Call for Paper: Workshop Trustworthy Cyber Infrastructures at ESORICS 26

In the context of Cyber 4.0’s participation in ESORICS 2026, we are pleased to present the call for papers for the workshop entitled Trustworthy Cyber Infrastructures, which will focus on trust, continuous verification, resilience, and the governance of strategic cyber infrastructures. The workshop will take place on 18 September 2026 in Rome, as part of the ESORICS 2026 programme, one of Europe’s leading conferences in computer security.

The call for papers invites scholars and professionals to submit original contributions that can enrich both the scientific and practical discussion on the role of trustworthy cyber infrastructures in strategic contexts. Submissions may address, among other topics, trust and zero-trust architectures, supply chain security, cyber-physical systems, artificial intelligence, and the governance and regulation of digital infrastructures, with the aim of fostering dialogue between research, practice, and future development perspectives.

This event offers an important opportunity to examine some of the most pressing challenges in cybersecurity and to contribute to the broader reflection on how to build digital infrastructures that are more trustworthy, resilient, and capable of operating in complex and highly dynamic environments.

ESORICS Workshop

Trustworthy Cyber Infrastructures

Important dates:

• Paper submission deadline: 30^th May 2026
• Notification of acceptance: 15^th July 2026
• Workshop date: 18^th September 2026

Call for Papers

Every trust relationship is a potential vulnerability. Trust remains a foundational yet paradoxical concept in cybersecurity and information systems. On the one hand, trustworthy infrastructures are essential for the functioning of contemporary societies, digital economies and critical services. On the other hand, every established trust relationship – between users and platforms, components and package managers, organizations and service providers, AI models and data pipelines – creates potential attack surfaces. While computational trust research has traditionally emphasized positive trust, negative forms - distrust, mistrust, and untrust – are equally important in understanding systemic vulnerabilities. Trust implies reliance in conditions of uncertainty; yet misplaced or excessive trust may enable exploitation across software supply chains, cyber-physical systems, and AI-enabled infrastructures.

This foundational tension has translated into competing architectural and governance paradigms for securing digital infrastructures. One approach seeks to cultivate trustworthiness through safeguards, certification regimes, governance mechanisms, and institutional assurances that enable coordinated participation across software ecosystems and digital platforms. The alternative paradigm, embodied in Zero Trust Architectures (NIST SP 800-207), minimizes implicit trust by continuously verifying every access request, regardless of origin. Rather than eliminating trust altogether, this shift reconfigures how and where trust is placed—moving it from relational assumptions to technical controls and institutional frameworks. The interplay between relational trust, institutional assurance, and continuous verification has profound implications for the design, scalability, and governance of strategic cyber infrastructures.

This tension is particularly evident in high-stakes and strategically relevant domains, where cyber infrastructures underpin essential societal functions and national resilience. Examples include critical maritime and underwater systems such as subsea cables, pipelines, autonomous underwater vehicles, and landing stations; energy grids and transport networks integrating IT/OT components; AI-enabled cyber-physical infrastructures supporting automated decision-making; healthcare and biotechnological systems handling sensitive data and life-critical processes; and strategic digital supply chains upon which both civilian and dual-use technologies depend. In such contexts, infrastructures operate as end-to-end socio-technical ecosystems in which technical dependencies, governance mechanisms, regulatory frameworks, and geopolitical considerations are deeply intertwined.

This workshop invites scholars and practitioners to examine how strategic cyber infrastructures can balance trust, verification, resilience, and operational viability in increasingly adversarial and geopolitically contested environments. Drawing on the tradition of infrastructure studies and engaged research traditions in information systems, we encourage contributions that investigate how trustworthiness is constructed, maintained, measured, and governed across technical, organizational, legal, economic, and policy dimensions. As prior research suggests, effective infrastructures require the alignment of multiple trust dimensions - such as ability, benevolence, and integrity - since no single dimension suffices to sustain complex strategic infrastructures operating under conditions of uncertainty, interdependence and adversarial risk.

We particularly welcome contributions addressing:

• Trust, zero-trust, and hybrid architectures for strategic cyber infrastructures
• Security and resilience of critical and cyber-physical systems (e.g., maritime/underwater, energy, transport, healthcare)
• Threat modelling and risk assessment in cyber infrastructures
• Software, hardware, and AI supply chain security
• Robustness and adversarial resilience of AI-enabled systems
• Post-quantum and cryptographic challenges in long-lived infrastructures
• Governance, regulation, and compliance-by-design (AI Act, CRA, NIS2)
• Economic, geopolitical, and dual-use implications of trustworthy cyber infrastructures 

Interdisciplinary contributions from computer science, cybersecurity, information systems, law, economics, public policy, and management are encouraged.

