SafeThings 2024
IEEE/ACM Workshop on the Internet of Safe Things
Co-located with Oakland 2024 »
May 23rd, 2024
The Internet of Things has become increasingly popular and innovative.
With the rise of connected devices, we have an opportunity to significantly improve the safety of legacy systems.
For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events.
IoT based cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems and the larger number of attack vectors on these systems.
These safety risks can arise in the context of use of medical devices, smart home appliance control, autonomous vehicle and intelligent transportation designs, or conflicts in policy execution at a societal scale.
The Workshop on the Internet of Safe Things seeks to bring together researchers to create solutions for the development of safe cyber-physical systems.
As safety is inherently linked with the security and privacy of a system, we also seek contributions in these areas that address safety concerns.
We seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.
We seek contributions across domains - autonomous vehicles, smart homes, medical devices, smart grid, intelligent transportation;
and across disciplines - systems, control, human-computer interaction, security, reliability, machine learning, and verification
Important Dates
| Paper Submission Deadline | |
| Acceptance Notification | |
| Camera-ready Submission Deadline | |
| Workshop | May 23rd, 2024 |
Program anchor
Program
08:45 AM - 09:00 AM | Opening remarks, logistics and acknowledgments
09:00 AM - 10:00 AM | Keynote Talk
10:00 AM - 10:40 AM | Break
10:40 AM - 12:00 PM | SESSION 1: Defenses for Things (20 min each: 15 min presentation + 5 min Q&A)
Chair: Atefeh Mohseni Ejiyeh (UC Santa Barbara)
Brian Wang (UCLA); Mani Srivastava (UCLA and Amazon); Luis Garcia (University of Utah)
Device Discovery in the Smart Home Environment
Mounib Khanafer (American University of Kuwait); Logan Kostick (Johns Hopkins University); Chixiang Wang (Dartmouth College); Wondimu Zegeye (Morgan State University); Weijia He (Dartmouth College); Berkay Kaplan (University of Illinois, Urbana-Champaign); Nurzaman Ahmed, David Kotz, Timothy J. Pierson (Dartmouth College)
PUF-based Authentication in IoT against Strong Physical Adversary using Zero-Knowledge Proofs
Lukas Petzi, Alexandra Dmitrienko (University of Wuerzburg); Ivan Visconti (University of Salerno)
Towards Cyber-Physical Representation and Cyber-Resilience Against Attack and Failure within a Hydraulic Network Simulation Toolkit
Sean Otoole, Hoda Mehrpouyan (Boise State University)
12:00 PM - 01:00 PM | Lunch
01:00 PM - 01:30 PM | Lunch & Posters
01:30 PM - 02:30 PM | SESSION 2: Side and Covert Channels (20 min each: 15 min presentation + 5 min Q&A)
Chair: Chair: Hyungsub Kim (Purdue University)
Fatemeh Arkannezhad, Pooya Aghanoury, Justin Feng, Hossein Khalili, Nader Sehatbakhsh (UCLA)
Covert Timing Channel Attack on OPC UA-based Industrial Control Systems
Erkin Kirdan, Karl Waedt (Framatome)
Virtual Keymysteries Unveiled: Detecting Keystrokes in VR with External Side-Channels
Hossein Khalili, Alexander Chen, Theodoros Papaiakovou, Timothy Jacques, Hao-Jen Chien (UCLA); Changwei Liu, Aolin Ding, Amin Hass (Accenture); Saman Zonouz (Georgia Tech); Nader Sehatbakhsh (UCLA)
02:30 PM - 03:10 PM | Break
03:10 AM - 04:30 PM | SESSION 3: Attacks on Things (20 min each: 15 min presentation + 5 min Q&A)
Chair: Kaushal Kafle (William & Mary)
Qi Liu, Yizhe Zhang, Yixin Sun (University of Virginia)
Security Analysis of Wearable Smart Health Devices and Their Companion Apps
Daniel Timko, Mike Sharko, Yanyan Li (California State University San Marcos)
Seamlessly Insecure: Uncovering Outsider Access Risks in AiDot-Controlled Matter Devices
Narmeen Shafqat, Aanjhan Ranganathan (Northeastern University)
Adversarial 3D Virtual Patches using Integrated Gradients
Chengzeng You, Zhongyuan Hau (Imperial College London); Binbin Xu (University of Toronto); Soteris Demetriou (Imperial College London)
04:30 PM - 04:40 PM | Awards
04:40 PM - 04:50 PM | Closing Remarks
cfp anchor
Call for Papers
As the traditionally segregated systems are brought online for next-generation connected applications,
we have an opportunity to significantly improve the safety of legacy systems.
For instance, insights from data across systems can be exploited to reduce accidents, improve air quality, and support disaster events.
Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems.
These safety risks arise because of information that distracts users while driving, software errors in medical devices,
corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies.
Accordingly, the Workshop seeks to bring researchers and practitioners who are actively exploring system design, modeling, verification, and authentication approaches
to provide safety guarantees in the Internet of Things (IoT).
The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop.
As safety is inherently linked with security and privacy, we also seek contributions in these areas that address safety concerns.
With the workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs,
and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.
The scope of our workshop includes safety topics as they relate to an individual’s health (physical, mental), society (air pollution, toxicity, disaster events),
or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective and, thus, does not include topics such as
thread safety or memory safety in its scope.
