CPSIoTSec 2026
The 8th Joint Workshop on CPS & IoT Security and Privacy
In conjunction with the ACM Conference on Computer and Communications Security 2026
Background
The Joint Workshop on CPS&IoT Security and Privacy (CPSIoTSec) is the result of the merger of the Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC) and Workshop on the Internet of Things Security and Privacy (IoTS&P), previously organized annually in conjunction with the ACM Conference on Computer and Communications Security.
Scope
The Workshop on CPS&IoT Security and Privacy (CPSIoTSec 2026) invites academia, industry, and governmental entities to submit:
- Original research papers on the security and privacy of CPS&IoT
- Systematization of Knowledge (SoK) papers on the security and privacy of CPS&IoT
- Demos (hands-on or videos) of testbeds/experiences of CPS&IoT security and privacy research
We seek submissions from multiple interdisciplinary backgrounds tackling security and privacy issues in CPS&IoT, including but not limited to:
- AI/ML for CPS and IoT security
- Control-theoretic approaches
- CPS/IoT malware analysis
- CPS/IoT firmware analysis
- Economics of security and privacy
- Game theory applied to CPS/IoT security
- Hardware-assisted CPS/IoT security
- High assurance security architectures
- Human factors, humans in the loop, and usable security
- Identity and access management
- Intrusion and anomaly detection
- Mathematical foundations for secure CPS/IoT
- Metrics and risk assessment approaches
- Model-based security systems engineering
- Network security
- Privacy and trust
- Security and privacy of AI integrations in CPS/IoT
- Security and resilience metrics
- Sensor and actuator attacks
- Understanding dependencies among security, reliability, and safety in CPS/IoT
Also of interest will be papers that point the research community to new research directions and that set research agendas and priorities in CPS/IoT security and privacy. There will be a best paper award.
Submission Guidelines
Submissions include long papers (12 pages), short papers (6 pages), or 1-page abstracts:
- Long papers include a) Original research on a CPS/IoT security and privacy topic, b) Systematization of Knowledge of CPS/IoT security and privacy.
- Short papers include original work-in-progress research on a CPS/IoT security and privacy topic.
- 1-page abstracts include demos/interesting findings/insights on CPS/IoT security and privacy, with a hands-on demo accompanying the workshop.
Submitted papers can be up to 12 or 6 pages excluding appendices and references, and should provide enough details to enable reproducibility. All submitted papers must be anonymous, with no author names, affiliations, acknowledgements, or obvious references, for double blind reviews. Submissions must use the ACM SIG Proceedings Templates (see https://www.acm.org/publications/proceedings-template; a simpler version is available here: https://github.com/acmccs/format). Only PDF files will be accepted.
Accepted papers will be published by the ACM Press and/or the ACM Digital Library. We expect all authors to consider diversity and inclusion, especially when preparing their own submission (see https://www.acm.org/diversity-inclusion/about). Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. A registered author must present each accepted paper. Submissions that do not meet these guidelines risk immediate rejection. For questions about these policies, please contact the chairs.
- Paper Submission Site: TBA
Important Dates
- Manuscript submission: June 30, 2026 (23:59 Anywhere on Earth)
- Notification of acceptance/rejection (tentative): August 15, 2026
- Deadline for submission of Camera-ready papers: September 10, 2026
Program Chairs
- Daisuke Mashima, Singapore University of Technology and Design, Singapore
- Neetesh Saxena, Cardiff University, UK
Technical Program Committee
- Amir Rahmati, Stony Brook University
- Cristina Alcaraz, University of Malaga
- Daniel Xiapu Luo, The Hong Kong Polytechnic University
- Emil Lupu, Imperial College London
- Eunsuk Kang, Carnegie Mellon University
- Gerhard Hancke, City University of Hong Kong
- Joe Gardiner, University of Bristol
- Luis Garcia, University of Utah
- Luis Salazar, USCS/Somos Internet
- Marc Dacier, KAUST
- Marina Krotofil, MaK security
- Muslum Ozgur Ozmen, Arizona State University
- Nils Ole Tippenhauer, CISPA Helmholtz Center for Information Security
- Peng Liu, The Pennsylvania State University
- Sachin Kumar Singh, University of Utah
- Sai Sree Laya Chukkapalli, IBM Research
- Sokratis Katsikas, Norwegian University of Science & Technology
- Sridhar Adepu, Swansea University
- Vasileios Gkioulos, Norwegian University of Science and Technology
- Alma Oracevic, University of Bristol
- Mikael Asplund, Linköping University
Steering Committee
- Rakesh Bobba, Oregon State University
- Alvaro Cardenas, University of California, Santa Cruz
- Peng Liu, Penn State University
- Sibin Mohan, University of Illinois at Urbana-Champaign
- Awais Rashid, University of Bristol
- Gang Tan, Penn State University
- Nils Ole Tippenhauer, CISPA
- Roshan Thomas, MITRE
- Yuqing Zhang, University of CAS
Publicity Chair
- TBA
- TBA
Web Chair
- Mayank Swarnkar, Indian Institute of Technology BHU Varanasi