SafeThings 2019
IEEE Workshop on the Internet of Safe Things
Co-located with Oakland 2019 »
May 23rd, 2019 - San Francisco, California, USA
            The Internet of Things (IoT) has become increasingly popular and innovative. With the rise of connected devices, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. IoT based cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems and the larger number of attack vectors on these systems. These safety risks can arise in the context of use of medical devices, smart home appliance control, smart car design or conflicts in policy execution at a societal scale.
            
            The Internet of Safe Things workshop seeks to bring together researchers to create solutions for the development of safe cyber-physical systems. As safety is inherently linked with the security and privacy of a system, we also seek contributions in these
            areas that address safety concerns. We seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSes, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.
            
            We seek contributions across domains - autonomous vehicles, smart homes, medical devices, smart grid; and across disciplines - systems, control, human-computer interaction, security, reliability, machine learning, and verification.
        
Program anchor
Program Agenda
7:30AM - 8:30AM: Breakfast - Garden
7:30AM - 11:00AM: Registration - Seacliff Foyer
8:45AM - 9:00AM: Workshops Opening Remarks - Seacliff CD
9:00AM - 10:15AM: Keynote (Amit Levy: Challenges and Opportunities in Securing 64kB Computers) - Seacliff CD
10:15AM - 10:45AM: Workshops Break (30 Minutes) - Seacliff Foyer
10:45AM - 12:30PM: Session 1: Robotics and Automotive Security - Seacliff CD
                    ROS-Defender: Dynamic Security Policy Enforcement for Robotic Applications (PDF)
                    Sean Rivera, Sofiane Lagraa, Cristina Nita-Rotaru, Sheila Becker and Radu State
                    
                    Resilience of Multi-Robot Systems to Physical Masquerade Attacks (PDF)
                    Kacper Wardega, Roberto Tron and Wenchao Li
                    
                    Ensuring the Safe and Secure Operation of Electronic Control Units in Road Vehicles (PDF)
                    Florian Kohnhäuser, Dominik Püllen and Stefan Katzenbeisser
                    
                    Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction (PDF)
                    Alesia Chernikova, Alina Oprea, Cristina Nita-Rotaru and Baekgyu Kim
                
12:30PM - 1:30PM: Workshops Lunch - Garden
Note: We will have a lunch table for Women in Privacy. This is jointly organized with two workshops: IWPE and ConPro.
1:30PM - 3:15PM: Session 2: Device-level Security and Privacy - Seacliff CD
                    Analysis of the Susceptibility of Smart Home Programming Platforms to End User Error (PDF)
                    Mitali Palekar, Earlence Fernandes and Franziska Roesner
                    
                    Smart Speaker Privacy Control - Acoustic Tagging for Personal Voice Assistants (PDF)
                    Peng Cheng, Ibrahim Ethem Bagci, Jeff Yan and Utz Roedig
                    
                    When Smart Devices Are Stupid: Negative Experiences Using Home Smart Devices (PDF)
                    Weijia He, Jesse Martinez, Roshni Padhi, Lefan Zhang and Blase Ur
                    
                    Side Channel Attacks in Computation Offloading Systems with GPU Virtualization (PDF)
                    Sihang Liu, Yizhou Wei, Jianfeng Chi, Faysal Hossain Shezan and Yuan Tian
                
3:15PM - 3:45PM: Workshops Break and Poster/Demo Session (30 Minutes) - Seacliff Foyer
3:45PM - 5:30PM: Session 3: IoT-level Security and Privacy - Seacliff CD
                    SpyCon: Adaptation Based Spyware in Human-in-the-Loop IoT (PDF)
                    Salma Elmalaki, Bo-Jhang Ho, Moustafa Alzantot, Yasser Shoukry and Mani Srivastava
                    
                    Devil in the Detail: Attack Scenarios in Industrial Applications (PDF)
                    Simon Duque Anton, Alexander Hafner and Hans Dieter Schotten
                    
                    IOTFLA : A secured and privacy-preserving smart home architecture implementing federated learning (PDF)
                    Ulrich Matchi Aivodji, Sebastien Gambs and Alexandre Martin
                    
                    A Study of Vulnerability Analysis of Popular Smart Devices Through Their Companion Apps (PDF)
                    Davino Mauro Junior, Luis Melo, Harvey Lu, Marcelo d'Amorim and Atul Prakash
                
