2nd ACM Cyber-Physical System Security Workshop
(CPSS 2016)

held in conjunction with ACM AsiaCCS'16
Xi’an, China – May 30, 2016.

Dates | CFP | Organizers | Submission | Registration | Program | Keynotes | Case Study | Venue | Contact | CPSS

Important Dates

Submissions Due:
Camera-ready Due:
 Jan 13, 2016 (firm deadline)
 Feb 26, 2016
 March 15, 2016
 May 30, 2016

Call for Papers  

Cyber-Physical Systems (CPS) consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There are a multitude of CPS devices and applications being deployed to serve critical functions in our lives. The security of CPS becomes extremely important. This workshop will provide a platform for professionals from academia, government, and industry to discuss how to address the increasing security challenges facing CPS. Besides invited talks, we also seek novel submissions describing theoretical and practical security solutions to CPS. Papers that are pertinent to the security of embedded systems, SCADA, smart grid, and critical infrastructure networks are all welcome, especially in the domains of energy and transportation. Topics of interest include, but are not limited to:

  • Adaptive attack mitigation for CPS
  • Authentication and access control for CPS
  • Availability, recovery and auditing for CPS
  • Data security and privacy for CPS
  • Embedded systems security
  • EV charging system security
  • Intrusion detection for CPS
  • IoT security
  • Key management in CPS
  • Legacy CPS system protection
  • Lightweight crypto and security
  • SCADA security
  • Security of industrial control systems
  • Smart grid security
  • Threat modeling for CPS
  • Urban transportation system security
  • Vulnerability analysis for CPS
  • Wireless sensor network security

Submission Instructions

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymized (i.e., papers should not contain author names or affiliations, or obvious citations). Submissions must be in double-column ACM SIG Proceedings format, and should not exceed 12 pages. Position papers and short papers of 5 pages describing the work in progress are also welcome. Only pdf files will be accepted. Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author of the paper must be registered at the appropriate conference rate. Accepted papers will be published in the ACM Digital Library. There will also be a best paper award.

Paper submission site: https://easychair.org/conferences/?conf=cpss2016.


Steering Committee
Dieter Gollmann (Hamburg University of Technology, Germany)
Ravishankar Iyer (UIUC, USA)
Douglas Jones (ADSC, Singapore)
Javier Lopez (University of Malaga, Spain)
Jianying Zhou (I2R, Singapore) – Chair

Program Chairs
Jianying Zhou (I2R, Singapore)
Javier Lopez (University of Malaga, Spain)

Publicity Chair
Cristina Alcaraz (University of Malaga, Spain)

Publication Chair
Ying Qiu (I2R, Singapore)

Program Committee  
Cristina Alcaraz (University of Malaga, Spain)
Raheem Beyah (Georgia Tech, USA)
Levente Buttyan (BME, Hungary)
Alvaro Cardenas (UT Dallas, USA)
Aldar Chan (ASTRI, HK)
Binbin Chen (ADSC, Singapore)
Songqing Chen (George Mason University, USA)
Richard Chow (Intel, USA)
Mauro Conti (University of Padua, Italy)
Miguel Correia (University of Lisbon, Portugal)
Roy Dong (UC Berkeley, USA)
Xinshu Dong (ADSC, Singapore)
Aurelien Francillon (EURECOM, France)
Adrian Gheorghe (Old Dominion University, USA)
Dieter Gollmann (Hamburg Uni of Tech, Germany)
Felix Gomez-Marmol (NEC Labs, Germany)
Huaqun Guo (I2R, Singapore)
Adam Hahn (Washington State University, USA)
Bernhard Hämmerli (HSLU & ACRIS GmbH, Switzerland)
Jin Han (Twitter, USA)
Jinguang Han (NUFE, China)
Feng Hao (Newcastle University, UK)
Ravishankar Iyer (UIUC, USA)
Douglas Jones (ADSC, Singapore)
Zbigniew Kalbarczyk (UIUC, USA)
Frank Kargl (University of Ulm, Germany)
Sokratis Katsikas (Gjøvik University College, Norway)
Shinsaku Kiyomoto (KDDI R&D Labs, Japan)
Marina Krotofil (Hamburg Uni of Tech, Germany)
Alptekin Küpçü (Koç University, Turkey)
Miroslaw Kutylowski (Wroclaw Uni of Tech, Poland)
Jason Larson (IOActive, USA)
Xiapu Luo (Hong Kong Polytechnic University, HK)
Ivan Martinovic (University of Oxford, UK)
Weizhi Meng (I2R, Singapore)
Chris Mitchell (RHUL, UK)
Philippe Owezarski (LAAS-CNRS, France)
Michael Papay (Northrop Grumman, USA)
Jonathan Petit (University College Cork, Ireland)
Axel Poschmann (NXP, Germany)
Lillian J. Ratliff (UC Berkeley, USA)
Erich Rome (Fraunhofer-IAIS, Germany)
Roberto Setola (Università CAMPUS, Italy)
Christoph Schmittner (AIT, Austria)
Martin Strohmeier (University of Oxford, UK)
Nils Kalstad Svendsen (Gjøvik Uni College, Norway)
Tsuyoshi Takagi (Kyushu University, Japan)
Rui Tan (NTU, Singapore)
Juan Tapiador (Uni Carlos III de Madrid, Spain)
Nils Ole Tippenhauer (SUTD, Singapore)
Long Wang (IBM Research, USA)
Weiguo Wang (Thales, Singapore)
Jia Xu (I2R, Singapore)
Qiang Yan (Google, Switzerland)
Yanjiang Yang (I2R, Singapore)
David Yau (SUTD, Singapore)
Siu-Ming Yiu (University of Hong Kong, HK)
Ye Zhang (Google, USA)
Peng Zhou (Shanghai University, China)
Wanlei Zhou (Deakin University, Australia)

