CPS-SPC 2019

ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC)
In Conjunction with the ACM Conference on Computer and Communications Security (CCS)
November 11 2019, London, UK

Status: Sandro Etalle confirmed as keynote speaker. Preliminary program published, 9/26 submitted papers are accepted. We are on twitter now: @acm_cpsspc


CPS-SPC aims to be the premier workshop for research on security of Cyber-Physical Systems (such as medical devices, manufacturing and industrial control, robotics and autonomous vehicles). In 2019, the workshop will run for the fifth time, co-located with CCS. We seek original research papers from interdisciplinary backgrounds, tackling security and privacy issues in Cyber-Physical Systems.

More info on previous iterations

Call for Papers (PDF)

Cyber-Physical Systems (CPS) integrate computing and communication capabilities with monitoring and control of entities in the physical world. These systems are usually composed of a set of networked agents, including sensors, actuators, control processing units, and communication devices. While some forms of CPS are already in use, the widespread growth of wireless embedded sensors and actuators is creating several new applications in areas such as medical devices, autonomous vehicles, and smart infrastructure, and is increasing the role that the information infrastructure plays in existing control systems such as in the process control industry or the power grid.

Many CPS applications are safety-critical: their failure can cause irreparable harm to the physical system under control, and to the people who depend, use or operate it. In particular, critical cyber-physical infrastructures such as electric power generation, transmission and distribution grids, oil and natural gas systems, water and waste-water treatment plants, and transportation networks play a fundamental and large-scale role in our society. Their disruption can have a significant impact on individuals, and nations at large. Securing these CPS infrastructures is, therefore, vitally important.

Similarly because many CPS systems collect sensor data non-intrusively, users of these systems are often unaware of their exposure. Therefore, in addition to security, CPS systems must be designed with privacy considerations. To address these issues, we invite original research papers on the security and privacy of Cyber-Physical Systems. We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS, including but not limited to:

  • mathematical foundations for secure CPS
  • control theoretic approaches to secure CPS
  • high assurance security architectures for CPS
  • security and resilience metrics for CPS
  • metrics and risk assessment approaches for CPS
  • privacy in CPS
  • network security for CPS
  • game theory applied to CPS security
  • security of embedded systems, IoT and real-time systems in the context of CPS
  • human factors and humans in the loop, and usable security
  • understanding dependencies among security, reliability and safety in CPS
  • economics of security and privacy in CPS
  • intrusion detection in CPS
  • model-based security systems engineering
  • experimental insights from real-world CPS or CPS testbeds

CPS domains of interest include but are not limited to:

  • health care and medical devices
  • manufacturing
  • industrial control systems
  • SCADA systems
  • Robotics
  • smart building environments
  • unmanned aerial vehicles (UAVs)
  • autonomous vehicles
  • transportation systems and networks

Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS security and privacy. There will be a best paper award.

Submission Instructions

Submitted papers can be up to 12 pages including appendices and references. Submissions must be written in English, and use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template. Note: CPS-SPC is not double-blinded, please remove the anonymous argument from the documentclass specification in the template. Only PDF files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Accepted papers will be published by the ACM Press and/or the ACM Digital Library.

Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by one registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

Important Dates

  • Paper Submission Deadline: June 21st June 28th, 2019 (23:59 Anywhere on Earth time)
  • Notification of Acceptance/Rejection: Aug 7, 2019
  • Camera Ready Papers Due: August 30, 2019 (hard deadline, see notification mails)


Steering Committee

  • Rakesh Bobba, Oregon State University, USA
  • Alvaro Cardenas, University of Texas at Dallas, USA
  • Roshan Thomas, MITRE Corporation
  • Awais Rashid, University of Bristol, UK

Program Chairs

Technical Program Committee

  • Cristina Alcaraz, University of Malaga, Spain
  • Magnus Almgren, Chalmers Univ., Sweden
  • Pauline Anthonysamy, Google, Switzerland
  • Rakesh Bobba, Oregon State Univ., USA
  • Ferdinand Brasser, TU Darmstadt
  • Alvaro Cardenas, UT Dallas, USA
  • Marco Caselli, Siemens AG, Germany
  • Nora Cuppens, IMT Atlantique, France
  • Benjamin Green, Lancaster, UK
  • Gerhard Hancke, City University of Hong Kong, Hong Kong
  • Katharina Krombholz,CISPA, Germany
  • Marina Krotofil, BASF, Germany
  • Emil Lupu, Imperial College, UK
  • Michail (Mihalis) Maniatakos, NYU-Abu Dhabi, UAE
  • Aditya Mathur, SUTD, Singapore
  • Stefan Nürnberger, CISPA, Germany
  • Awais Rashid, University of Bristol, UK
  • Eyal Ronen, Tel Aviv University and KU Leuven, Israel/Belgium
  • Asaf Shabtai, Ben-Gurion University, Israel
  • Claire Vishik, Intel, US
  • Stefano Zanero, Politecnico di Milano, Italy
  • Jianying Zhou, SUTD, Singapore
  • Saman Zonouz, Rutgers University, USA

