cpss

11th ACM Cyber-Physical System Security Workshop
(CPSS 2025)

held in conjunction with ACM AsiaCCS'25
Hanoi, Vietnam, 26 August 2025

acm

Dates | CFP | Organizers | Keynotes | Accepted Papers | Program | Registration | Venue | Contact | CPSS

Important Dates

1st Round Submissions Due:
Notification:
Camera-ready Due:
10 20 January 2025 AoE (Extended)
15 February 2025
25 May 2025
2nd Round Submissions Due:
Notification:
Camera-ready Due:
15 25 March 2025 AoE (Extended)
25 April 2025
25 May 2025
Workshop Date: 26 August 2025

News

19 Jun 2025: Prof. Shiuhpyng Winston Shieh has been confirmed as the 2nd keynote speaker of ACM CPSS'25.
31 May 2025: Prof. Robert Deng has been confirmed as one of the keynote speakers for ACM CPSS'25.
30 May 2025: ACM CPSS'25 accepted papers are released now.
16 Mar 2025: The second-round submission deadline is extended by 10 days.
3 Feb 2025: 2nd round submission is open now.
10 Jan 2025: The submission deadline is extended.
27 Nov 2024: PC members are confirmed.
7 Nov 2024: The workshop website is up.

Call for Papers

Cyber-Physical Systems (CPS) of interest to this workshop consist of large-scale interconnected systems of heterogeneous components interacting with their physical environments. There exist a multitude of CPS devices and applications deployed to serve critical functions in our lives thus making security an important non-functional attribute of such systems. This workshop will provide a platform for professionals from academia, government, and industry to discuss novel ways to address the ever-present security challenges facing CPS. We seek submissions describing theoretical and practical solutions to security challenges in CPS. Submissions pertinent to the security of embedded systems, IoT, SCADA, smart grid, and other critical infrastructure are welcome. Topics of interest include, but are not limited to:

  • Attack detection for CPS
  • Authentication and access control for CPS
  • Autonomous vehicle security
  • Availability and auditing for CPS
  • Blockchain for CPS security
  • Data security and privacy for CPS
  • Deception Technologies for CPS
  • Digital twins/Cyber range for CPS security
  • Embedded systems security
  • Formal methods in CPS
  • Industrial control system security
  • IoT security
  • Legacy CPS system protection
  • Lightweight crypto and security
  • Maritime cyber security
  • Recovery from cyber attacks
  • Security and risk assessment for CPS
  • Security architectures for CPS
  • Security by design for CPS
  • Smart grid security
  • Threat modeling for CPS
  • Transportation system security
  • Vulnerability analysis for CPS
  • Wireless sensor network security

Submission Instructions

2nd round paper submission link: https://cpss2025.hotcrp.com/

Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. The review process is double-blinded. The submitted PDF version should be anonymized. Submissions must be in double-column ACM SIG Proceedings format (See here), and should not exceed 12 pages. Position papers describing the work in progress and papers describing novel testbeds are also welcome. Only pdf files will be accepted. Authors of accepted papers must guarantee that their papers will be presented at the workshop. At least one author of the paper must be registered at the appropriate conference rate. Accepted papers will be published in the ACM Digital Library. There will also be a best paper award.


Organizers

Steering Committee
Dieter Gollmann (Hamburg University of Technology, Germany)
Ravishankar Iyer (UIUC, USA)
Douglas Jones (UIUC, USA)
Javier Lopez (University of Malaga, Spain)
Jianying Zhou (SUTD, Singapore) - Chair

Program Chairs
Awais Yousaf (SUTD, Singapore)
Eyasu Getahun Chekole (SUTD, Singapore)

Publication Chair
Ahmed Amro (NTNU, Norway)

Publicity Chair
Weizhi Meng (Lancaster University, UK)

Web Chair
Sunil Basnet (Aalto University, Finland)

Program Committee
Alessandro Brighente (University of Padova, Italy)
Binbin Chen (SUTD, Singapore)
Chenglu Jin (CWI Amsterdam, Netherlands)
Chuadhry Mujeeb Ahmed (Newcastle University, UK)
Cristina Alcaraz (University of Malaga, Spain)
Daisuke Mashima (SUTD, Singapore)
Daniel Reijsbergen (SUTD, Singapore)
Daniele Antonioli (EURECOM, France)
Enoch Solomon (Virginia State University, USA)
Ezekiel Soremekun (SUTD, Singapore)
Georgios Kavallieratos (University of Oslo, Norway)
Huaqun Guo (Singapore Institute of Technology, Singapore)
Irfan Ahmed (Virginia Commonwealth University, USA)
Matheus Garbelini (SUTD, Singapore)
Minh-Thai Trinh (Illinois ARCS, Singapore)
Monowar Hasan (Washington State University, USA)
Rodrigo Roman Castro (University of Malaga, Spain)
Victor Bolbot (Aalto University, Finland)
Yaxi Yang (SUTD, Singapore)
Yonatan G. Achamyeleh (UC Irvine, USA)
Zeyu Yang (SUTD, Singapore)
Zheng Yang (Southwest University, China)


