10th ACM Cyber-Physical System Security Workshop
(CPSS 2024)

held in conjunction with ACM AsiaCCS'24
Singapore, 2 July 2024


Dates | CFP | Organizers | Keynotes | Accepted Papers | Program | Registration | Venue | Contact | CPSS

Important Dates

1st Round Submissions Due:
Camera-ready Due:
15 January 2023 AoE
16 February 2024
16 April 2024
2nd Round Submissions Due:
Camera-ready Due:
18 25 February 2024 AoE (FIRM)
29 March 2024
16 April 2024
Workshop Date: 2 July 2024


17 Apr 2024: CPSS 2024 accepted papers are released now.
19 Feb 2024: The 2nd round submission deadline is extended by one week.
22 Jan 2024: The 2nd round submission link is up now.
12 Nov 2023: Keynote speakers confirmed.
24 Oct 2023: PC members confirmed.
12 Oct 2023: The submission link is up now and ready to accept submissions.
9 Sep 2023: The workshop website is up!


Call for Papers  

Cyber-Physical Systems (CPS) of interest to this workshop consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There exist a multitude of CPS devices and applications deployed to serve critical functions in our lives thus making security an important non-functional attribute of such systems. This workshop will provide a platform for professionals from academia, government, and industry to discuss novel ways to address the ever-present security challenges facing CPS. We seek submissions describing theoretical and practical solutions to security challenges in CPS. Submissions pertinent to the security of embedded systems, IoT, SCADA, smart grid, and other critical infrastructure are welcome. Topics of interest include, but are not limited to:

  • Attack detection for CPS
  • Authentication and access control for CPS
  • Autonomous vehicle security
  • Availability and auditing for CPS
  • Blockchain for CPS security
  • Data security and privacy for CPS
  • Deception Technologies for CPS
  • Digital twins/Cyber range for CPS security
  • Embedded systems security
  • Formal methods in CPS
  • Industrial control system security
  • IoT security
  • Legacy CPS system protection
  • Lightweight crypto and security
  • Maritime cyber security
  • Recovery from cyber attacks
  • Security and risk assessment for CPS
  • Security architectures for CPS
  • Security by design for CPS
  • Smart grid security
  • Threat modeling for CPS
  • Transportation system security
  • Vulnerability analysis for CPS
  • Wireless sensor network security

Submission Instructions

Paper submission link (2nd round): https://cpss2024.hotcrp.com/

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. The review process is double-blinded. The submitted PDF version should be anonymized. Submissions must be in double-column ACM SIG Proceedings format (See here), and should not exceed 12 pages. Position papers describing the work in progress and papers describing novel testbeds are also welcome. Only pdf files will be accepted. Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author of the paper must be registered at the appropriate conference rate. Accepted papers will be published in the ACM Digital Library. There will also be a best paper award.


Steering Committee
Dieter Gollmann (Hamburg University of Technology, Germany)
Ravishankar Iyer (UIUC, USA)
Douglas Jones (UIUC, USA)
Javier Lopez (University of Malaga, Spain)
Jianying Zhou (SUTD, Singapore) – Chair

Program Chairs
Jianying Zhou (SUTD, Singapore)
Sudipta Chattopadhyay (SUTD, Singapore)

Publication Chair
Awais Yousaf (SUTD, Singapore)

Publicity Chair
Daisuke Mashima (Illinois ARCS, Singapore)

Web Chair
Eyasu Getahun Chekole (SUTD, Singapore)

Program Committee
Mustafa Abdallah (Indiana University-Purdue University Indianapolis, USA)
Chuadhry Mujeeb Ahmed (Newcastle University, UK)
Cristina Alcaraz (University of Malaga, Spain)
Ahmed Amro (NTNU, Norway)
Daniele Antonioli (EURECOM, France)
Victor Bolbot (Aalto University, Finland)
Alessandro Brighente (University of Padova, Italy)
John H. Castellanos (CISPA, Germany)
Eyasu Getahun Chekole (SUTD, Singapore)
Binbin Chen (SUTD, Singapore)
Long Cheng (Clemson University, USA)
Anh Dinh (Deakin University, Australia)
Matheus Garbelini (SUTD, Singapore)
Dieter Gollmann (TUHH, Germany)
Monowar Hasan (Washington State University, USA)
Chenglu Jin (CWI Amsterdam, Netherlands)
Georgios Kavallieratos (NTNU, Norway)
Ernest Kurniawan (Institute for Infocomm Research, Singapore)
Mihalis Maniatakos (New York University Abu Dhabi, UAE)
Daisuke Mashima (Illinois ARCS, Singapore)
Weizhi Meng (Technical University of Denmark, Denmark)
Rodrigo Roman Castro (University of Malaga, Spain)
Ezekiel Soremekun (Royal Holloway, University of London, UK)
Minh-Thai Trinh (Illinois ARCS, Singapore)
Zheng Yang (Southwest University, China)
Awais Yousaf (SUTD, Singapore)
Leo Zhang (Griffith University, Australia)


   A tale of Two Industroyers: It was the Season of Darkness
   Alvaro Cardenas (University of California, Santa Cruz, USA)

In this talk, we discuss the first two known pieces of malware that attempted to create power grid blackouts. While previous research had described the malware at a high level, in this talk, we take a deep dive into the payload targetting the operational equipment of power grid networks. Our findings include new malware behavior that was not previously documented, the software bugs of the malware, and the evolution of attacks against the power grid in Ukraine. We end our talk by discussing how similar malware may evolve in the future and the risks they pose to the power grid.