Keynote: Network Monitoring of Industrial Control Systems: the lessons of SecurityMatters

Sandro Etalle, TU Eindhoven

Abstract: Established in 2009 in the Netherlands as a University spin-off by an professor and two PhD students, SecurityMatters was acquired in 2018 by the American ForeScout Technologies Inc. (NASDAQ:FCST). SecurityMatters was the pioneer of a new way of realizing network monitoring for cybersecurity that proved very successful in the Critical Infrastructure domain (Oil and Gas, Power Generation, Energy Distribution etc.). Besides a success story, SecurityMatters has also represented an enormous learning experience, also from the technical viewpoint, allowing to benchmark different approaches against reality. In this lecture, one of the founders of SecurityMatters will give his unsweetened opinion regarding what works and what does not work, when it comes to network monitoring, and why.

Bio: Sandro Etalle is an entrepreneur and a full professor and head of the Security group at the TU Eindhoven. He earned his PhD at the University of Amsterdam (1995). Before switching to the academic career he was co-founder of two Italian technology companies; TecLogic and ICON (www.icon.it). In 2009, Etalle founded SecurityMatters (www.secmatters.com) together with PhD students D. Bolzoni and E. Zambon. At SecurityMatters Etalle served as CEO for over 4 years and as Chairman of the Board until the exit. SecurityMatters factually changed the way of monitoring Industrial Systems and maintaining a leadership position in its segment. At the TU Eindhoven, Etalle leads the TU/e Security and Embedded Networked Systems section, counting over 40 employees, and the Security group, which is part of it. Beyond the TU/e, Etalle is visiting professor at the University of Trento and lecturer at the Bologna Business School.


List of accepted papers (assuming currently shepherded papers are accepted)

  • Characterizing background noise in ICS traffic through a set of low interaction honeypots, Pietro Ferretti (Politecnico di Milano); Marcello Pogliani (Politecnico di Milano); Stefano Zanero (Politecnico di Milano)
  • Controller Area Network Intrusion Prevention System Leveraging Fault Recovery, Habeeb Olufowobi (Howard University); Sena Hounsinou (Howard University); Gedare Bloom (University of Colorado Colorado Springs)
  • CopyCAN: An Error-Handling Protocol based Intrusion Detection System for Controller Area Network, Stefano Longari (Politecnico di Milano); Matteo Penco, (Politecnico di Milano); Michele Carminati (Politecnico di Milano); Stefano Zanero (Politecnico di Milano)
  • Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective, Jan Pennekamp (RWTH Aachen University); Martin Henze (Fraunhofer); Simo Schmidt (RWTH Aachen University); Philipp Niemietz (RWTH Aachen University); Marcel Fey (RWTH Aachen University); Daniel Trauth (RWTH Aachen University); Thomas Bergs (RWTH Aachen University); Christian Brecher (RWTH Aachen University); Klaus Wehrle (RWTH Aachen University)
  • Enhancing the Resiliency of Cyber-Physical Systems with Software-Defined Networks, Luis Salazar (University of California, Santa Cruz); Alvaro Cárdenas (University of California, Santa Cruz))
  • Oops I Did it Again: Further Adventures in the Land of ICS Security Testbeds, Joseph Gardiner (University of Bristol); Barnaby Craggs (University of Bristol); Benjamin Green (Lancaster University); Awais Rashid (University of Bristol)
  • Security Analysis of Radar Systems, Shai Cohen (Ben-Gurion University); Tomer Gluck (Ben-Gurion University); Asaf Shabtai (Ben-Gurion University); Yuval Elovici (Ben-Gurion University)
  • Security Implications of Implementing Multistate Distance-Bounding Protocols, Jingyi Zhang (City University of Hong Kong); Anjia Yang (Jinan University); Qiao Hu (Hunan University); Gerhard Petrus Hancke (City University of Hong Kong)
  • The Leaky Actuator: A provably-covert channel in CyberPhysical System, Yehonatan Kfir (Bar Ilan University); Amir Herzberg (University of Connecticut, USA)


CCS will be held in London, at the Hilton Metropole. Registration details will be provided on the main conference site


Contact the workshop chairs at contact@cps-spc.org