Workshop Program

09:00 – 09:10 Workshop Opening
09:10 – 10:10
Keynote 1 - Session Chair: Jianying Zhou
Risk Assessment of Cyber Access to Physical Infrastructure in Cyber-Physical Systems
Prof. David M. Nicol (University of Illinois at Urbana-Champaign, USA)
10:10 – 11:00
11:00 – 12:00
Session 1: Threat Modelling and Vulnerability Analysis for CPS
Session Chair: David M. Nicol

  • A Risk Assessment Framework for Automotive Embedded Systems
    Mafijul Islam, Aljoscha Lautenbach, Christian Sandberg and Tomas Olovsson.
  • Bypassing Parity Protected Cryptography using Laser Fault Injection in Cyber-Physical System
    Wei He, Jakub Breier, Shivam Bhasin and Anupam Chattopadhyay.
12:00 – 13:30
13:30 – 14:30
Keynote 2 - Session Chair: Jianying Zhou
N-Version Obfuscation
Prof. Michael R. Lyu (Chinese University of Hong Kong, China)
14:30 – 15:30
Session 2: Intrusion Detection for CPS
Session Chair: Miroslaw Kutylowski
  • Behaviour-Based Attack Detection and Classification in Cyber Physical Systems Using Machine Learning
    Khurum Nazir Junejo and Jonathan Goh.
  • Exploiting Bro for Intrusion Detection in a SCADA system
    Robert Udd, Mikael Asplund, Simin Nadjm-Tehrani, Mehrdad Kazemtabrizi and Mathias Ekstedt.
15:30 – 15:50
15:50 – 16:50
Session 3: Availability and Privacy for CPS
Session Chair: Michael R. Lyu
  • A Simulation Study on Smart Grid Resilience under Software-Defined Networking Controller Failures
    Uttam Gosh, Xinshu Dong, Rui Tan, Zbigniew Kalbarczyk, David K. Y. Yau and Ravishankar K. Iyer.
  • BES - Differentially Private and Distributed Event Aggregation in Advanced Metering Infrastructures
    Vincenzo Gulisano, Valentin Tudor, Magnus Almgren and Marina Papatriantafilou.
16:50 – 17:50
Session 4: Embedded Systems Security
Session Chair: Jinguang Han
  • Binding Hardware and Software to Prevent Firmware Modification and Device Counterfeiting
    Robert Lee, Konstantinos Markantonakis and Raja Naeem Akram.
  • Enhancing TPM Security by Integrating SRAM PUFs Technology
    Dong Li, Huaqun Guo and Jia Xu.
17:50 – 18:00
Closing and Best Paper Award


Risk Assessment of Cyber Access to Physical Infrastructure in Cyber-Physical Systems
Prof. David M. Nicol (University of Illinois at Urbana-Champaign, USA)

Networks of computational devices are used increasingly to construct cyber-physical systems (CPS) that monitor and control significant physical infrastructures such as the electric grid, water supply systems, gas pipelines, maritime systems, etc. Reliance on these devices increases the means by which failure and/or malfeasance can adversely impact the integrity and operations of the infrastructure. A pressing question then asks how one can assess the risk to the infrastructure -- or to the services it provides -- through compromise of the cyber component of a CPS. This talk describes a method of coupling a quantitative analysis of how attackers can reach the physical system through compromising a cyber-network with a quantitative analysis of the impacts that cyber-based attacks may have on the physical system. The combined analysis lays a basis for risk assessment of cyber-physical systems to cyber-attack

