SDIoTSec 2026

Workshop on Security and Privacy in Standardized IoT (SDIoTSec)

Co-located with NDSS 2026 »

Consumers increasingly rely on IoT products to manage essential aspects of daily life, including home safety, health, recreation, and personal convenience. Design and implementation practices of IoT devices are known to be heterogeneous, with vendor-specific protocols, designs and developments for device access, communication, and security management. This diversity poses significant challenges to both IoT security and consumer usability. In response, the emergence of IoT standards aims to address these issues. Notable examples include the Matter open-source project, a major industry collaboration that provides a unified standard for IoT design and implementation, simplifying development for manufacturers and enhancing device compatibility for consumers. Additionally, the IoT Labeling Program of the Federal Communications Commission (FCC) seeks to establish security standards for manufacturers.

Any security and privacy problems in IoT standards and standardized IoT practices can be easily inherited by real IoT products of many manufacturers. This workshop aims to promote research that investigates and evaluates the foundational role of IoT design standards and their implementations (open-source and closed source) for the security, privacy, and trustworthiness of IoT systems. The IoT industry, open-source community and academia are expected to develop and apply practical, rigorous security and privacy measures to ensure that IoT standards and standardization processes are both well-designed and properly implemented.

cfp anchor

Call for Paper

We invite researchers and practitioners to submit original research papers for the second Workshop on Security and Privacy in Standardized IoT (SDIoTSec 2026). The aim of this workshop is to bring together experts from academia, industry, open-source community, governments to discuss and address security and privacy challenges emerging in standardized IoT design and implementations and their real-world deployments. The expected impacts include significantly eliminating security and privacy threats in both the design and implementation space of IoT.

Scope and Topics of Interest

The research should be related to emerging IoT standards (such as Matter, IoT Cybersecurity Labels, SBOM, CBOM, HBOM or any supply chain standards/regulations), or common IoT design and implementation ("common" means shared by multiple vendors). The research is related to security, privacy, safety, and governance of IoT systems.

Specific topics of interests include but are not limited to the following:

Novel attacks
Privacy-enhancing techniques
Problems related to heterogeneous IoT design and practices
Case studies or analysis of emerging Federal IoT standards including SBOM and FDA approval requirements
Formal methods to find attack vectors or for defense
AI/ML/NLP based methods for analysis of specifications
Program analysis on implementation of Matter, or other standard implementation of IoT systems
End-user facing problems
Problems in real-world adoption of IoT-standard design and implementations
Policies or governance issues related to Matter or emerging IoT standards
Surveillance and censorship related to Matter or emerging IoT standards
Anonymity and pseudonymity related to Matter or emerging IoT standards
Case studies and real-world experience related to Matter or emerging IoT standards

The PC will select a best paper award for work that distinguishes itself in advancing the security, safety, and privacy of standardized IoT design and implementation.

Submission Instructions

Submitted papers must be in English, unpublished, and must not be currently under review for any other publication. Submissions must be a PDF file in double-column NDSS format (https://www.ndss-symposium.org/ndss2026/submissions/call-for-papers/). We accept (1) regular papers with up to 8 pages, (2) short papers or work-in-progress papers with up to 4 pages. The page limits does not include bibliography and well-marked appendices, which can be up to 2 pages long. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the NDSS format. The review process is double-blind. (Papers must be submitted in a form suitable for anonymous review: no author names or affiliations may appear on the title page, and papers should avoid revealing authors’ identity in the text.) All papers must be in Adobe Portable Document Format (PDF) and submitted through the web submission form via Hotcrp (submission link below).

Submission Website »

Important Dates (AoE Time)

Paper submission	December 18, 2025 (AoE, UTC -12)
Workshop	February 23, 2026

Publication and presentation

All papers will be published by the Internet Society with official proceedings. At least one author of each accepted submission will register and present at the workshop. Authors are responsible for obtaining appropriate publication clearances. We are expecting to hold an in person conference and that authors will be able to travel to the conference to present their paper, but will make allowances for remote presentation in cases where all authors of a paper have legitimate reasons they are unable to attend in person.

Program anchor

Program

Workshop on Security and Privacy in Standardized IoT (Co-located with NDSS 2026)

Location: Pacific (plenary) ballroom

Feb. 23, 2026

09:00 AM - 09:15 PM | Opening Remarks

Luyi Xing (University of Illinois Urbana-Champaign)

09:15 AM - 10:00 AM | Keynote I by Susan Landau

Speaker: Susan Landau (Professor of Cyber Security and Policy in Computer Science, Tufts University)

Title “How to Talk so Policymakers Will Listen”

Abstract: Policymakers and computer scientists speak different languages. Getting tech policy right requires technologists to learn how to communicate so policymakers can understand the issues and make reasonable judgements. In this keynote, I present lessons learned from twenty-five years of policy work in cybersecurity.