Keynotes

Efficient Security and Privacy Protocols for IoT Networks and Applications

Robert Deng (Singapore Management University, Singapore)

Abstract:
As the Internet of Things (IoT) becomes increasingly pervasive, ensuring user privacy and data security is more critical than ever. However, the resource-constrained nature of IoT devices and networks presents significant challenges in implementing robust and efficient security and privacy-preserving solutions. This talk introduces two of our recent research efforts—AKMA+ and PIC-BI—which address these challenges.

Authentication and Key Management for Applications (AKMA) is a 3GPP standard designed to secure communication between user devices and application functions (such as IoT and multimedia services) in 5G networks. It has already seen adoption by network equipment vendors, telecom operators, and mobile device manufacturers. However, it is known that AKMA has several vulnerabilities that could lead to serious security and privacy breaches. In response, we propose AKMA+, a security- and privacy-enhanced version of AKMA that mitigates these vulnerabilities while remaining backward compatible with the existing standard. AKMA+ introduces countermeasures to ensure session key secrecy, perfect forward secrecy, and user privacy protection. We validate AKMA+ using formal verification to demonstrate its security guarantees and conduct extensive performance evaluations, showing that it introduces minimal computational and communication overhead.

In parallel, we address another emerging challenge in UAV-assisted IoT networks, where unmanned aerial vehicles (UAVs) are used to provide mobile connectivity and services. These networks often rely on batch authentication to efficiently process simultaneous access requests from large numbers of IoT sensors. However, attackers can exploit this mechanism by injecting illegitimate requests, causing batch authentication to fail. To tackle this, we present PIC-BI—a practical and intelligent combinatorial batch identification scheme that enables UAVs to quickly and accurately isolate malicious requests, allowing legitimate sensors to establish connections without delay. PIC-BI leverages deep reinforcement learning to dynamically select the most effective identification strategy, achieving robust performance across diverse scenarios.

About the speaker:
Robert Deng is AXA Chair Professor of Cybersecurity, Deputy Dean for Faculty & Research, School of Computing and Information Systems, Singapore Management University (SMU). His research interests are in the areas of data security and privacy, network and distributed system security, and applied cryptography. He received the Outstanding University Researcher Award from National University of Singapore, Lee Kuan Yew Fellowship for Research Excellence from SMU, Asia-Pacific Information Security Leadership Achievements and Community Service Star from International Information Systems Security Certification Consortium (ISC2), and the Public Administration Medal (Silver) Singapore National Day Award. He is a Fellow of IEEE and Fellow of Academy of Engineering Singapore.


Collaboratively Building a Resilient Semiconductor Supply Chain

Shiuhpyng Winston Shieh (National Yang Ming Chiao Tung University, Taiwan)

Abstract:
In the semiconductor manufacturing industry, the increasing interconnection of smart production lines and networked systems has amplified the risks of cyberattacks and insider threats. To address these growing challenges and enhance the security of production equipment and the broader supply chain, Taiwan has led the development of SEMI E187 — Specification for Cybersecurity of Semiconductor Manufacturing Equipment. This was followed by three complementary guidelines: A) SEMI E187 Reference Practice; B) Cybersecurity Reference Architecture for Semiconductor Fab Environments; C) Building a Robust Cybersecurity Program (RCP). Together, these documents provide standardized frameworks and best practices for strengthening cybersecurity across the semiconductor industry.

SEMI E187 establishes overarching and foundational cybersecurity requirements to ensure that semiconductor fab equipment is secure by design, and remains protected during operation and maintenance. The standard is intended for equipment manufacturers, system integrators, and other service providers supporting semiconductor fabrication facilities. It mandates cybersecurity measures across the equipment lifecycle in four core areas: 1) Operating system support; 2) Network security; 3) Endpoint protection; 4) Security monitoring. SEMI E187 applies to computing devices within fab equipment running Microsoft Windows® or Linux® operating systems. It explicitly excludes PLCs, SCADA systems, and devices connected through sensor-actuator networks. As a baseline standard, SEMI E187 enables the development of supplementary standards to specify more advanced security requirements for fab equipment.