5:30PM - 5:45PM: Workshops Closing Remarks - Seacliff CD
Happy Hour (joint with ConPro workshop) - Gott's Roadside
Keynote anchor
Keynote
Title: Challenges and Opportunities in Securing 64kB Computers.
            Abstract:
            Low-power microcontrollers are increasingly prevalent in the Internet of Things. These devices have extreme memory constraints—typically 16-512 kB of RAM. They also lack hardware features, such as virtual memory, that are integral to the design of modern operating systems. These constraints preclude traditional isolation abstractions, such as processes or microkernel services, leading to systems in which every line of code is fully trusted. Luckily, there are new tools we can use to address these limitations. Type-safe and low-resource programming languages, like Rust, can help us build more compartmentalized kernels, while new hardware protection mechanisms available in modern microcontrollers allow us to isolate arbitrary code. I will present Tock, an operating system for low-memory microcontrollers, that uses these tools to provide a familiar and convenient environment for running untrusted applications. Beyond isolation, I’ll discuss some of the challenges and opportunities in defining and enforcing meaningful security policies for in these settings.
        
            Bio:
            Amit Levy is an Assistant Professor of Computer Science at Princeton University. His research centers on extensibility and security in practical systems. Amit is an author and maintainer of the Tock operating system, the co-founder and CEO of MemCachier, and holds a PhD in Computer Science from Stanford in 2018.
        
Accepted anchor
List of Accepted Papers
Papers:
            Analysis of the Susceptibility of Smart Home Programming Platforms to End User Error (PDF)
            Mitali Palekar, Earlence Fernandes and Franziska Roesner
            
            Side Channel Attacks in Computation Offloading Systems with GPU Virtualization (PDF)
            Sihang Liu, Yizhou Wei, Jianfeng Chi, Faysal Hossain Shezan and Yuan Tian
            
            A Study of Vulnerability Analysis of Popular Smart Devices Through Their Companion Apps (PDF)
            Davino Mauro Junior, Luis Melo, Harvey Lu, Marcelo d'Amorim and Atul Prakash
            
            SpyCon: Adaptation Based Spyware in Human-in-the-Loop IoT (PDF)
            Salma Elmalaki, Bo-Jhang Ho, Moustafa Alzantot, Yasser Shoukry and Mani Srivastava
            
            ROS-Defender: Dynamic Security Policy Enforcement for Robotic Applications (PDF)
            Sean Rivera, Sofiane Lagraa, Cristina Nita-Rotaru, Sheila Becker and Radu State
            
            Resilience of Multi-Robot Systems to Physical Masquerade Attacks (PDF)
            Kacper Wardega, Roberto Tron and Wenchao Li
            
            Ensuring the Safe and Secure Operation of Electronic Control Units in Road Vehicles (PDF)
            Florian Kohnhäuser, Dominik Püllen and Stefan Katzenbeisser
            
            Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction (PDF)
            Alesia Chernikova, Alina Oprea, Cristina Nita-Rotaru and Baekgyu Kim
            
            Devil in the Detail: Attack Scenarios in Industrial Applications (PDF)
            Simon Duque Anton, Alexander Hafner and Hans Dieter Schotten
            
            Smart Speaker Privacy Control - Acoustic Tagging for Personal Voice Assistants (PDF)
            Peng Cheng, Ibrahim Ethem Bagci, Jeff Yan and Utz Roedig
            
            When Smart Devices Are Stupid: Negative Experiences Using Home Smart Devices (PDF)
            Weijia He, Jesse Martinez, Roshni Padhi, Lefan Zhang and Blase Ur
            
            IOTFLA : A secured and privacy-preserving smart home architecture implementing federated learning (PDF)
            Ulrich Matchi Aivodji, Sebastien Gambs and Alexandre Martin
            
        
Posters and Demos:
            Poster: Exploit Delivery to Consumer IoT Devices using WiFi Pineapple
            Alek Mieczkowski, Islam Obaidat, K. Virgil English, Glenn Um, Gavin Sroczynski and Meera Sridhar
            
            Poster: IoT Two Factor Neurometric Authentication System using Wearable EEG
            Angel Rodriguez, Sara Rampazzi and Kevin Fu
            
            Poster: Privacy-Preserving IoT Remote Control using DNS with LTE based On-Demand Triggering
            Yong Jin, Masahiko Tomoishi, Kenji Fujikawa and Ved P Kafle
            
            Demo: An Emulator-based Active Protection System against IoT Malware
            Shin-Ming Cheng and Sheng-Hao Ma
            
        
Cfp anchor
Important Dates
            
            Paper/Poster/Demo Submission Deadline: 02/01/2019 AoE, UTC-12 (The deadline is extended due to severe weather conditions)
            Acceptance Notifications to Authors: 02/25/2019 
            Publication-ready Paper Submission Deadline: 03/11/2019 03/18/2019 AoE, UTC-12
        
Call for Papers
            As the traditionally segregated systems are brought online for next-generation connected applications, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems. These safety risks arise because of information that distracts users while driving, software errors in medical devices, corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies.
            
