SafeThings 2025

IEEE/ACM Workshop on the Internet of Safe Things

Co-located with 46th IEEE Symposium on Security and Privacy (Oakland) »

May 15th, 2025

The Internet of Things has become increasingly popular and innovative. With the rise of connected devices, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality and support disaster events. IoT based cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems and the larger number of attack vectors on these systems. These safety risks can arise in the context of use of medical devices, smart home appliance control, autonomous vehicle and intelligent transportation designs, or conflicts in policy execution at a societal scale.

The Workshop on the Internet of Safe Things seeks to bring together researchers to create solutions for the development of safe cyber-physical systems. As safety is inherently linked with the security and privacy of a system, we also seek contributions in these areas that address safety concerns. We seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.

We seek contributions across domains - autonomous vehicles, smart homes, medical devices, smart grid, intelligent transportation; and across disciplines - systems, control, human-computer interaction, security, reliability, machine learning, and verification

Important Dates


Paper Submission Deadline January 31st, 2025 (AoE, UTC-12)
Acceptance Notification March 7th, 2025
Camera-ready Submission Deadline March 14th, 2025 (AoE, UTC-12)
Workshop May 15th, 2025


Call for Papers

As the traditionally segregated systems are brought online for next-generation connected applications, we have an opportunity to significantly improve the safety of legacy systems. For instance, insights from data across systems can be exploited to reduce accidents, improve air quality, and support disaster events. Cyber-physical systems (CPS) also bring new risks that arise due to the unexpected interaction between systems. These safety risks arise because of information that distracts users while driving, software errors in medical devices, corner cases in data-driven control, compromised sensors in drones or conflicts in societal policies. Accordingly, the Workshop seeks to bring researchers and practitioners who are actively exploring system design, modeling, verification, and authentication approaches to provide safety guarantees in the Internet of Things (IoT). The workshop welcomes contributions that integrate hardware and software systems provided by disparate vendors, particularly those that have humans in the loop. As safety is inherently linked with security and privacy, we also seek contributions in these areas that address safety concerns. With the workshop, we seek to develop a community that systematically dissects the vulnerabilities and risks exposed by these emerging CPSs, and creates tools, algorithms, frameworks, and systems that help in the development of safe systems.

The scope of our workshop includes safety topics as they relate to an individual’s health (physical, mental), society (air pollution, toxicity, disaster events), or the environment (species preservation, global warming, oil spills). The workshop considers safety from a human perspective and, thus, does not include topics such as thread safety or memory safety in its scope.

Topics of interest include, but are not limited to, the following categories:

OPTIONALLY, in addition to your presentation slot, you have the opportunity to bring a poster about your paper to allow for more in-depth 1:1 discussion between authors and the audience.

SafeThings will also have a demo session that is designed to allow researchers to share provocative opinions, interesting preliminary work, or cool ideas that will spark discussion about IoT safety. Demo presenters will have the opportunity to discuss their work, get exposure, and receive feedback from attendees.

The PC will select a best paper award for work that distinguishes itself in moving the security and privacy of IoT/CPS forward through novel attacks or defenses.


Publication Policy

Page Limit and Formatting

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must follow the official IEEE Conference Proceedings format. Full papers must be at most 6 single-spaced, double column 8.5” x 11” pages excluding references. Demos must be at most 2 single-spaced, double column 8.5” x 11” page, and have "Demo:" in their titles. All figures must fit within these limits. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8b. Papers that do not meet the size and formatting requirements will not be reviewed. All papers must be in PDF format and submitted through the web submission form via HotCRP (submission link below). The review process is double-blind.

Full Papers: 6 pages excluding references.
Demos: 2 pages (with "Demo:" in the title).

