Kalutharage, Chathuranga and Bradbury, Matthew (2026) Classes of Cyber Physical System Observation Privacy Techniques. In: 12th ACM Cyber-Physical System Security Workshop (CPSS 2026) :. ACM, IND. (In Press)
![[thumbnail of main 2]](https://eprints.lancs.ac.uk/style/images/fileicons/text.png)
Abstract
Content privacy protects data confidentiality through encryption during storage and transmission or via privacy-preserving transformations. However, as Cyber Physical Systems act in a physical space they are also vulnerable to direct observations on the actions taken by the system, its state, and the context in which those actions occur. In such a case, content privacy is insufficient (but often necessary) to provide privacy and additional techniques are required. Across multiple areas, many approaches have been taken to reduce information loss to direct adversary observations, however, research across these different cyber physical system domains has not typically interacted. Therefore, this work deconstructs and systematises existing context privacy techniques into three classes: (i) Add Noise, (ii) Decorrelate, and (iii) Change Observability. We also speculate on class of (iv) Make Sensitive Commonplace techniques. Each class captures a distinct strategy to mitigate information leakage from adversary observations. We illustrate this taxonomy using an example where an adversary observes public transport interactions, showing how each class can be instantiated with a representative context privacy technique. We classify a broad range of past work protecting cyber physical systems from observing adversaries and identify potential gaps in areas where classes of techniques have not been explored in depth.