Cryptocurrencies and Blockchain Technology

Since the appearance of Bitcoin in 2009, a plethora of new cryptocurrencies and other blockchain based systems have been deployed with different success. While some of them are slightly different copies of Bitcoin, other ones propose interesting improvements or new usages of the underlying blockchain technology. However, the novelty of such technologies is often tied with rapid developments and proof-of-concept software, and rigorous scientific analyses of the proposed systems are often skipped.

This workshop aims to provide a forum for researchers in this area to carefully analyze current systems and propose new ones in order to create a scientific background for a solid development of new cryptocurrencies and blockchain technology systems.

Cyber Defence Technologies and Secure Communications at the Network Edge

According to the new EU’s Cybersecurity Strategy for the Digital Decade, in the next years will be critical to build operational capacity to prevent, deter and respond to cyber threats, which highlighted the need to boost the development of state-of-the-art cyber defence technologies. This urgent action together with the emergence of innovative concepts in the field of secure communications notably at the network edge evidences a necessary coordination and synchronization to balance common interests and dual use endeavours. In this context, nowadays most of the EU cybersecurity and cyber defence forums are not cross-sectorial and therefore it is difficult to find dual-use related discussions to engage the civil and military research community. The 2nd International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge (CDT & SECOMANE) aims to close this gap by opening a forum were both communities exchange information for a mutual benefit. Hence the ESORICS community could openly contribute and participate at cyber defence and secure network dual-use related discussions contributing to enrich and enlarge participation.

Cyber-Physical Security for Critical Infrastructures Protection

CPS4CIP 2022 is the third workshop dedicated to cyber-physical security for protecting critical infrastructures which support finance, energy, health, air transport, communication, gas, and water. The secure operation of such critical environments is essential to the security of a nation, its economy, and public’s health and safety. Security incidents in critical infrastructures can directly lead to a violation of users’ safety and privacy, physical damages, significant economic impacts on individuals and companies, and threats to human life, while decreasing trust in institutions and questioning their social value. Because of the increasing interconnection between digital and physical worlds, these infrastructures and services are more critical, sophisticated, and interconnected than ever before. This makes them increasingly vulnerable to attacks, as confirmed by the steady rise of cyber-security incidents, such as phishing or ransomware, but also cyber-physical incidents, such as physical violation of devices or facilities, perpetrated in conjunction with malicious cyber activities.

Security of Industrial Control Systems & Of Cyber-Physical Systems

CyberICPS is the result of the merging of the CyberICS and WOS-CPS workshops that were held for the first time in conjunction with ESORICS 2015.

Cyber-physical systems (CPS) are physical and engineered systems that interact with the physical environment, whose operations are monitored, coordinated, controlled and integrated by information and communication technologies. These systems exist everywhere around us, and range in size, complexity and criticality, from embedded systems used in smart vehicles, to SCADA systems in smart grids to control systems in water distribution systems, to smart transportation systems, to plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other Industrial Control Systems (ICS). These systems also include the emerging trend of Industrial Internet of Things (IIoT) that will be the central part of the fourth industrial revolution.

As ICS and CPS proliferate, and increasingly interact with us and affect our life, their security becomes of paramount importance. CyberICPS intends to bring together researchers, engineers and governmental actors with an interest in the security of ICS and CPS in the context of their increasing exposure to cyber-space, by offering a forum for discussion on all issues related to their cyber security.

Data Privacy Management

Organizations are increasingly concerned about the privacy of information that they manage (several people have filed lawsuits against organizations violating the privacy of customer's data). Thus, the management of privacy-sensitive information is very critical and important for every organization. This poses several challenging problems, such as how to translate the high-level business goals into system-level privacy policies, administration of privacy-sensitive data, privacy data integration and engineering, privacy access control mechanisms, information-oriented security, and query execution on privacy-sensitive data for partial answers.

Election Infrastructure Security

This workshop aims at providing researchers and practitioners in different areas of security (network security, cryptography, etc.), networking, hardware architectures, software engineering, system engineering, machine learning, and natural language processing with an interdisciplinary forum to present, discuss, and exchange ideas that address the challenges of current and next-generation Election Infrastructure systems. The workshop seeks submissions from academia, government, and industry presenting novel research results in all practical and theoretical aspects of Election Infrastructure Security.

