8:00-9:15 Registration
9:15 - 10:30 Session 1
9:15 Opening
9:30 Keynote: György Dan. From Pixels to Policies: Securing Multi-Agent Systems Against Adversarial Attacks
Multi-agent systems increasingly rely on machine learning (ML) models for perception and control. The vulnerability of ML to adversarial attacks therefore poses a severe threat to system safety that requires detection and mitigation schemes at multiple levels. At the level of individual agents, ML models must detect adversarial attacks in real-time and at the same time they should perform well despite adversarial attacks. At the system level, agents should be able to detect and identify anomalous agents in a decentralized manner to achieve situational awareness. In this talk, we will explore recent advances in making key computer vision tasks, object detection and classification, robust to physically realizable adversarial attacks through ensemble saliency analysis and ensemble guided reconstruction. Shifting focus to the system level, we then examine how agents can identify adversarial behavior in their peers through decentralized anomaly detection. The methods enable agents to flag and respond to attacks in complex discrete as well as continuous-action environments. Together, these lines of work highlight a broader principle: robust learning systems must not only perform well under ideal conditions but they should also detect, withstand, and recover from adversarial interference, ensuring resilience in safety-critical applications.
10:00 Arifa Islam Champa, Md Fazle Rabbi, Farjana Eishita & Minhaz Zabran. Trick or Trest: A Study of Human Detection of Manipulative Tactics in Phishing Emails.
Phishing emails exploit various psychological strategies, yet little is known about how different categories of such tactics affect user detection accuracy. In this study, we evaluated the user performance in identifying phishing emails that employ various psychological manipulation techniques. We classify phishing emails into five categories based on well-established behavioral frameworks and conduct a user study with 55 participants to assess the detection accuracy in these categories. The results reveal significant variations in human performance. Participants are more accurate in detecting phishing emails that attempt to create pressure on the reader suggesting other recipients have acted similarly. In contrast, phishing emails that exploit emotions and mimic familiar individuals using casual language or personal cues are harder to detect. Our findings highlight the need for category-specific phishing awareness strategies to help users recognize and respond to the most deceptive email types. This study informs the development of human-centered cybersecurity interventions, educational tools, and detection systems to capture the psychological tactics used in phishing attempts, thus improving both safety and security.
10:30 - 11:00 Coffee Break
11:00 - 12:30 Session 2
11:00 Keynote: Giancarlo Guizzardi. Ontologies and Semantic Technologies for Trustworthy Systems Engineering
In this talk, I will give an overview of a number of research results produced by the Semantics, Cybersecurity & Services (SCS) group of the University of Twente, the Netherlands. First, I will show how a Core Ontology of Value and Risk (COVeR) has been used to support modelling and reasoning on risk propagation, as well as the elicitation of ethicality requirements for autonomous systems. Secondly, I will briefly demonstrate how a second Core Ontology of Security Engineering (extending COVeR) has been used to analyse the MITRE D3FEND knowledge graph and systematically point to directions for its improvement. Finally, I will discuss a project in automating the extraction of high-level attack steps (known as Tactics, Techniques and Procedures - TTPs) from Cyber Threat Intelligence reports and how further research on understanding inherent ambiguities in TTP knowledge structures is key to take a leap in the field.
11:30 Surasak Phetmanee, Michele Sevegnani & Oana Andrei. Rational Verification in Repeated Security Games.
Cyber attackers often engage in adaptive, repeated attacks, whereas many existing defensive models are static and lack mechanisms for long term strategy validation. We introduce a rational verification framework for Repeated Stackelberg Security Games that evaluates the ongoing optimality of defender strategies under rational attacker behaviour. Our framework incorporates discounted payoffs to emphasise early-stage threats and dynamically adjusts strategies in response to evolving conditions. Experimental results show that our approach improves the utility of the defender and supports an effective resource allocation.
12:00 Benedikt Peterseim and Milan Lopuhaä-Zwakenberg. Towards a Unified Compositional Account of Fault Trees and Attack Trees.
Fault trees and attack trees both serve as popular tools for analysing risk in their respective domains: safety and security. They are strikingly similar in many respects, including syntax and algorithms. However, they differ in how they quantify risk: classical frameworks for attack tree metrics do not include the analogous risk metric used in fault trees: the system unreliability. Refining prior work grounded in operads, we show that, using a compositional approach based on gs-monoidal categories, one can unify these two worlds, treating the system unreliability of fault trees as an attack tree metric (where the “attacker” is nature). In addition, this compositional structure of attack trees is preserved by attack tree metrics, thus leading to fully compositional (or “functorial”) semantics of attack trees and fault trees.
