Program
IEEE Workshop on Security and Resiliency of Critical Infrastructure and Space Technologies (IEEE SR-CIST 2025)
November 11, 2025
Wyndham Grand Pittsburgh Downtown, Pittsburgh, PA
Room for all sessions: King's Garden 3
Room for breakfast and lunch: King's Garden 4
| Time | Event |
|---|---|
| 7am – 8:30am | Light breakfast (King's Garden 4) |
| 8:30am – 8:45am |
Welcome & opening (King's Garden 3) Opening: Dr. Robert Cunningham, Vice Chancellor for Research Infrastructure, University of Pittsburgh |
| 8:45am -9:45am | Keynote: Dr. Greg Shannon, Idaho National Laboratory Title: Foundations for Trust, Privacy, and Security in Proliferated Spaces Abstract: Given that operational technologies for current (and future) critical infrastructures are proliferating on Earth and in space, we discuss foundational elements to address immediate and future challenges. These systems—ranging from terrestrial energy grids to satellite constellations—are increasingly interconnected, autonomous, and exposed to complex threat environments. As this proliferation accelerates, so too does the urgency to establish foundational principles for trust, privacy, and security that can scale across domains and lifecycles. We look forward to the conversation. |
| Keynote Speaker Bio |  Dr. Greg Shannon is an Idaho National Laboratory Fellow and Chief Cybersecurity Scientist, leading strategic approaches to protect critical infrastructure from cyber-physical threats. Previously, he was Chief Scientist for Carnegie Mellon's CERT Division and served at the White House Office of Science and Technology Policy. He currently serves as Chief Science Officer for the Department of Energy's Cybersecurity Manufacturing Innovation Institute. Greg holds a B.S. in Computer Science from Iowa State University and a Ph.D. in Computer Sciences from Purdue University. www.linkedin.com/in/gregshannon. |
| 9:45am -10:00am | Coffee Break |
| 10:00am– 11:00am |
Paper Presentation Session 1: Session Chair: Masoud Barati (University of Pittsburgh) A Multi-Layered Embedded Intrusion Detection Framework for Programmable Logic Controllers, Rishabh Das (Ohio University), Aaron Werth (The University of Alabama in Huntsville) and Tommy Morris (The University of Alabama in Huntsville) Investigating Physical Consequences of Cyber-Attacks Using a Cyber-Physical Model of a Compressor Station, Andrew S. Hahn, Adam J. Beauchaine, Lee T. Maccarone and Titus A. Gray (Sandia National Laboratories) Route Choice Prediction Through User Behavior Analysis: Towards Robustness Assessment Under External Perturbations, Gustavo Sánchez, Fatih Ünal (Karlsruhe Institute of Technology (KIT)) and Alexandra Wins (Mercedes-Benz Tech Innovation GmbH) |
| 11:00am – 12:15pm |
SR-CIST Panel: Operational Technology (OT) Security Operational Technology (OT) is at the heart of critical infrastructure, enabling the control and automation of industrial systems in sectors such as energy, water, transportation, and manufacturing. As these systems become increasingly connected and integrated with IT networks, they face growing exposure to cyber threats that can disrupt essential services and pose risks to public safety and national security. Ensuring the security and resilience of OT environments is vital to protecting the backbone of modern society. This panel brings together experts across industries to explore the evolving threat landscape, best practices for securing OT systems, and strategies for building robust, resilient critical infrastructure in the face of emerging cyber challenges. Organizer: Daniel G. Cole, Associate Professor, Mechanical Engineering and Materials Science, Director of Cyber Energy Center Moderator: Greg Shannon, Idaho National Laboratory Panelists:
|
| Panelist Bio |
Dionosio De Niz
|
| Panelist Bio |
Samuel J. Perl
|
| Panelist Bio |
James Gillespie
|
| Panelist Bio |
Chad Spensky
|
| 12:15pm -1:15pm | Lunch time window (King's Garden 4) |
| 1:30pm - 2:30 pm |
Paper Presentation Session 2: Session Chair: Lee T. Maccarone, Sandia National Lab. Resilience to Dynamic Load Attacks under AI Demand and Hyperscale Data Centers, Masoud Barati (University of Pittsburgh) TPM-Based Continuous Remote Attestation and Integrity Verification for 5G VNFs on Kubernetes, Al Nahian Bin Emran, Rajendra Paudyal, Rajendra Upadhyay, Lisa Donnan and Duminda Wijesekera (George Mason University) Invited application paper: Space-Based Fog Computing Across LEO and MEO Constellations for On-Orbit Hypersonic Detection and Space Domain Awareness, Jackson Artis and Gregory Falco (Cornell University) |
| 2:30pm - 3:30pm | Invited Talk - Sekar Kulandaivel, PhD – Bosch Title: Fast and Secure Safety-Preserving Hotpatching for Microcontrollers via Static Trampolines Abstract: Reliable and timing-consistent updates are essential for embedded controllers in safety-critical and space systems. Existing hotpatching methods improve update speed through automated patch generation or file system-based mechanisms but often depend on complex runtime modification that affects timing behavior. Patchlings introduces a fast and secure hotpatching framework for microcontrollers that enables emergency in-field updates without reflashing or system interruption. Static trampolines inserted at compile time redirect execution to new code while preserving the original firmware. Patches are stored in a dedicated flash section, and redundant dispatcher tables ensure atomic activation, rollback, and integrity validation. Patchlings is optimized for cases where only a few targeted patches are needed, achieving fast deployment and activation of patches with minimal runtime overhead. A timing buffer mechanism maintains consistent execution time before and after patching, reducing the scope of safety testing. Implemented on NXP S32K microcontrollers running RTOS firmware, Patchlings provides a practical path for secure, long-term maintenance of safety-critical embedded systems. |