About the speaker:
David M. Nicol is the Franklin W. Woeltge Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign (UIUC), and Director of the Information Trust Institute (iti.illinois.edu). He is PI for two recently awarded national centers for infrastructure resilience: the DHS-funded Critical Infrastructure Reliance Institute (ciri.illinois.edu), and the DoE funded Cyber Resilient Energy Delivery Consortium (cred-c.org). Prior to joining UIUC in 2003, he served on the faculties of the Computer Science Department at Dartmouth College (1996-2003), and before that the College of William and Mary (1987-1996). His research interests include trust analysis of networks and software, analytic modeling, and parallelized discrete-event simulation, research which has lead to the founding of startup company Network Perception, and election as Fellow of the IEEE and Fellow of the ACM. He is the inaugural recipient of the ACM SIGSIM Outstanding Contributions award, and co-author of the widely used undergraduate textbook "Discrete-Event Systems Simulation". He received the M.S. (1983) and Ph.D. (1985) degrees in computer science from the University of Virginia, and the B.A. degree in mathematics (1979) from Carleton College.

N-Version Obfuscation
Prof. Michael R. Lyu (Chinese University of Hong Kong, China)

Software plays a key role in cyber-physical systems. Once their software integrity has been violated, cyber-physical systems would suffer security issues (e.g., system failures, backdoor attacks) because of executing unexpected instructions. Existing software integrity protection approaches for cyber-physical systems can be classified into circuit-assisted approach, and pure software approach. A circuit-assisted approach is known to be more secure, but it does not have general applicability. In fact, more and more cyber-physical systems are built upon open hardware architectures and operating systems, such as smartphones. These systems cannot rely on specific hardware to provide security due to usability constraints. Pure software approach is thus desired for these application scenarios. Obfuscation and self-checksumming are the two major tamper-resistant approaches that do not rely on circuits. However, none of them can achieve theoretically tamper-proof, as Collberg said, “Given enough time, effort and determination, a competent programmer will always be able to reverse engineer any application.” Recent investigations have made much theoretical progress that supports Collberg’s claim, e.g., Barak et al. have proved that obfuscation cannot achieve black-box security for some programs; Appel has proved that the hardness of de-obfuscation is NP-easy. Their results discourage researchers towards finding novel trustworthy obfuscation approaches, whose security strength can be guaranteed or quantified.

In this talk, we will first discuss several software threats faced by cyber-physical systems, and then introduce a new tamper-resistance idea, namely N-version obfuscation (NVO). Rather than proposing new tricks against tampering attack, NVO focuses on impeding the replication of software tampering via program diversification, and thus poses a scalability barrier against the attacks. We propose a general framework for NVO, together with the associated mechanism, for a candidate solution to achieve integrity of cyber-physical systems. Implementation considerations, together with some preliminary results, will also be presented.

About the speaker:
Michael Rung-Tsong Lyu is a Professor of Computer Science and Engineering Department at the Chinese University of Hong Kong. He worked at the Jet Propulsion Laboratory, the University of Iowa, Bellcore, and Bell Laboratories. Dr. Lyu is an international expert in the area of software reliability engineering and software fault tolerance. His research interests lie in software engineering, dependable computing, distributed systems, cloud computing, services computing, big data analytics, and machine learning. He has participated in more than 30 industrial projects in these areas, and helped to develop many commercial systems and software tools. In addition, Dr. Lyu has published 500 refereed journal and conference papers in his research areas. He also co-edited two books on software reliability that have received enthusiastic responses from both academia and industry. Dr. Lyu was elected Fellow of the Institute of Electrical and Electronics Engineers (IEEE) in 2004 and Fellow of the American Association for the Advancement of Science (AAAS) in 2007. He was also named Croucher Senior Research Fellow in 2008 and IEEE Reliability Society Engineer of the Year in 2010. He became Fellow of the Association for Computing Machinery (ACM) in 2016.

Case Study Projects

  1. SecUTS: A Cyber-Physical Approach to Securing Urban Transportation Systems
  2. Towards a Resilient Smart Power Grid: A Testbed for Design, Analysis, and Validation of Power Grid Systems
        (If you have any relevant case study projects to be listed, please let us know.)


E-mail: cpss2016@easychair.org

Updated: December 1, 2015