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

Important Dates

  • Paper Submission Deadline: July 1 July 8, 2018 (23:59 Anywhere on Earth time)
  • Notification of Acceptance/Rejection: July 30 Aug 5, 2018
  • Camera Ready Papers Due: August 22, 2018 (hard deadline, see notification mails)


Steering Committee

  • Rakesh Bobba, Oregon State University, USA
  • Alvaro Cardenas, University of Texas at Dallas, USA
  • Roshan Thomas, MITRE Corporation

Program Chairs

Technical Program Committee

  • Cristina Alcaraz, University of Malaga, Spain
  • Magnus Almgren, Chalmers Univ., Sweden
  • Pauline Anthonysamy, Google, Switzerland
  • Raheem Beyah, Georgia Tech., USA
  • Rakesh Bobba, Oregon State Univ., USA
  • Alvaro Cardenas, UT Dallas, USA
  • Nora Cuppens, IMT Atlantique, France
  • Simon Foley, IMT-Atlantique, France
  • Sylvain Frey, Google DeepMind,
  • Benjamin Green, Lancaster, UK
  • Gerhard Hancke, City University of Hong Kong, Hong Kong
  • Marina Krotofil, FireEye, USA
  • Emil Lupu, Imperial College, UK
  • Michail (Mihalis) Maniatakos, NYU-Abu Dhabi, UAE
  • Daisuke Mashima, ADSC, Singapore
  • Aditya Mathur, SUTD, Singapore
  • Katerina Mitrokotsa, Chalmers University of Technology, Sweden
  • Martín Ochoa, Universidad del Rosario, Colombia
  • Chris Poskitt , SUTD, Singapore
  • Jose M. Such, King's College, UK
  • Claire Vishik, Intel, USA
  • Avishai Wool, Tel Aviv Univ., Israel
  • Stefano Zanero, Politecnico di Milano, Italy
  • Jianying Zhou, SUTD, Singapore
  • Quanyan Zhu, NYU, USA
  • Saman Zonouz, Rutgers Univ., USA

Best Paper Award

In 2018, we selected a best paper for the first time. The TPC awarded the following paper: Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control. Jed Liu, Joe Corbett-Davies, Andrew Ferraiuolo, Alexander Ivanov, Mulong Luo, G. Edward Suh, Andrew C. Myers, and Mark Campbell (Cornell University, USA). Congratulatuions to the authors!

Keynote: Coping with tensions between security and safety in simple IoT/CPS devices

Gene Tsudik, UC Irvine (slides)

Abstract: Remote attestation (RA) is a means of malware detection, typically realized as an interaction between a trusted verifier and a potentially compromised remote device (prover). RA is especially relevant for low-end embedded devices that are incapable of protecting themselves against malware infection. Most current RA techniques require on-demand and uninterruptible (atomic) operation. The former fails to detect transient malware that enters and leaves between successive RA instances; the latter involves performing potentially time-consuming computation over prover's memory and/or storage, which can be harmful to the device's safety-critical functionality and general availability. However, relaxing either on-demand or atomic RA operation is tricky and prone to vulnerabilities. This talk identifies some issues that arise in reconciling requirements of safety-critical operation with those of secure remote attestation, including detection of transient and self-relocating malware. It also overviews some mitigation techniques, including periodic self-measurements as well as interruptible attestation modality that involves shuffled memory traversals and various memory locking mechanisms.

Joint work with N. Rattanavipanon, I. Oliveira Nunes, K. Eldefrawy, X. Carpent and A. Sadeghi.