Cybersecurity should be seen not as a cost center, but as a strategic asset—essential for protecting sensitive data, maintaining customer trust, ensuring business continuity, and gaining a competitive edge. The cost of a single cyber incident often far outweighs the investment needed for preventative measures. Organizations that view cybersecurity as a strategic enabler are better positioned for long-term resilience in a highly digital and interconnected world. Though SEMI RCP includes technical references, it is written to be accessible and actionable for non-technical executives. It presents a high-level framework for cybersecurity best practices, risk management, and organizational readiness. By engaging with SEMI RCP, executives gain a clear understanding of the risks facing their organizations and the steps necessary to mitigate them. The document promotes a shared language and collaborative mindset between technical teams and leadership, reinforcing the critical role of executives in shaping security culture and policies.

About the speaker:
Shiuhpyng Winston Shieh is the Dean and Lifetime Chair Professor of the College of Computer Science at National Yang Ming Chiao Tung University (NYCU). He is the past Editor-in-Chief of IEEE Transactions on Reliability (2022-2025), an IEEE Fellow, and an ACM Distinguished Scientist. In academia, he has held key positions such as: President of the Chinese Cryptology and Information Security Association (CCISA), and Vice President of the IEEE Reliability Society. He has also served as a cybersecurity advisor to various government agencies, including the National Security Council (Office of the President), National Security Bureau, Executive Yuan's NICST, Ministry of Justice, and Investigation Bureau, among others.
Prof. Shieh is a recipient of the Outstanding Research Award from Taiwan's National Science and Technology Council (NSTC)—an honor awarded to a professor or researcher per year nationwide in the field of computer science, with a selection rate of less than 0.1%. He has also received the Outstanding Teaching Award from NYCU, an honor given to fewer than 1% of faculty annually. Prof. Shieh has extensive industry experience and is one of the principal authors of the SEMI cybersecurity standards for the semiconductor industry. He has served as a cybersecurity advisor to major companies including IBM, Cisco, Hon Hai Precision Industry Co., Ltd. (Foxconn), and several tech startups. His leadership in cybersecurity assessments consistently places the suppliers under his supervision among the top performers across supply chains.


Accepted Papers

SimProcess: High Fidelity Simulation of Noisy ICS Physical Processes
Denis Donadel (University of Verona, Italy), Gabriele Crestanello (University of Padua, Italy), Giulio Morandini (University of Padua, Italy), Daniele Antonioli (EURECOM, France), Mauro Conti (University of Padua, Italy), Massimo Merro (University of Verona, Italy)

AuthPLC: Authenticating PLC Communication Using ST-based Extended Cryptographic Library
Yaxi Yang (SUTD, Singapore), Ivan Christian (ST Engineering, Singapore), Zeyu Yang (SUTD, Singapore), Jiaqi Yang (Shenzhen Farben Information Technology Co., Ltd., China), Huibin Wang (SUTD, Singapore), Zheng Yang (Southwest University, China), Jianying Zhou (SUTD, Singapore)

Adaptive Code Relocation: Mitigating Remote Brute-Force Code Gadgets in Small IoT Devices
Phi Tuong Lau, Stefan Katzenbeisser (University of Passau, Germany)

Efficient Cross-Architecture Binary Function Embeddings through Knowledge Distillation
Dominik Bayerl (Technische Hochschule Ingolstadt, Germany), Hans-Joachim Hof (Technische Hochschule Ingolstadt, Germany), Thomas Hutzelmann (Technische Hochschule Ingolstadt, Germany)

Extracting Proxy Models from Side-Channel Insights to Enhance Adversarial Attacks on Black-Box DNNs
Srivatsan Chandrasekar (Nanyang Technological University, Singapore), Likith Anaparty (Indian Institute of Technology, Palakkad, India), Siew-Kei Lam (Nanyang Technological University, Singapore), Vivek Chaturvedi (Indian Institute of Technology, Palakkad, India)

Critical IEC 61850 MMS Feature Selection for ML-Driven IDS
Kishan Baranwal (Indian Institute of Science, India), Haresh Dagale (IISC Banglore, India), Vikas Bishnoi (Power Grid Corporation of India, India)

CANDIDS: CAN/CAN-FD Deep Learning-Based Intrusion Detection Systems
Yan Lin Aung (University of Derby, UK), Willy Cahyadi (SUTD, Singapore), Jianying Zhou (SUTD, Singapore)

FASER-IN: Evasion of Network Intrusion Detection Systems in Industrial Networks
Pranav Shetty (Saarland University, Germany), Ankush Meshram (Karlsruhe Institute of Technology, Germany), Markus Karch (Karlsruhe Institute of Technology, Germany), Christian Haas (Karlsruhe Institute of Technology, Germany), Nils Ole Tippenhauer (CISPA Helmholtz Center for Information Security, Germany)


Program

TBA


Contact

Email: awais_yousaf@sutd.edu.sg and eyasu_chekole@sutd.edu.sg
CPSS Home: http://jianying.space/cpss/



Updated: June 19, 2025