Submission Form »

Conflicts of Interest

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

During submission of a research paper, the submission site will request information about conflicts of interest of the paper's authors with program committee (PC) members. It is the full responsibility of all authors of a paper to identify all and only their potential conflict-of-interest PC members, according to the following definition. A paper author has a conflict of interest with a PC member when and only when one or more of the following conditions holds:

  1. The PC member is a co-author of the paper.
  2. The PC member has been a co-worker in the same company or university within the past two years.
  3. For student interns, the student is conflicted with their supervisors and with members of the same research group. If the student no longer works for the organization, then they are not conflicted with a PC member from the larger organization.
  4. The PC member has been a collaborator within the past two years.
  5. The PC member is or was the author's primary thesis advisor, no matter how long ago.
  6. The author is or was the PC member's primary thesis advisor, no matter how long ago.
  7. The PC member is a relative or close personal friend of the author.

For any other situation where the authors feel they have a conflict with a PC member, they must explain the nature of the conflict to the PC chairs, who will mark the conflict if appropriate. The program chairs will review declared conflicts. Papers with incorrect or incomplete conflict of interest information as of the submission closing time are subject to immediate rejection.

Ethical Considerations for Vulnerability Disclosure

We follow the IEEE S&P policy on ethical and responsible vulnerability disclosure.

In particular, where research identifies a vulnerability (e.g., software vulnerabilities in a given program, design weaknesses in a hardware system, or any other kind of vulnerability in deployed systems), we expect that researchers act in a way that avoids gratuitous harm to affected users and, where possible, affirmatively protects those users. In nearly every case, disclosing the vulnerability to vendors of affected systems, and other stakeholders, will help protect users. It is the committee’s sense that a disclosure window of 45 days to 90 days ahead of publication is consistent with authors’ ethical obligations.

Longer disclosure windows (which may keep vulnerabilities from the public for extended periods of time) should only be considered in exceptional situations, e.g., if the affected parties have provided convincing evidence the vulnerabilities were previously unknown and the full rollout of mitigations requires additional time. The authors are encouraged to consult with the PC chairs in case of questions or concerns.

The version of the paper submitted for review must discuss in detail the steps the authors have taken or plan to take to address these vulnerabilities; but, consistent with the timelines above, the authors do not have to disclose vulnerabilities ahead of submission. If a paper raises significant ethical and/or legal concerns, it will be checked by the PC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Ethical Considerations for Human Subjects Research

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

Submissions that describe experiments that could be viewed as involving human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:

  1. Disclose whether the research received an approval or waiver from each of the authors' institutional ethics review boards (IRB) if applicable.
  2. Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.

If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it will be checked by the REC and it might be rejected based on these concerns. The PC chairs will be happy to consult with authors about how this policy applies to their submissions.

Financial and Non-financial competing interests

We follow the IEEE S&P policy on conflicts of interest which we replicate below.

In the interests of transparency and to help readers form their own judgments of potential bias, the IEEE Symposium on Security & Privacy requires authors and PC members to declare any competing financial and/or non-financial interests in relation to the work described. Authors need to include a disclosure of relevant financial interests in the camera-ready versions of their papers. This includes not just the standard funding lines, but should also include disclosures of any financial interest related to the research described. For example, "Author X is on the Technical Advisory Board of the ByteCoin Foundation," or "Professor Y is the CTO of DoubleDefense, which specializes in malware analysis." More information regarding this policy is available here.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. One of the authors of the accepted paper is expected to present the paper in person at the conference. We can accommodate virtual presentations in special circumstances (e.g., visa denials, last-minute illness, etc.).


Organization


General Chairs

Nader Sehatbakhsh (UCLA)

Habiba Farrukh (UCI)


Program Committee Chairs

Luis Garcia (University of Utah)

Fatima Anwar (UMass Amherst)


Technical Program Committee

TBD



Steering Committee

Bharathan Balaji (Amazon)

Robin Kravets (University of Illinois, Urbana Champaign)

Mani Srivastava (University of California, Los Angeles)

Patrick McDaniel (University of Wisconsin-Madison)

Patrick Tague (Carnegie Mellon University)

Ingrid Verbauwhede (KU Leuven)