12:30 - 13:30 Lunch Break
13:30 - 15:00 Session 3
13:30 Keynote: Francesco Flammini. TBA. Digital twins for trustworthy autonomy
The concept of risk combines threat probabilities, vulnerabilities, and expected consequences. Traditional risk modelling evaluates these at design time and may repeat periodically, but it cannot account for how risk evolves with actual system states or detected threats. In connected cyber-physical systems (CPS) and the Internet of Things (IoT), a key challenge is enhancing resilience through mechanisms for real-time threat detection, risk estimation, and system reconfiguration, following Self-X principles like self-diagnostics and self-healing. Threats can be intentional (e.g., security attacks) or unintentional (e.g., random faults). A major goal is to develop model-based approaches that enable runtime risk evaluation, considering uncertainties in both the system and its environment. These models should address the growing complexity and criticality of modern CPS. Multi-paradigm modelling combines probabilistic languages like Bayesian Networks with formalisms such as Petri Nets to balance ease of use, expressiveness, and solving efficiency. Static models used for design-time risk assessment can be integrated for online monitoring, threat detection, and dynamic adaptation. Reusing models from system certification, coupled with runtime model-checking, supports explainable AI (XAI), crucial for building trustworthy autonomous CPS like self-driving vehicles. Digital Twins (DT) are emerging as a promising paradigm for runtime modelling and performance prediction in CPS across various domains. This talk introduces a framework that merges DT with self-adaptation, enabling CPS to self-monitor, self-diagnose, and self-heal, promoting proactive dependability and collaborative security in critical applications such as smart cities and Industry 4.0.
14:00 Iman Riaz Hasrat, Sami M. Abdullahi & Eun-Young Kang. Quantitative Assessment of Energy Efficiency, Comfort, and Safety in an Intelligent Heating System Under False Data Injection Attacks.
Domestic heating systems, as major energy consumers, exhibit significant potential for energy flexibility, particularly under dynamic energy pricing. However, when integrated into smart building automation systems (BASs), they become vulnerable to cyberattacks, especially through data communication channels. These vulnerabilities may pose severe risks to system performance as well as safety constraints. This paper introduces two targeted false data injection (FDI) attack scenarios focusing on communication channels. We also propose operational and comfort safety constraints, targeting proper thermostat function and user well-being. We evaluate both security and safety features in a 4-room Danish family-house with intelligent heating control system. Results reveal that the attacks disrupt energy efficiency, lead to unacceptable user comfort, and violate safety boundaries. This study highlights critical cybersecurity risks in BASs and provides valuable insights for enhancing the safety and resilience of smart heating systems.
14:30 Muhammad Arsal, Hafizul Asad, Temer Kamel & Asiya Khan. Cyber-Safety Assessment of Wind Turbines: A Reachability Analysis Approach Against Cyber-Attacks.
Cyber threats to Wind Power Plants (WPPs) are progressively rising as they often rely heavily on numerous digital assets and interconnected control systems. This makes WPPs more attractive to cybercriminals, as sabotaging these facilities can disrupt grid stability and energy supply. Most risk analyses of WPPs use informal frameworks or simulations, which can miss rare but critical scenarios, especially during cyberattacks, due to their non-exhaustive nature. This can compromise both security and safety. However, formal methods like model checking and theorem proving provide us with guarantees to ensure safety and stability. This paper presents the application of formal methods, particularly reachability analysis, to highlight the risks associated with wind plants. The focus is on model-based safety analysis of a wind turbine, including its pitch control system, with an emphasis on scenarios involving cyberattacks. We model the wind turbine system as a hybrid automaton based on its different control regions. We then perform reachability analysis of the hybrid automaton to examine all system states over a finite horizon, thus addressing the verification challenges inherent in such nonlinear dynamical systems. We identify vulnerabilities present in the system that attackers may exploit to cause harm to the plant. We conclude by discussing the impact of two different cyber attacks on the safety of the system.
15:00 - 15:30 Coffee break
15:30-17:00 Interactive session