The Internet of Things (IoT) has become increasingly popular and innovative. With the rise of connected devices, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. IoT based cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems and the larger number of attack vectors on these systems. These safety risks can arise in the context of use of medical devices, smart home appliance control, smart car design or conflicts in policy execution at a societal scale.

The Internet of Safe Things workshop seeks to bring together researchers to create solutions for the development of safe cyber-physical systems. As safety is inherently linked with the security and privacy of a system, we also seek contributions in these areas that address safety concerns. We seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSes, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.

We seek contributions across domains - autonomous vehicles, smart homes, medical devices, smart grid; and across disciplines - systems, control, human-computer interaction, security, reliability, machine learning, and verification.

Program anchor

---

Program Agenda

Keynote anchor

Keynote

Title: Challenges and Opportunities in Securing 64kB Computers.

Abstract:
Low-power microcontrollers are increasingly prevalent in the Internet of Things. These devices have extreme memory constraints—typically 16-512 kB of RAM. They also lack hardware features, such as virtual memory, that are integral to the design of modern operating systems. These constraints preclude traditional isolation abstractions, such as processes or microkernel services, leading to systems in which every line of code is fully trusted. Luckily, there are new tools we can use to address these limitations. Type-safe and low-resource programming languages, like Rust, can help us build more compartmentalized kernels, while new hardware protection mechanisms available in modern microcontrollers allow us to isolate arbitrary code. I will present Tock, an operating system for low-memory microcontrollers, that uses these tools to provide a familiar and convenient environment for running untrusted applications. Beyond isolation, I’ll discuss some of the challenges and opportunities in defining and enforcing meaningful security policies for in these settings.

Bio:
Amit Levy is an Assistant Professor of Computer Science at Princeton University. His research centers on extensibility and security in practical systems. Amit is an author and maintainer of the Tock operating system, the co-founder and CEO of MemCachier, and holds a PhD in Computer Science from Stanford in 2018.

Accepted anchor

---

List of Accepted Papers

Papers:

Analysis of the Susceptibility of Smart Home Programming Platforms to End User Error (PDF)
Mitali Palekar, Earlence Fernandes and Franziska Roesner

Side Channel Attacks in Computation Offloading Systems with GPU Virtualization (PDF)
Sihang Liu, Yizhou Wei, Jianfeng Chi, Faysal Hossain Shezan and Yuan Tian

A Study of Vulnerability Analysis of Popular Smart Devices Through Their Companion Apps (PDF)
Davino Mauro Junior, Luis Melo, Harvey Lu, Marcelo d'Amorim and Atul Prakash

SpyCon: Adaptation Based Spyware in Human-in-the-Loop IoT (PDF)
Salma Elmalaki, Bo-Jhang Ho, Moustafa Alzantot, Yasser Shoukry and Mani Srivastava

ROS-Defender: Dynamic Security Policy Enforcement for Robotic Applications (PDF)
Sean Rivera, Sofiane Lagraa, Cristina Nita-Rotaru, Sheila Becker and Radu State

Resilience of Multi-Robot Systems to Physical Masquerade Attacks (PDF)
Kacper Wardega, Roberto Tron and Wenchao Li

Ensuring the Safe and Secure Operation of Electronic Control Units in Road Vehicles (PDF)
Florian Kohnhäuser, Dominik Püllen and Stefan Katzenbeisser

Are Self-Driving Cars Secure? Evasion Attacks against Deep Neural Networks for Steering Angle Prediction (PDF)
Alesia Chernikova, Alina Oprea, Cristina Nita-Rotaru and Baekgyu Kim

Devil in the Detail: Attack Scenarios in Industrial Applications (PDF)
Simon Duque Anton, Alexander Hafner and Hans Dieter Schotten

Smart Speaker Privacy Control - Acoustic Tagging for Personal Voice Assistants (PDF)
Peng Cheng, Ibrahim Ethem Bagci, Jeff Yan and Utz Roedig

When Smart Devices Are Stupid: Negative Experiences Using Home Smart Devices (PDF)
Weijia He, Jesse Martinez, Roshni Padhi, Lefan Zhang and Blase Ur

IOTFLA : A secured and privacy-preserving smart home architecture implementing federated learning (PDF)
Ulrich Matchi Aivodji, Sebastien Gambs and Alexandre Martin

Posters and Demos:

Poster: Exploit Delivery to Consumer IoT Devices using WiFi Pineapple
Alek Mieczkowski, Islam Obaidat, K. Virgil English, Glenn Um, Gavin Sroczynski and Meera Sridhar

Poster: IoT Two Factor Neurometric Authentication System using Wearable EEG
Angel Rodriguez, Sara Rampazzi and Kevin Fu

Poster: Privacy-Preserving IoT Remote Control using DNS with LTE based On-Demand Triggering
Yong Jin, Masahiko Tomoishi, Kenji Fujikawa and Ved P Kafle

Demo: An Emulator-based Active Protection System against IoT Malware
Shin-Ming Cheng and Sheng-Hao Ma

Cfp anchor

---

Important Dates

Paper/Poster/Demo Submission Deadline: 02/01/2019 AoE, UTC-12 (The deadline is extended due to severe weather conditions)
Acceptance Notifications to Authors: 02/25/2019
Publication-ready Paper Submission Deadline: 03/11/2019 03/18/2019 AoE, UTC-12

---

Call for Papers

As the traditionally segregated systems are brought online for next-generation connected applications, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems. These safety risks arise because of information that distracts users while driving, software errors in medical devices, corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies.