Susan Landau is Professor of Cyber Security and Policy in Computer Science, Tufts University. Previously, as Bridge Professor of Cyber Security and Policy at The Fletcher School and School of Engineering, Department of Computer Science, Landau established an innovative MS degree in Cybersecurity and Public Policy joint between the schools. She has been a senior staff privacy analyst at Google, distinguished engineer at Sun Microsystems, and faculty at Worcester Polytechnic Institute, University of Massachusetts Amherst, and Wesleyan University. She has served at various boards at the National Academies of Science, Engineering and Medicine and for several government agencies. She is the author or co-author of four books and numerous research papers. She has received the USENIX Lifetime Achievement Award, shared with Steven Bellovin and Matt Blaze, and the American Mathematical Society's Bertrand Russell Prize.

10:00 AM - 10:20 AM | ☕ Morning Break

10:20 AM - 11:35 AM | Paper Session I — Foundations and Assurance of Standardized IoT Systems

An Analysis of Matter IoT Security Against International Standards and Regulatory Framework

Enabling Research Extensions in Matter via Custom Clusters

Runtime Consistency Enforcement Between SBOM and Software Execution

UDIM: Formal User-Device Interaction Model for Approximating Artifact Coverage in IoT Forensics

Identifying Microcontroller Architecture Through Static Analysis of Firmware Binaries

11:35 AM - 11:50 AM | 🖼 Poster & Interactive Discussion Session I

11:50 AM - 13:20 PM | 🍽 Lunch Break

13:20 PM - 14:15 PM | Keynote II by Sanjay Aiyagari

Speaker: Sanjay Aiyagari (Senior Principal Chief Architect, Red Hat)

Title "NLIP: A Natural Language Approach to Securing IoT Devices"

Abstract: Many IoT devices suffer from a vast array of security vulnerabilities. Unlike traditional software applications, security flaws in IoT devices can cause real physical damage, which makes avoiding them all the more important. This session will cover a new approach to this problem, using capabilities from the recently standardized ECMA-430 Natural Language Interaction Protocol (NLIP). It will cover how a natural language interface combined with built-in enterprise-grade security creates a much improved security baseline for your devices.

Bio: Sanjay Aiyagari is a Chief Architect in Red Hat’s Telco CTO Office working with service providers in their advanced technology initiatives including AI/ML and edge computing. With a long background in networking (Cisco) and virtualization (VMware), at Red Hat he is now helping enterprises use these capabilities to build out secure, decentralized data architectures to help customers escape lock-in. He is actively involved in ECMA TC 56 which develops NLIP to allow AI agents to work across all LLMs, in O-RAN nGRG which is bringing AI capabilities to 6G networks, and in 3GPP SA5, which is working on OAM for 6G.

Prior to Red Hat, he ran product management and strategy at Siaras, a startup and pioneer in the multicloud networking space. Before that, he spent six years at VMware, where he advised the world’s largest telcos in virtualizing their critical real-time network functions. Beyond typical product delivery roles at Cisco, he also contributed as one of the earliest key members to the OASIS AMQP (ISO-19464) specification, which is widely used in cloud management, financial trading, transportation and military systems today. Beyond ECMA and O-RAN, he has also contributed to numerous other industry groups, including OASIS, ETSI ENI, IOWN Global Forum, and the Enterprise Neurosystem's Secure Connectivity working group, as well as contributing to inputs for the White House's National AI Research Resource and the UN Framework Convention on Climate Change Technology Executive Committee.

Mr. Aiyagari has a BS in Electrical Engineering from Cornell University and an MS in Computer Science from Columbia University.

14:15 PM - 14:25 PM | SDIoTSec Hackathon & Community Initiative Announcement By Luyi Xing

14:25 PM - 15:10 PM | Paper Session II — Regulatory, Community, and Ecosystem Perspectives

Insights from GitHub Community on the Matter Standard: Developer Perspectives and Challenges

Security and Privacy Challenges in Standardized IoT Systems: Insights from the EU Cyber Resilience Act

DQN-IDS: A Deep Reinforcement Learning Approach for Open Set-Enabled Intrusion Detection

15:10 PM - 15:40 PM | ☕ Coffee Break & Poster Session II

15:40 PM - 16:10 PM | Paper Session III — Privacy, Usability, and Future Adoption

Towards Ubiquitous and Automated User Privacy Configuration

Improving Adoption of Home IoT Beyond Single-Family Homes: Delineating Required Characteristics

16:10 PM - 16:20 PM | 🏆 Best Paper Award & Closing Remarks

venue anchor

Venue

SDIoTSec '26 is co-located with the Network and Distributed System Security (NDSS '26) in Feb. 23, 2026 in San Diego, California.

Contacts

Contact SDIoTSec 2026 chairs at: SDIoTSec@gmail.com.