SafeThings 2024

IEEE/ACM Workshop on the Internet of Safe Things

Co-located with Oakland 2024 »

May 23rd, 2024

The Internet of Things has become increasingly popular and innovative. With the rise of connected devices, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. IoT based cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems and the larger number of attack vectors on these systems. These safety risks can arise in the context of use of medical devices, smart home appliance control, autonomous vehicle and intelligent transportation designs, or conflicts in policy execution at a societal scale.

The Workshop on the Internet of Safe Things seeks to bring together researchers to create solutions for the development of safe cyber-physical systems. As safety is inherently linked with the security and privacy of a system, we also seek contributions in these areas that address safety concerns. We seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.

We seek contributions across domains - autonomous vehicles, smart homes, medical devices, smart grid, intelligent transportation; and across disciplines - systems, control, human-computer interaction, security, reliability, machine learning, and verification

Important Dates


Paper Submission Deadline January 22nd, 2024 (AoE, UTC-12) February 16th, 2024 (AoE, UTC-12)
Acceptance Notification March 8th, 2024 March 15th, 2024
Camera-ready Submission Deadline March 14thMarch 26th, 2024 (AoE, UTC-12)
Workshop May 23rd, 2024

Program


08:45 AM - 09:00 AM | Opening remarks, logistics and acknowledgments
Program Committee
09:00 AM - 10:00 AM | Keynote Talk
10:00 AM - 10:40 AM | Break
10:40 AM - 12:00 PM | SESSION 1: Defenses for Things (20 min each: 15 min presentation + 5 min Q&A)

Chair: Atefeh Mohseni Ejiyeh (UC Santa Barbara)
PrivacyOracle: Configuring Sensor Privacy Firewalls with Large Language Models in Smart Built Environments
Brian Wang (UCLA); Mani Srivastava (UCLA and Amazon); Luis Garcia (University of Utah)

Device Discovery in the Smart Home Environment
Mounib Khanafer (American University of Kuwait); Logan Kostick (Johns Hopkins University); Chixiang Wang (Dartmouth College); Wondimu Zegeye (Morgan State University); Weijia He (Dartmouth College); Berkay Kaplan (University of Illinois, Urbana-Champaign); Nurzaman Ahmed, David Kotz, Timothy J. Pierson (Dartmouth College)

PUF-based Authentication in IoT against Strong Physical Adversary using Zero-Knowledge Proofs
Lukas Petzi, Alexandra Dmitrienko (University of Wuerzburg); Ivan Visconti (University of Salerno)

Towards Cyber-Physical Representation and Cyber-Resilience Against Attack and Failure within a Hydraulic Network Simulation Toolkit
Sean Otoole, Hoda Mehrpouyan (Boise State University)

12:00 PM - 01:00 PM | Lunch
01:00 PM - 01:30 PM | Lunch & Posters
01:30 PM - 02:30 PM | SESSION 2: Side and Covert Channels (20 min each: 15 min presentation + 5 min Q&A)

Chair: Chair: Hyungsub Kim (Purdue University)
SideGuard: Non-Invasive On-Chip Malware Detection in Heterogeneous IoT Systems by Leveraging Side-Channels
Fatemeh Arkannezhad, Pooya Aghanoury, Justin Feng, Hossein Khalili, Nader Sehatbakhsh (UCLA)

Covert Timing Channel Attack on OPC UA-based Industrial Control Systems
Erkin Kirdan, Karl Waedt (Framatome)

Virtual Keymysteries Unveiled: Detecting Keystrokes in VR with External Side-Channels
Hossein Khalili, Alexander Chen, Theodoros Papaiakovou, Timothy Jacques, Hao-Jen Chien (UCLA); Changwei Liu, Aolin Ding, Amin Hass (Accenture); Saman Zonouz (Georgia Tech); Nader Sehatbakhsh (UCLA)