Accordingly, the Internet of Safe Things workshop (or SafeThings, for brevity) seeks to bring researchers and practitioners that are actively exploring system design, modeling, verification, authentication approaches to provide safety guarantees in the Internet of Things (IoT). The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop. As safety is inherently linked with the security and privacy, we also seek contributions in these areas that address safety concerns. With the SafeThings workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSes, and create tools, algorithms, frameworks, and systems that help in the development of safe systems.

SafeThings workshop covers safety topics as it relates to an individual’s health (physical, mental), the society (air pollution, toxicity, disaster events), or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective, and thus, does not include topics such as thread safety or memory safety in its scope.

Our workshop will cover, but not limit itself to, the following subject categories:

• Adversarial machine learning and testing of IoT/CPS systems
• Authentication in IoT/CPS settings
• Compliance with legal, health, and environmental policies
• Conflict resolution between IoT applications
• Integration of hardware and software systems
• Managing device lifecycle (e.g., secure software updates and security of legacy devices)
• Privacy challenges in IoT/CPS settings
• Privacy preserving data sharing and analysis
• Resiliency against attacks and faults
• Safety in human-in-the-loop systems
• Secure connectivity in IoT
• Secure updates
• Support for IoT development - debugging tools, emulators, testbeds
• Usable security and privacy for IoT platforms
• Verification of safety in IoT platforms

Our workshop will cover, but not limit itself to, the following domains​:

• Autonomous vehicles and transportation infrastructure
• Medical CPS and public health
• Smart buildings, smart grid, and smart cities

Call for Posters and Demos

If you would like to share a provocative opinion, an interesting preliminary work, or a cool idea that will spark discussion about IoT safety, the poster and demo section is a perfect venue to introduce new or ongoing work. Poster and demo presenters will have the opportunity to discuss their work, get exposure, and receive feedback from attendees.

---

Submission Instruction

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must follow the official IEEE Conference Proceedings format. Full papers must be at most 6 single-spaced, double column 8.5” x 11” pages. Posters and Demos must be at most 1 single-spaced, double column 8.5” x 11” page, and have "poster" or "demo" in their titles. All figures, references, and appendices must fit within these limits. Papers that do not meet the size and formatting requirements will not be reviewed. All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via EasyChair (submission link below). The review process is single-blind.

Full Papers: 6 pages
Posters and Demos: 1 page (with "poster" or "demo" in the title)
Submission link: https://easychair.org/conferences/?conf=safethings2019

---

Presentation Form

All accepted submissions will be presented at the workshop and included in the IEEE workshop proceedings.
One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings.

Organization anchor

---

Organization

Organizing Committee

General Chair

Yuan Tian (University of Virginia)

Program Committee Chairs

Atul Prakash (University of Michigan)

Yasser Shoukry (University of Maryland, College Park)

Publicity Chair

Meiyi Ma (University of Virginia)

Web Chair

Tu Le (University of Virginia)

Technical Program Committee

Gail-Joon Ahn (Arizona State University)

Gedare Bloom (Howard University)

Adam Doupé (Arizona State University)

Kassem Fawaz (University of Wisconsin, Madison)

Earlence Fernandes (University of Washington)

Jun Han (National University of Singapore)

Richard Han (University of Colorado, Boulder)

Byoungyoung Lee (Seoul National University)

Uichin Lee (Korea Advanced Institute of Science and Technology)

Insup Lee (University of Pennsylvania)

Joseph Maguire (University of Glasgow)

Shrirang Mare (University of Washington)

Patrick McDaniel (Pennsylvania State University)

Shaunak Mishra (Yahoo! Research)

Miroslav Pajic (Duke University)

Amir Rahmati (Stony Brook University)

Sara Rampazzi (University of Michigan)

Aanjhan Ranganathan (Northeastern University)

Henrik Sandberg (KTH Royal Institute of Technology)

Huasong Shan (JD.com American Technologies Corporation)

Paulo Tabuada (University of California, Los Angeles)

Blase Ur (University of Chicago)

Joao P. Vilela (University of Coimbra)

Saman Zonouz (Rutgers University)

Steering Committee

Bharathan Balaji (Amazon)

Robin Kravets (University of Illinois, Urbana Champaign)

Mani Srivastava (University of California, Los Angeles)

John A. Stankovic (University of Virginia)

Patrick Tague (Carnegie Mellon University)

---