Emerging Technologies for Authorization and Authentication

IT devices are day-by-day becoming more pervasive in several application fields and in the everyday life. The major driving factors are the ever increasing coverage of the Internet connectivity, the extreme popularity and capillarity of smartphones, tablets and wearables, together with the consolidation of the Internet of Things (IoT) paradigm. As a matter of fact, interconnected devices directly control and take decisions on industrial processes, regulate infrastructures and services in smart-cities, and manage quality-of-life and safety in smart-homes, taking decisions with user interactions or even autonomously. The involvement of these devices in so many applications, unfortunately introduces a set of unavoidable security and safety implications, related to both the criticality of the aforementioned applications and to the privacy of sensitive information produced and exploited in the process. To address these and other related issues, there is an increasing need of instruments to control the access and the right to perform specific actions on devices or data. These instruments need to be able to cope with the high complexity of the considered applications and environments, being flexible and adaptable to different contexts and architectures, from centralized to fully-distributed, able to handle a high amount of information as well as taking into account non-conventional trust assumptions. The considered technologies should regulate the actions of both human users and autonomous devices, being effective in enforcing security policies, still without introducing noticeable overhead, both on the side of performance and user experience. Hence, the design of secure and efficient mechanisms for continuous authentication, requiring limited-to-no active interaction is solicited. The ETAA workshop aims at being a forum for researchers and practitioners of security active in the field of new technologies for authenticating users and devices, and enforce security policies in new and emerging applications related to mobile/wearable devices and IoT.

System Security Assurance

The advancement in information and communication technology has revolutionized social and economic systems. The governement, as well as commercial and non-profit organizations, rely heavily on information to conduct their business. Aside from the significant benefits of information and computing systems, their increasing connectivity, criticality, and comprehensiveness present new challenges for cybersecurity professionals. Information and services that are compromised in terms of confidentiality, integrity, availability, accountability, and authenticity can harm an organization's operations, so this information and data need to be protected. For this reason, it has become a crucial task for security researchers and practitioners to manage the security risks by mitigating the potential vulnerabilities and threats with new techniques and methodologies, thus ensuring the acceptable security assurance of an information and computing system, so the stakeholders can have greater confidence that the system works as intended or claimed. Security assurance can be defined as the cofidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. According to NIST, security assurance is a measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy.

Security and Privacy Requirements Engineering

For many years software engineers were focused in the development of new software thus considering security and privacy mainly during the development stage as an ad-hoc process rather than an integrated one initiated in the system design stage. However, the data protection regulations, the complexity of modern environments such as IoT, IoE, Cloud Computing, Big Data, Cyber Physical Systems etc. and the increased level of users’ awareness in IT have forced software engineers to identify security and privacy as fundamental design aspects leading to the implementation of more trusted software systems and services. Researchers have addressed the necessity and importance of implementing design methods for security and privacy requirements elicitation, modeling and implementation the last decades. Today Security by Design (SbD) and Privacy by Design (PbD) are established research areas that focus on these directions.

Security and Privacy of Mobile IoT

The SP-MIoT Workshop aims at providing an international forum for researchers and practitioners, across all areas, to exchange and bring perspectives, lessons learned, and new insights to the state of the art and practices of Security and Privacy in Mobile IoT. The workshop tackles the above-described challenges and provides a forum to share, discuss, and present novel ideas and solutions related to the security of IoT deployments, as well as their impact and relevance to the larger domains of privacy and security.

Security, Privacy, Organizations, and Systems Engineering

Over the past decades, a multitude of security and privacy enhancing technologies has been developed and brought to considerable maturity. However, the design and engineering of such technologies often ignores the organizational context that respective technologies are to be applied in. Building upon the success of three past iterations held at ESORICS 2019-2021, this workshop aims to enrich engineering practice in the field of security and privacy with solid insights from organizational and behavioral sciences to pave the way for technical security and privacy mechanisms and systems that match organizational needs and givens better than current ones. We particularly welcome papers explicitly translating findings and insights from organizational and behavioral theory into the concrete design and engineering of technical security and privacy mechanisms as well as papers evaluating, assessing, or scrutinizing existing security and privacy technologies against actual organizational and behavioral theories and/or givens from the practice.

Socio-Technical Aspects in Security

Successful attacks on information systems often exploit not only IT systems and networks, but also the human element in the system. It is critical to limit technical vulnerabilities and insecure user behavior, but also poorly designed user interfaces, and unclear or unrealistic security policies. To improve the security of systems, technology and policies must consider the characteristics of the users, where research in social sciences and usable security has demonstrated that insecure behavior can be justified from cognitive, emotional, and social perspectives. When there is a good 'fit' of technology to users, workable security policies and targeted behavioral support can augment technical security.

Finding the right balance between technical and social security measures remains largely unexplored, which motivates the need for the STAST workshop. Currently, different security communities (theoretical security, systems security, usable security, and security management) rarely work together. There remains a need for focused, holistic research in socio-technical security, and the respective communities tend to offload on each other parts of problems that they consider to be out of scope, an attitude that results in deficient or unsuitable security solutions.

Security and Trust Management

STM (Security and Trust Management) is a working group of ERCIM (European Research Consortium in Informatics and Mathematics). STM 2022 is the eighteenth workshop in this series and will be held at Copenhagen Denmark, in conjunction with the 27th European Symposium On Research in Computer Security (ESORICS 2022). The workshop seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of security and trust in ICTs.