            Accordingly, the Internet of Safe Things workshop (or SafeThings, for brevity) seeks to bring researchers and practitioners that are actively exploring system design, modeling, verification, authentication approaches to provide safety guarantees in the Internet of Things (IoT). The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop. As safety is inherently linked with the security and privacy, we also seek contributions in these areas that address safety concerns. With the SafeThings workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSes, and create tools, algorithms, frameworks, and systems that help in the development of safe systems.
            
            SafeThings workshop covers safety topics as it relates to an individual’s health (physical, mental), the society (air pollution, toxicity, disaster events), or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective, and thus, does not include topics such as thread safety or memory safety in its scope.
            
            Our workshop will cover, but not limit itself to, the following subject categories:
        
- Adversarial machine learning and testing of IoT/CPS systems
- Authentication in IoT/CPS settings
- Compliance with legal, health, and environmental policies
- Conflict resolution between IoT applications
- Integration of hardware and software systems
- Managing device lifecycle (e.g., secure software updates and security of legacy devices)
- Privacy challenges in IoT/CPS settings
- Privacy preserving data sharing and analysis
- Resiliency against attacks and faults
- Safety in human-in-the-loop systems
- Secure connectivity in IoT
- Secure updates
- Support for IoT development - debugging tools, emulators, testbeds
- Usable security and privacy for IoT platforms
- Verification of safety in IoT platforms
Our workshop will cover, but not limit itself to, the following domains:
- Autonomous vehicles and transportation infrastructure
- Medical CPS and public health
- Smart buildings, smart grid, and smart cities
Call for Posters and Demos
If you would like to share a provocative opinion, an interesting preliminary work, or a cool idea that will spark discussion about IoT safety, the poster and demo section is a perfect venue to introduce new or ongoing work. Poster and demo presenters will have the opportunity to discuss their work, get exposure, and receive feedback from attendees.
Submission Instruction
            Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must follow the official IEEE Conference Proceedings format. Full papers must be at most 6 single-spaced, double column 8.5” x 11” pages. Posters and Demos must be at most 1 single-spaced, double column 8.5” x 11” page, and have "poster" or "demo" in their titles. All figures, references, and appendices must fit within these limits. Papers that do not meet the size and formatting requirements will not be reviewed. All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via EasyChair (submission link below). The review process is single-blind.
            
            Full Papers: 6 pages
            Posters and Demos: 1 page (with "poster" or "demo" in the title)
            Submission link: https://easychair.org/conferences/?conf=safethings2019
        
Presentation Form
            All accepted submissions will be presented at the workshop and included in the IEEE workshop proceedings.
            One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings.
        
Organization anchor
Organization
Organizing Committee
General Chair
Yuan Tian (University of Virginia)
Program Committee Chairs
Atul Prakash (University of Michigan)
Yasser Shoukry (University of Maryland, College Park)
Publicity Chair
Meiyi Ma (University of Virginia)
Web Chair
Tu Le (University of Virginia)
Technical Program Committee
Gail-Joon Ahn (Arizona State University)
Gedare Bloom (Howard University)
Adam Doupé (Arizona State University)
Kassem Fawaz (University of Wisconsin, Madison)
Earlence Fernandes (University of Washington)
Jun Han (National University of Singapore)
Richard Han (University of Colorado, Boulder)
Byoungyoung Lee (Seoul National University)
Uichin Lee (Korea Advanced Institute of Science and Technology)
Insup Lee (University of Pennsylvania)
Joseph Maguire (University of Glasgow)
Shrirang Mare (University of Washington)
Patrick McDaniel (Pennsylvania State University)
Shaunak Mishra (Yahoo! Research)
Miroslav Pajic (Duke University)
Amir Rahmati (Stony Brook University)
Sara Rampazzi (University of Michigan)
Aanjhan Ranganathan (Northeastern University)
Henrik Sandberg (KTH Royal Institute of Technology)
Huasong Shan (JD.com American Technologies Corporation)
Paulo Tabuada (University of California, Los Angeles)
Blase Ur (University of Chicago)
Joao P. Vilela (University of Coimbra)
Saman Zonouz (Rutgers University)
Steering Committee
Bharathan Balaji (Amazon)
Robin Kravets (University of Illinois, Urbana Champaign)
Mani Srivastava (University of California, Los Angeles)
John A. Stankovic (University of Virginia)
Patrick Tague (Carnegie Mellon University)