Paper submissions

Prospective authors are invited to submit their manuscripts to following email address: esorics2026@cyber40.it. All submissions will undergo a peer-review process and will be evaluated according to the following criteria:

• relevance to the workshop theme, 
• novelty and potential contribution, 
• methodological soundness (or clarity of research plan for work-in-progress), and 
• clarity of presentation.

We invite the following types of submissions:

-        Full paper drafts: These submissions are close to finished research up to 5000 words (but can be less). Authors submitting full paper drafts are expected to serve as discussants for another article of this submission type.

-        Extended abstracts: These submissions can present an idea or research-in-progress that is up to 1500 words. Authors submitting extended abstracts are expected to serve as discussants for another article of this submission type.

Please use the regular ESORICS template for submissions and include the author(s) name(s) and affiliation(s) in the submission.

Registration

Workshop registration is handled through the ESORICS 2026 online registration system. Please see the ESORICS 2026 website for more information. We welcome both authors and others interested in the topic to join the workshop.

Workshop format

This workshop is a paper/idea development workshop. The workshop will include keynotes and roundtable discussions. The discussions will be organized around thematically grouped roundtables. Authors who have submitted their work to the workshop are expected to act as discussants for other participants in the same roundtable. Each accepted submission will be allocated 45 minutes in its roundtable (typically 10 minutes for a short presentation and 35 minutes for structured discussion and feedback).

Keynotes

Keynotes will be announced later.

Questions

Should you have any questions related to the workshop, please contact the chairs at esorics2026@cyber40.it.

Schedule and location

The workshop will be organized at the margins ESORICS 2026 in Rome, Italy (September 2026). Detailed schedule and exact location will be made available prior to the workshop.

Workshop co-Chairs

• Alessandro Mei, Sapienza University
• Paolo Spagnoletti, Luiss University

Program Committee

• Massimo Bernaschi, CNR
• Patrizio Campisi, Roma Tre University
• Gianluca Capozzi, Karlsruhe Institute of Technology
• Domenico Capriglione, Unicassino University
• Luca Faramondi, Campus Biomedico University
• Norberto Gavioli, L’Aquila University
• Leonardo Querzoni, Sapienza University
• Annita Sciacovelli, University of Bari
• Vincenzo Tagliaferri, Tor Vergata University
• Rossella Sabia, Luiss University

Local organizing Committee

• Fabio Angeletti, Luiss University
• Aysel Aizada, Luiss University

References and Suggested Readings

Baskerville, R. (1993). Information systems security design methods: Implications for information systems development. ACM Computing Surveys, 25(4), 367–414. 

Baskerville, R., & Myers, M. (2004). Special Issue on Action Research in Information Systems: Making IS Research relevant to practice - foreword. MIS Quarterly, 28(3), 329–335.

Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), 138–151. 

Hanseth, O., & Ciborra, C. (2007). Risk, complexity and ICT. Edward Elgar Publishing Limited.

Hanseth, O., & Lyytinen, K. (2010). Design theory for dynamic complexity in information infrastructures: the case of building internet. Journal of Information Technology, 25(1), 1–19.

Hou, F., & Jansen, S. (2023). A systematic literature review on trust in the software ecosystem. Empirical Software Engineering, 28(1), Article 8. 

Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of Management Review, 20(3), 709–734.

NIST. (2020). Zero trust architecture (NIST Special Publication 800-207). National Institute of Standards and Technology. 

Pavlou, P. A. (2002). Institution-based trust in interorganizational exchange relationships: The role of online B2B marketplaces on trust formation. The Journal of Strategic Information Systems, 11(3–4), 215–243. 

Salvi, A., Spagnoletti, P., & Noori, N. S. (2022). Cyber-resilience of critical cyber infrastructures: Integrating digital twins in the electric power ecosystem. Computers & Security, 112, Article 102507. 

Spagnoletti, P., Kazemargi, N., Constantinides, P., & Prencipe, A. (2025). Data Control Coordination in the Formation of Ecosystems in Highly Regulated Sectors. Journal of the Association for Information Systems, 4(26), 977–1008. https://doi.org/10.17705/1jais.00920

Spagnoletti, P., & Resca, A. (2008). The duality of Information Security Management: Fighting against predictable and unpredictable threats. Journal of Information System Security, 4(3), 46–62.