Bio: Gene Tsudik is a Chancellor's Professor of Computer Science at the University of California, Irvine (UCI). He obtained his PhD in Computer Science from USC in 1991. Before coming to UCI in 2000, he was at IBM Zurich Research Laboratory (1991-1996) and USC/ISI (1996-2000). His research interests include many topics in security, privacy and applied cryptography. Gene Tsudik is a Fulbright Scholar, a fellow of ACM, IEEE and AAAS, as well as a foreign member of Academia Europaea. From 2009 to 2015 he served as Editor-in-Chief of ACM Transactions on Information and Systems Security (TISSEC, renamed to TOPS in 2016). Gene was the recipient of 2017 ACM SIGSAC Outstanding Contribution Award. He is also the author of the first crypto-poem published as a refereed paper.


Time Slot Description
7h30 Registration (Prefunction B) / Breakfast (Ballroom) -
9h00 Welcome -
9h15 Session 1: Keynote Chair: Awais Rashid
  • Coping with tensions between security and safety in simple IoT/CPS devices. Gene Tsudik (UC Irvine, USA), details, (slides)
10h15 Coffee-break -
10h45 Session 2: Intrusion and Anomaly detection Chair: Alvaro Cardenas
  • Detecting Cyberattacks in Industrial Control Systems Using Convolutional Neural Networks. Moshe Kravchik, and Asaf Shabtai (Ben-Gurion University, Israel)
  • Learning Based Anomaly Detection for Industrial Arm Applications. Vedanth Narayanan and Rakesh Bobba (Oregon State University, USA)
  • CORGIDS: A Correlation-based Generic Intrusion Detection System. Ekta Aggarwal, Mehdi Karimibiuki, Karthik Pattabiraman, and Andre Ivanov (University of British Columbia, Canada), (slides)
12h15 Lunch (Ballroom) -
13h45 Session 3: Security and Safety Analysis Chair: Simon Foley
  • Secure Autonomous Cyber-Physical Systems Through Verifiable Information Flow Control. Jed Liu, Joe Corbett-Davies, Andrew Ferraiuolo, Alexander Ivanov, Mulong Luo, G. Edward Suh, Andrew C. Myers, and Mark Campbell (Cornell University, USA), (slides)
  • Statistical Model Checking of Distance Fraud Attacks on the Hancke-Kuhn Family of Protocols. Musab A. Alturki (King Fahd University of Petroleum and Minerals, Saudi Arabia), Max Kanovich (University College London, UK), Tajana Ban Kirigin (University of Rijeka, Croatia), Vivek Nigam (Universidade Federal da Paraíba, Brazil), Andre Scedrov (University of Pennsylvania, USA), and Carolyn Talcott (SRI International, USA)
  • A Specification-based State Replication Approach for Digital Twins. Matthias Eckhart (Vienna University of Technology, Austria) and Andreas Ekelhart (SBA Research, Austria)
15h15 Coffee-break -
15h45 Session 4: Industrial Control and SCADA Systems Chair: Rakesh Bobba
  • High-Performance Unsupervised Anomaly Detection for Cyber-Physical System Networks. Peter Schneider and Konstantin Böttinger (Fraunhofer, Germany), (slides)
  • (Short) Temporal Phase Shifts In SCADA Networks. Chen Markman, and Avishai Wool (Tel Aviv University, Israel); Alvaro Cardenas (University of Texas at Dallas, USA)
  • ACE: Advanced CIP Evaluator. Kiel Gordon, Matthew Davis, Zachary Birnbaum (Johns Hopkins University Applied Physics Laboratory, USA); and Andrey Dolgikh (Binghamton University, USA)
  • (Short) Science hackathons for cyber-physical system security research: Putting CPS testbed platforms to good use. Simon Foley, Fabien Autrel, Edwin Bourget, Thomas Cledel, Stephane Gruenwald (IMT Atlantique, France), Jose Rubio Hernan (Telecom SudParis, France), Alexandre Kabil, Raphael Larsen, Vivien Rooney, and Kristen Vanhulst (IMT Atlantique, France), (slides)
17h15 Closing and Final Remarks -


CCS will be held in Toronto, at the Beanfield Centre. Registration details will be provided on the main conference site


Contact the workshop chairs at contact@cps-spc.org