02:30 PM - 03:10 PM | Break
03:10 AM - 04:30 PM | SESSION 3: Attacks on Things (20 min each: 15 min presentation + 5 min Q&A)

Chair: Kaushal Kafle (William & Mary)
Intercepting Bluetooth Traffic from Wearable Health Devices
Qi Liu, Yizhe Zhang, Yixin Sun (University of Virginia)

Security Analysis of Wearable Smart Health Devices and Their Companion Apps
Daniel Timko, Mike Sharko, Yanyan Li (California State University San Marcos)

Seamlessly Insecure: Uncovering Outsider Access Risks in AiDot-Controlled Matter Devices
Narmeen Shafqat, Aanjhan Ranganathan (Northeastern University)

Adversarial 3D Virtual Patches using Integrated Gradients
Chengzeng You, Zhongyuan Hau (Imperial College London); Binbin Xu (University of Toronto); Soteris Demetriou (Imperial College London)

04:30 PM - 04:40 PM | Awards
Program Committee
04:40 PM - 04:50 PM | Closing Remarks
Program Committee


Accepted Posters


Identity-Independent IoT for Overarching Policy Enforcement
Luoyao Hao, Henning Schulzrinne (Columbia University)

Towards Privacy-Preserving Federated Recommendation via Synthetic Interactions
Thirasara Ariyarathna, Salil S. Kanhere, Hye-Young Paik (University of New South Wales)


Keynote

Hardening the CAV Ecosystem and Reducing Cybersecurity Risks


Thursday, May 23, 2024
09:00 AM - 10:00 AM

Hardening the Connected and Autonomous Vehicle (CAV) Ecosystem to reduce cybersecurity risks requires a concerted, multi-pronged approach that incorporates vehicles, diverse sensors, roadside units, transportation and digital infrastructure including cellular networks and edge/cloud computing facilities. In this presentation we will present a proposed security analysis framework to study various cybersecurity risks in the CAV ecosystems. In particular, we will discuss new attacks on AI (artificial intelligence) algorithms and systems used for cooperative driving, and propose potential new directions in mitigating such threats.

Keynote Speaker: Zhuoqing Morley Mao, University of Michigan

...

Z. Morley Mao is a Professor at the University of Michigan, having completed her Ph.D. at UC Berkeley on robust Internet routing protocol design and effective network measurement techniques to uncover network properties with security and performance implications. She is an ACM and IEEE Fellow, also a recipient of the Sloan Fellowship, the NSF CAREER Award, the ARMY YIP Award, and an IBM Faculty Award. Her other honors include the Morris Wellman Faculty Development Professor, EECS Achievement Award, College of Engineering George J. Huebner, Jr. Research Excellence Award at University of Michigan. Her recent research focus encompasses adversarial machine learning, AV security, and next generation wireless networks.


Call for Papers

As the traditionally segregated systems are brought online for next-generation connected applications, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality, and support disaster events. Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems. These safety risks arise because of information that distracts users while driving, software errors in medical devices, corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies. Accordingly, the Workshop seeks to bring researchers and practitioners who are actively exploring system design, modeling, verification, and authentication approaches to provide safety guarantees in the Internet of Things (IoT). The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop. As safety is inherently linked with security and privacy, we also seek contributions in these areas that address safety concerns. With the workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.

The scope of our workshop includes safety topics as they relate to an individual’s health (physical, mental), society (air pollution, toxicity, disaster events), or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective and, thus, does not include topics such as thread safety or memory safety in its scope.

Topics of interest include, but are not limited to, the following categories:

In addition, application domains of interest include, but are not limited to autonomous vehicles and transportation infrastructure; medical CPS and public health; smart buildings, smart grid, and smart cities.

The PC will select a best paper award for work that distinguishes itself in moving the security and privacy of IoT/CPS forward through novel attacks or defenses.

Call for Posters/Demos

In addition to the presentation of accepted papers, SafeThings will include a poster and demo session that is designed to allow researchers to share provocative opinions, interesting preliminary work, or cool ideas that will spark discussion about IoT safety. Poster and demo presenters will have the opportunity to discuss their work, get exposure, and receive feedback from attendees.