| Invited Talk Speaker Bio |  Sekar Kulandaivel is a Research Engineer at Bosch, focusing on security maintenance of embedded controllers in vehicles, remote security testing, and applying large language models for evidence-driven threat analysis. He previously led Product Security at Locomation, securing human-guided autonomous trucks. Before that, he earned his PhD at Carnegie Mellon University, publishing in IEEE S&P ’21, USENIX Security ’19, and ESCAR USA ’22. His research earned a bug bounty from a major automaker and was integrated into the open-source Caring Caribou toolkit. He also received a first-place team award in the DEF CON 24 Car Hacking Village competition designed by Craig Smith (author of The Car Hacker’s Handbook). |
| 3:30pm – 3:45pm | Coffee |
| 3:45pm – 4:45pm |
Paper Presentation Session 3: Session Chair: Mai Abdelhakim (University of Pittsburgh) Grid-Computer Symbiosis: Towards the Industrial Internet of Things, Danielle McGuire (previously at Duquesne Light Company) UAV Intrusion Mitigation for Border Security in 5G with LEO Backhaul Impairments, Rajendra Upadhyay, Al Nahian Bin Emran, Rajendra Paudyal, Lisa Donnan and Duminda Wijesekera (George Mason University) [Virtual] WaveVerif: Acoustic Side-Channel based Verification of Robotic Workflows, Zeynep Erdogan (Newcastle University), Shishir Nagaraja (Newcastle University), Mujeeb Ahmed (Newcastle University) and Ryan Shah (Sapphire) |
| 4:45pm | Adjournment |
| 5:00pm | Networking and Reception (King's Garden Foyer) |
Dionisio de Niz is a Principal Researcher and the Technical Director of the Assuring Cyber-Physical Systems directorate at the Software Engineering Institute at Carnegie Mellon University. He received a Master of Science in Information Networking and a Ph.D. in Electrical and Computer Engineering both from Carnegie Mellon University. His research interest includes Cyber-Physical Systems, Real-Time Systems, Model-Based Engineering (MBE), and Security of CPS. In the Real-time arena he has focused on multicore processors and mixed-criticality scheduling and more recently in real-time mixed-trust computing. In MBE, he has focused on the symbolic integration of analysis using analysis contracts. Dr. de Niz co-edited and co-authored the book “Cyber-Physical Systems” where the authors discuss different application areas of CPS and the different foundational domains including real-time scheduling, logical verification, and CPS security. He has participated and/or helped in the organization of multiple workshops with industry on real-time multicore systems (two co-sponsored by the FAA and three by different services of the US military) and Safety Assurance of Nuclear Energy. He is a member of the executive committee of the IEEE Technical Committee on Real-Time Systems. Dr. de Niz participates regularly in technical program committees of the real-time systems conferences such as RTSS, RTAS, RTCSA, etc. where he also publishes a large part of his work.
Samuel J. Perl is a senior member of the technical staff on the CSIRT development team within the CERT® Program at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. He has been at CERT since 2011 and has worked in a variety of areas including insider threat, vulnerability assessment, security incident and threat data analysis, modeling, and incident management team development/training. Sam has over 20 years working with client organizations to manage their most challenging IT security risk, analyze cyber security data, and scale the testing of their defenses. Prior to joining SEI/CERT, Sam was a manager at Deloitte & Touche LLP in their Security Strategy Group. Sam holds an M.S. degree in Information Security Management from Carnegie Mellon University Heinz College and a B.S in Information Systems from Carnegie Mellon University Dietrich College. He is also an instructor for CMU courses in Blockchain Technology and Cybersecurity for both Undergraduate and Graduate Students. Sam was the PI for research focusing on analysis and modeling of cyber incident expertise, and has published research in insider threat, incident and threat data analysis, threat knowledge discovery, data mining security of information, blockchain and on semantic technologies. Sam also holds a CISSP.
Chief Growth Officer and Vice Chairman at GrayMatter. With over 30 years of experience in industrial intelligence, I am the co-founder and CGO of GrayMatter, a leading OT-focused company that provides consulting, services, and curated technology to transform operations and empower people. My mission is to help companies' manufacturing and critical infrastructure operations improve their performance, efficiency, and security by connecting their assets and human capital. At GrayMatter, we have grown to over 300 team members and over $80M in revenue thanks to our innovative solutions and customer-centric approach. We have also completed five acquisitions and achieved national and international recognition for our offerings and programs. As a leader and a board member of several organizations, I am passionate about fostering a scientifically literate community, advancing regional technology and innovation, and recognizing and celebrating young achievers.
Dr. Chad Spensky is currently the CEO of Allthenticate, providing the world’s first commercial decentralized authentication platform that completely eliminates credential theft by turning smartphones into ubiquitous, easy-to-use authentication devices. Chad has decades of research experience at some of the world’s most prestigious institutions and has numerous academic publications in top conferences. He has a Ph.D. from UCSB’s SecLab, worked on one of the seminal decentralized authentication projects out of CMU, and is a recipient of the prestigious IBM Ph.D. Fellowship. Formerly, Chad was a member of the research staff at MIT Lincoln Laboratory where he helped the Department of Defense with some of their toughest cyber-security problems. He’s also a lifetime hacker, a long-time member of the Shellphish CTF team, and a pretty punny guy.