The 7th Joint Workshop on
CPS & IoT Security and Privacy

In conjunction with the
ACM Conference on Computer and Communications Security 2025

Background

The Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec) is the result of the merger of the Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) and Workshop on the Internet of Things Security and Privacy (IoTS&P) previously organized annually in conjunction with ACM Conference on Computer and Communications Security.

Scope

The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2025) invites academia, industry, and governmental entities to submit:

• Original research papers on the security and privacy of CPS&IoT
• Systematization of Knowledge (SoK) papers on the security and privacy of CPS&IoT
• Demos (hands-on or videos) of testbeds/experiences of CPS&IoT security and privacy research

We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS&IoT, including but not limited to:

• AI/ML for CPS and IoT security
• Control-theoretic approaches
• CPS/IoT malware analysis
• CPS/IoT firmware analysis
• Economics of security and privacy
• Game theory applied to CPS/IoT security
• Hardware-assisted CPS/IoT security
• High assurance security architectures
• Human factors, humans in the loop, and usable security
• Identity and access management
• Intrusion and anomaly detection
• Mathematical foundations for secure CPS/IoT
• Metrics and risk assessment approaches
• Model-based security systems engineering
• Network security
• Privacy and trust
• Security and privacy of AI integrations in CPS/IoT
• Security and resilience metrics
• Sensor and actuator attacks
• Understanding dependencies among security, reliability and safety in CPS/IoT

Also of interest will be papers that can point the research community to new research directions, and those that can set research agendas and priorities in CPS/IoT security and privacy. There will be a best paper award.

Submission Guidelines

Submissions include long papers (12 pages), short papers (6 pages), or 1-page abstracts:

• Long papers include a) Original research on a CPS/IoT security and privacy topic, b) Systematization of Knowledge of CPS/IoT security and privacy;
• Short papers include original work-in-progress research on a CPS/IoT security and privacy topic;
• 1-page abstracts include demos/interesting findings/insights on CPS/IoT security and privacy, which will be accompanied by a hands-on demo during the workshop.

Submitted papers can be up to 12 or 6 pages excluding appendices and references, and should provide enough details to enable reproducibility. All submitted papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references, for double blind reviews. Submissions must use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template, with a simpler version here: https://github.com/acmccs/format). Only PDF files will be accepted.

Accepted papers will be published by the ACM Press and/or the ACM Digital Library. We expect all authors to consider diversity and inclusion, especially when preparing their own submission (see https://www.acm.org/diversity-inclusion/about). Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Each accepted paper must be presented by a registered author. Submissions not meeting these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.

• Paper Submission Site: https://cpsiotsec25.hotcrp.com/

Program

Keynote: Daniel Xiapu Luo Title: The Road Less Hacked: Enhancing Security in Automotive Systems Abstract: As vehicles transform into complex, interconnected systems, cybersecurity emerges as a paramount concern. This presentation will begin with an examination of the current automotive attack surfaces, exploring how modern vehicles, equipped with advanced connectivity features, are increasingly vulnerable to cyber threats. Following this, we will introduce our recent studies on identifying vulnerabilities in critical automotive components and the design of defense mechanisms. Bio: Professor in the Department of Computing, Associate Dean (Research) of the Faculty of Computer and Mathematical Sciences, Co-Director of the Research Centre for Blockchain Technology, and Programme Leader of MSc in Blockchain Technology at the Hong Kong Polytechnic University. His research focuses on Mobile and IoT Security, Blockchain and Smart Contracts Security, Network Security and Privacy, and Software Engineering with papers published in top venues. His research led to more than ten best/distinguished paper awards, including ACM CCS'24 Distinguished Paper Award, four ACM SIGSOFT Distinguished Paper Awards, Best DeFi Papers Award 2023, Best Paper Award in INFOCOM'18, Best Research Paper Award in ISSRE'16, etc. and several awards from the industry. He received the BOCHK Science and Technology Innovation Prize (FinTech) 2023 for his contribution to blockchain security. He is an ACM Distinguished Member for his research in safeguarding blockchain and smart contracts along with Android and its applications. He also actively contributes to the community by participating in program/organization committees for major conferences in security, software engineering, and networking, and by serving as an associate editor for prestigious journals such as IEEE/ACM Transactions on Networking (ToN), IEEE Transactions on Dependable and Secure Computing (TDSC), and ACM Transactions on Privacy and Security (TOPS). He is a member of the Hong Kong Monetary Authority’s CBDC Expert Group.