Publication Policy

Page Limit and Formatting

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must follow the official IEEE Conference Proceedings format. Full papers must be at most 6 single-spaced, double column 8.5” x 11” pages excluding references. Demos must be at most 1 single-spaced, double column 8.5” x 11” page, and have "Demo:" in their titles. All figures must fit within these limits. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8b. Papers that do not meet the size and formatting requirements will not be reviewed. All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via HotCRP (submission link below). The review process is double-blind.

Full Papers: 6 pages excluding references.
Posters and Demos: 1 page (with "Poster" or "Demo:" in the title).

Submission Form »

Conflicts of Interest

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

During submission of a research paper, the submission site will request information about conflicts of interest of the paper's authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:

  1. The PC member is a co-author of the paper.
  2. The PC member has been a co-worker in the same company or university within the past two years.
  3. For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization.
  4. The PC member has been a collaborator within the past two years.
  5. The PC member is or was the author's primary thesis advisor, no matter how long ago.
  6. The author is or was the PC member's primary thesis advisor, no matter how long ago.
  7. The PC member is a relative or close personal friend of the author.

For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection.

Ethical Considerations for Vulnerability Disclosure

We follow the IEEE S&P policy on ethical and responsible vulnerability disclosure.

In particular, where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days to 90 days ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the PC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

  1. Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
  2. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Financial and Non-financial competing interests

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

In the interests of transparency and to help readers form their own judgments of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, "Author X is on the Technical Advisory Board of the ByteCoin Foundation," or "Professor Y is the CTO of DoubleDefense, which specializes in malware analysis." More information regarding this policy is available here.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper in person at the conference. We can accommodate virtual presentations in special circumstances (e.g. visa denials, last-minute illness, etc.).


Organization


General Chairs

Soteris Demetriou (Imperial College London, UK)

Luyi Xing (Indiana University, Bloomington, USA)


Program Committee Chairs

Z. Berkay Celik (Purdue University, USA)

Srdjan Capkun (ETH, Switzerland)


Web Chair

Anastasios Lepipas (Imperial College London)


Technical Program Committee

Yixin Sun (University of Virginia, USA)

Maria Gorlatova (Duke University, USA)

Chunghwan Kim (UT Dallas, USA)

Erisa Karafili (University of Southampton, UK)

Salma El Malaki (UC Irvine, USA)

Fatima Anwar (UMass Amherst, USA)

Jun Han (NUS, ASIA)

Habiba Farrukh (UC Irvine, USA)

Asif Salekin (Syracuse University, USA)

Muslum Ozgur Ozmen (Purdue University, USA)

Kaushal Kafle (The College of William & Mary, USA)

Yifan Zhang (Indiana Universiity, USA)

Arslan Khan (Purdue University, USA)

Kyungtae Kim (Dartmouth College, USA)

Reham Aburas (Purdue University, USA)

Güliz Seray Tuncay (Google, USA)

Hamed Haddadi (Imperial College London, UK)

Yan Jia (Nankai University, CHINA)

Carl A. Gunter (University of Illinois at Urbana-Champaign, USA)

Emil Lupu (Imperial College London, UK)

Mauro Conti (University of Padova, EU)

Atefeh Mohseni Ejiyeh (UC Santa Barbara, USA)

Hyungsub Kim (Purdue University, USA)

Puballi Datta (UMass Amherst, USA)


TBD. If you would like to be considered for the TPC please contact any of the organisers.


Steering Committee

Bharathan Balaji (Amazon)

Robin Kravets (University of Illinois, Urbana Champaign)

Mani Srivastava (University of California, Los Angeles)

Patrick McDaniel (University of Wisconsin-Madison)

Patrick Tague (Carnegie Mellon University)

Ingrid Verbauwhede (KU Leuven)