About the speaker:
Alvaro A. Cardenas is an Associate Professor of Computer Science and Engineering at the University of California, Santa Cruz. Before joining UCSC he was the Eugene McDermott Associate Professor of Computer Science at the University of Texas at Dallas, a postdoctoral scholar at the University of California, Berkeley, and a research staff member at Fujitsu Laboratories. He holds M.S. and Ph.D. degrees from the University of Maryland, College Park, and a B.S. from Universidad de Los Andes in Colombia. His research interests focus on security and privacy of emerging technologies and cyber-physical systems, including autonomous vehicles, drones, and SCADA systems controlling the power grid and other critical infrastructures.

   Dissecting the software supply chain of modern industrial control systems
   Michail Maniatakos (New York University Abu Dhabi, UAE)

Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS. The evolution of ICS abstracting the control logic to a purely software level hosted on a generic OS, combined with hyperconnectivity and the integration of popular open source libraries providing advanced features, have expanded the ICS attack surface by increasing the entry points and by allowing traditional software vulnerabilities to be repurposed to the ICS domain. In this seminar, we will shed light to the security landscape of modern ICS, dissecting firmware from the dominant vendors and motivating the need of employing appropriate vulnerability assessment tools. We will present methodologies for blackbox fuzzing of modern ICS, both directly using the device and by using the development software. We will then proceed with methodologies on hotpatching, since ICS cannot be easily restarted in order to patch any discovered vulnerabilities. We will demonstrate our proposed methodologies on various critical infrastructure testbeds.

About the speaker:
Michail (Mihalis) Maniatakos is an Associate Professor of Electrical and Computer Engineering at New York University (NYU) Abu Dhabi, UAE, and a Research Associate Professor at the NYU Tandon School of Engineering, New York, USA. He is the director of the MoMA Laboratory, NYU Abu Dhabi. He received his Ph.D. in Electrical Engineering, as well as M.Sc., M.Phil. degrees from Yale University. He also received the B.Sc. and M.Sc. degrees in Computer Science and Embedded Systems, respectively, from the University of Piraeus, Greece. His research interests, funded by industrial partners, the US government, and the UAE government include privacy-preserving computation and industrial control systems security.

Accepted Papers

Air-Bus Hijacking: Silently Taking over Avionics Systems
Daniel Dorigatti (Zürcher Hochschule für Angewandte Wissenschaften, Switzerland); Martin Strohmeier (armasuisse Science + Technology, Switzerland); Stephan Neuhaus (Zürcher Hochschule für Angewandte Wissenschaften, Switzerland)

DRACE: A Framework for Evaluating Anomaly Detectors for Industrial Control Systems
Ivan Christian, Francisco Furtado, Aditya P. Mathur (iTrust, SUTD, Singapore)

SRI: A Simple Rule Induction Method for improving resiliency of DNN based IDS against adversarial and zero-day attacks
Anjanee Kumar, Tanmoy Kanti Das, Rajneesh Kumar Pandey (National Institute of Technology Raipur, India)

WaXAI: Explainable Anomaly Detection in Industrial Control Systems and Water Systems
Kornkamon Mathuros, Sarad Venugopalan, Sridhar Adepu (University of Bristol, UK)

Capture The Industrial Flag: Lessons from hosting an ICS cybersecurity exercise
Stanislav Abaimov, Joseph Gardiner, Emmanouil Samanis, Jacob Williams, Marios Samanis, Feras Shahbi, Awais Rashid (University of Bristol, UK)

K-RAPID: A Formal Executable Semantics of the RAPID Robot Programming Language
Zichen Wang, Jingyi Wang (Zhejiang University, China); Fu Song (Chinese Academy of Sciences & State Key Laboratory of Computer Science, China); Kun Wang, Hongyi Pu, Peng Cheng (Zhejiang University, China)

Building Detection-Resistant Reconnaissance Attacks Based on Adversarial Explainability
Mohammed M. Alani, Atefeh Mashatan, Ali Miri (Toronto Metropolitan University, Canada)

Mobile_FL : A streamlined FL framework for process optimisation via client clustering using rough c-means algorithm
Akarsh K Nair, Jayakrushna Sahoo (Indian Institute of Information Technology Kottayam, Kerala, India); Linga Reddy Cenkeramaddi (University of Agder Grimstad, Norway), Gaurav Jaswal (iHub - HCI Foundation, IIT Mandi Himachal Pradesh, India); Ebin Deni Raj (Indian Institute of Information Technology Kottayam, Kerala, India)

Pixel Complexity Sorting Embedding for Reversible Data Hiding Based on Elastic net Predictor
Haoyu Shen (East China Normal University & Shanghai International Studies University, China); Shuyuan Liu, Zhaoxia Yin (East China Normal University & Shanghai Key Laboratory of Multidimensional Information Processing, China)

X2065: Lightweight Key Exchange for the Internet of Things
Georgios Fotiadis, Johann Großschädl, Peter Ryan (Univeristy of Luxembourg, Luxembourg)




Email:   jianying_zhou@sutd.edu.sg and sudipta_chattopadhyay@sutd.edu.sg
CPSS Home:   http://jianying.space/cpss/

Updated: April 17, 2024