Important Dates

• Submission deadline: June 20, 2025, June 30 (23:59 Anywhere on Earth)
• Notification of acceptance/rejection (tentative): Aug 8, 2025
• Deadline for submission of camera-ready papers: Aug 22, 2025
• Workshop date: October 17th, 2025

Program Chairs

• Daisuke Mashima, Singapore University of Technology and Design, Singapore
• Kassem M. Fawaz, University of Wisconsin, USA

Technical Program Committee

• Alessandro Brighente, University of Padua
• Alvaro Cardenas, University of California, Santa Cruz
• Amir Rahmati, Stony Brook University
• Asmit Nayak, University of Wisconsin Madison
• Awais Rashid, University of Bristol
• Biplab Sikdar, National University of Singapore
• Charalambos Konstantinou, KAUST
• Cristina Alcaraz, University of Malaga
• Emil Lupu, Imperial College London
• Eunsuk Kang, Carnegie Mellon University
• Farshad Khorrami, New York University
• Gang Tan, Penn State
• George Stergiopoulos, University of the Aegean
• Gerhard Hancke, City University of Hong Kong
• Herve Debar, Telecom SudParis
• Joe Gardiner, University of Bristol
• Keerthi Koneru, Accenture
• Le Guan, University of Georgia
• Luis Burbano, UC Santa Cruz
• Luis Salazar, Somos Internet
• Magnus Almgren, Chalmers University of Technology
• Mahsa Saeidi, University of Tehran
• Marina Krotofil, MaK security
• Masoom Rabbani, Chalmers
• Mauro Conti, University of Padua
• Mikael Asplund, Linkoping University
• Mohammad Ashiqur Rahman, Florida International University
• Monowar Hasan, Washington State University
• Muslum Ozgur Ozmen, Arizona State University
• Neetesh Saxena, Cardiff University
• Nils Ole, Tippenhauer, CISPA Helmholtz Center for Information Security
• Pablo Picazo-Sanchez, Halmstad University. Halmstad. Sweden
• Peng Liu, The Pennsylvania State University
• Pengfei Zhou, University of Pittsburgh
• Rishabh Khandelwal, University of Wisconsin-Madison
• Sachin Kumar Singh, University of Utah
• Sai Sree Laya Chukkapalli, IBM Research
• Saman Zonouz, Georgia Institute of Technology
• Shahid Raza, University of Glasgow
• Shimaa Ahmed, Visa Research
• Sokratis Katsikas, Norwegian University of Science & Technology
• Sridhar Adepu, Swansea University
• Stefano Longari, Politecnico di Milano
• Walid Saad, Virginia Tech
• Weizhi Meng, Lancaster University, United Kingdom
• Xiapu Luo, The Hong Kong Polytechnic University

Steering Committee

• Rakesh Bobba, Oregon State University
• Alvaro Cardenas, University of California, Santa Cruz
• Peng Liu, Penn State University
• Sibin Mohan, University of Illinois at Urbana-Champaign
• Awais Rashid, University of Bristol
• Gang Tan, Penn State University
• Nils Ole Tippenhauer, CISPA
• Roshan Thomas, MITRE
• Yuqing Zhang, University of CAS

Publicity Chair

• Masoom Rabbani, Chalmers
• Pablo Picazo-Sanchez, Halmstad University

Past Workshop

• CPSIoTSec 2024
• CPSIoTSec 2023
• CPSIoTSec 2022
• CPSIoTSec 2021