Topics of interest include, but are not limited to, the following categories:
- Verification of safety in IoT/CPS platforms/systems
- Authentication in IoT/CPS contexts
- Adversarial machine learning and testing of IoT/CPS systems
- Secure perception, localization, and planning in autonomous systems (e.g., autonomous vehicles and drones)
- Sensors/analog and network protocol security in IoT/CPS systems
- Compliance with legal, health, and environmental policies
- Conflict resolution between IoT applications
- Secure connectivity and updates in IoT/CPS
- Secure integration of hardware and software systems
- Privacy challenges in IoT/CPS settings
- Privacy-preserving data sharing and analysis
- Resiliency against attacks and faults
- Safety in human-in-the-loop systems
- Support for IoT/CPS development - debugging tools, emulators, testbeds
- Usable security and privacy for IoT/CPS platforms
In addition, application domains of interest include, but are not limited to autonomous vehicles and transportation infrastructure;
medical CPS and public health; smart buildings, smart grid, and smart cities.
The PC will select a best paper award for work that distinguishes itself in moving the security and privacy of IoT/CPS forward through novel attacks or defenses.
Call for Posters/Demos
In addition to the presentation of accepted papers, SafeThings will include a poster and demo session that is designed to allow
researchers to share provocative opinions, interesting preliminary work, or cool ideas that will spark discussion about IoT safety.
Poster and demo presenters will have the opportunity to discuss their work, get exposure, and receive feedback from attendees.
Publication Policy
Page Limit and Formatting
Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must follow the official IEEE Conference Proceedings format. Full papers must be at most 6 single-spaced, double column 8.5” x 11” pages excluding references. Demos must be at most 1 single-spaced, double column 8.5” x 11” page, and have "Demo:" in their titles. All figures must fit within these limits. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8b. Papers that do not meet the size and formatting requirements will not be reviewed. All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via HotCRP (submission link below). The review process is double-blind.
Full Papers: 6 pages excluding references.
Posters and Demos: 1 page (with "Poster" or "Demo:" in the title).
Submission Form »
Conflicts of Interest
We follow the IEEE S&P policy on conflicts of interest which we replicate below.
During submission of a research paper, the submission site will request information about conflicts of interest of the paper's authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:
- The PC member is a co-author of the paper.
- The PC member has been a co-worker in the same company or university within the past two years.
- For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization.
- The PC member has been a collaborator within the past two years.
- The PC member is or was the author's primary thesis advisor, no matter how long ago.
- The author is or was the PC member's primary thesis advisor, no matter how long ago.
- The PC member is a relative or close personal friend of the author.
For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection.
Ethical Considerations for Vulnerability Disclosure
We follow the IEEE S&P policy on ethical and responsible vulnerability disclosure.
In particular, where research identifies a vulnerability (e.g., software vulnerabilities in a given program,
design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems),
we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively
protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders,
will help protect users. It is the committee’s sense that a disclosure window of 45
days to 90 days
ahead of publication is consistent with authors’ ethical obligations.
Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.
The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the PC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.
Ethical Considerations for Human Subjects Research
We follow the IEEE S&P policy on conflicts of interest which we replicate below.
Submissions that describe experiments that could be viewed as involving human subjects,
that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
- Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
- Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.
If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.
Financial and Non-financial competing interests
We follow the IEEE S&P policy on conflicts of interest which we replicate below.
In the interests of transparency and to help readers form their own judgments of potential bias,
the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests
in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of
their papers.
This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research
described. For example, "Author X is on the Technical Advisory Board of the ByteCoin Foundation," or "Professor Y is the CTO of DoubleDefense,
which specializes in malware analysis."
More information regarding this policy is available here.
Publication and Presentation
Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper in person at the conference. We can accommodate virtual presentations in special circumstances (e.g. visa denials, last-minute illness, etc.).
Organization anchor
Organization
General Chairs
Soteris Demetriou (Imperial College London, UK)
Luyi Xing (Indiana University, Bloomington, USA)
Program Committee Chairs
Z. Berkay Celik (Purdue University, USA)
Srdjan Capkun (ETH, Switzerland)
Web Chair
Anastasios Lepipas (Imperial College London)
Technical Program Committee
Yixin Sun (University of Virginia, USA)
Maria Gorlatova (Duke University, USA)
Chunghwan Kim (UT Dallas, USA)
Erisa Karafili (University of Southampton, UK)
Salma El Malaki (UC Irvine, USA)
Fatima Anwar (UMass Amherst, USA)
Jun Han (NUS, ASIA)
Habiba Farrukh (UC Irvine, USA)
Asif Salekin (Syracuse University, USA)
Muslum Ozgur Ozmen (Purdue University, USA)
Kaushal Kafle (The College of William & Mary, USA)
Yifan Zhang (Indiana Universiity, USA)
Arslan Khan (Purdue University, USA)
Kyungtae Kim (Dartmouth College, USA)
Reham Aburas (Purdue University, USA)
Güliz Seray Tuncay (Google, USA)
Hamed Haddadi (Imperial College London, UK)
Yan Jia (Nankai University, CHINA)
Carl A. Gunter (University of Illinois at Urbana-Champaign, USA)
Emil Lupu (Imperial College London, UK)
Mauro Conti (University of Padova, EU)
Atefeh Mohseni Ejiyeh (UC Santa Barbara, USA)
Hyungsub Kim (Purdue University, USA)
Puballi Datta (UMass Amherst, USA)
TBD. If you would like to be considered for the TPC please contact any of the organisers.
Steering Committee
Bharathan Balaji (Amazon)
Robin Kravets (University of Illinois, Urbana Champaign)
Mani Srivastava (University of California, Los Angeles)
Patrick McDaniel (University of Wisconsin-Madison)
Patrick Tague (Carnegie Mellon University)
Ingrid Verbauwhede (KU Leuven)