In recent years, the majority of the world’s Critical Infrastructures CIs evolved to become more flexible, cost efficient and able to offer better services and conditions for business opportunities. Towards this evolution, CIs and companies offering CI services had to adopt many of the recent advances of the Information and Communication Technologies (ICT) field. As part of this framework CIPSEC offers a complete security ecosystem of additional services that can support the proposed technical solutions to work reliably and at professional quality. These services include vulnerability tests and recommendations, key personnel training courses, public-private partnerships (PPPs) forensics analysis, standardization and protection against cascading effects. All solutions and services will be validated in three pilots performed in three different CI environments (transportation, health, environment). CIPSEC will also develop a marketing strategy for optimal positioning of its solutions in the CI security market.

The workshop is collocated with the 21st International Symposium on Research in Attacks, Intrusions and Defenses ( RAID 2018)

Important Dates

Submission Deadline: July 10, 2021 extended to July 20, 2021
Notification to Authors: August 5, 2021
Final version: August 15, 2021

Call for papers

The recent advancements of ICT have given the opportunity to companies, public administrations and various Critical Infrastructures to offer new and innovative services and at the same time lower their operational costs. These advancements however, were quickly adopted without proper evaluation of their impact on security, leaving current IT (Information Technology) and OT (Operation Technology) systems vulnerable to various kinds of cyberattacks. The International workshop on Information & Operational Technology (IT & OT) security systems aims to bring together viewpoints from diverse areas to explore the commonalities of security problems and solutions for advancing the collective science and practice of IT and OT security protection.

List of Topics

  • Security architectures and frameworks for enterprises, SMEs, public administration or critical infrastructures
  • Threat models for systems and communication networks
  • Threat detection, classification and profiling, Incident management
  • Security training
  • Risk assessment – safety and security
  • Security validation, testing platforms and developments
  • Hardware security, Cryptographic engineering
  • Intrusion Detection, Intrusion Prevention
  • Secure Software Development, Malicious Code Analysis
  • Digital Forensics
  • Identity and access management
  • Privacy Enabling Technologies

Papers will be judged on novelty, significance, correctness, and clarity. We expect all papers to provide enough detail to enable reproducibility of their experimental results.

Accepted papers have been publised in LNCS 11398.

Submission Guidelines

Each paper must include an abstract and a list of keywords, and must not exceed 10 pages in total length, formatted in LNCS-style and including the bibliography and any appendices. Position papers of maximum 4 pages describing early research work are also accepted. Papers can be submitted on the following link: https://easychair.org/conferences/?conf=iosec2018


IOSEC 2018 workshop is supported by CIPSEC project

Participants are not required to pay a registration fee, however they must complete the following form

Registration Form


General Chairs

Kostas Lampropoulos University of Patras
Eva Marín Tordera Universitat Politècnica de Catalunya

Publication and Publicity Chair

Apostolos P. Fournaris University of Patras

Technical Program Committee

Antonio Álvarez: Atos
Rodrigo Díaz: Atos
Apostolos P. Fournaris: University of Patras
Odysseas Koufopavlou: University of Patras
Xavi Masip: Universitat Politècnica de Catalunya
Stefan Katzenbeisser: Technical University of Darmstadt
Neeraj Suri: Technical University of Darmstadt
Sotiris Ioannidis: Foundation for Research and Technology - Hellas
Christos Papachristos: Foundation for Research and Technology - Hellas
Vassilis Prevelakis TU Braunschweig
Samuel Fricker FHNW Fachhochschule Nordwestschweiz
Elias Athanasopoulos University of Cyprus
Sharon Keidar-Barner ΙBM Israel
Marco Spruit Universiteit Utrecht
Ciprian Oprisa Bitdefender
Spyros Denazis University of Patras
Dimitrios Serpanos ISI/ATHENA, University of Patras
Nicolas Sklavos University of Patras
Paris Kitsos Technological Educational Institute of Western Greece

Workshop Program

A printable version can be downloaded from this link

The workshop's hall is (Neorion Hall). Venue




Workshop Opening

Workshop introduction and welcome by University of Patras


Keynote Speech

Title: Big and messy data: analyzing security telemetry for incident response and risk assessment

Dr Petros Efstathopoulos (Symantec Research Labs (SRL))


1st Session:Critical Infrastructure CyberSecurity Issues

Chair: Apostolos P. Fournaris

A Cipher Class based on Golden S-Boxes for Clone-Resistant Identity

Saleh Mulhem, Ayoub Mars and Wael Adi.

A Secure and Efficient File System Access Control Mechanism (FlexFS)

Jihane Najar and Vassilis Prevelakis

Protecting Cloud-based CIs: Covert Channel Vulnerabilities at the Resource Level

Tsvetoslava Vateva-Gurova, Salman Manzoor, Ruben Trapero and Neeraj Suri

Detecting In-Vehicle CAN Message Attacks using Heuristics and RNNs

Simon Woo, Shahroz Tariq, Sangyup Lee and Huy Kang Kim


Coffee Break


2nd Session: CyberSecurity Threats, Assessment and Privacy

Chair: Odysseas Koufopavlou

A Questionnaire Model for Cybersecurity Maturity Assessment for Critical Infrastructures

Bilge Yigit Ozkan and Marco Spruit.

Threat Modeling the Cloud: An Ontology Based Approach

Salman Manzoor, Tsvetoslava Vateva-Gurova, Ruben Trapero and Neeraj Suri.

Automated Measurements of Cross-Device Tracking

Konstantinos Solomos, Panagiotis Ilia, Sotiris Ioannidis and Nicolas Kourtellis. 

Incognitus: Privacy-Preserving User Interests in Online Social Networks

Alexandros Kornilakis, Panagiotis Papadopoulos and Evangelos Markatos. 


Lunch Break


3rd Session: Vulnerability and Malware Detection

Chair: Konstantinos Lampropoulos

AngelEye: Deep ahead-of-threat virtual patching of application vulnerabilities

Fady Copty, Andre Kassis, Sharon Keidar-Barner and Dov Murik. 

Malware Clustering Based on Called API During Runtime

János Gergő Széles and Adrian Coleșa. 

CloudNet Anti-Malware Engine: GPU-Accelerated Network Monitoring for Cloud Services

George Hatzivasilis, Konstantinos Fysarakis, Ioannis Askoxylakis and Alexander Bilanakos.

Full Content Search in Malware Collections

Andrei Mihalca and Ciprian Oprisa.



Chair: Sotiris Ioannidis

Security in the era of complex systems

Contact Us

Organizing Committee: Eva Marín Tordera eva [at] ac.upc.edu
Organizing Committee: Kostas Lampropoulos klamprop [at] ece.upatras.gr
Publication and Publicity Chairs: Apostolos P. Fournaris: apofour [at] ece.upatras.gr