The Cybersecurity Taskforce of the Computing Community Consortium (CCC) will host a leadership workshop to envision the future of embedded security research on August 13th in Baltimore, Maryland.
Embedded systems such as pacemakers, autonomous vehicles, and the Internet of Things often have real-time constraints and electromechanical components that lead to different vulnerabilities and solutions from traditional computing systems. Embedded security is the study of physical properties, computational properties, and human factors that protect embedded systems from attack.
The workshop, co-chaired by Wayne Burleson (UMass Amherst), Kevin Fu (CCC Cybersecurity Taskforce Chair, University of Michigan), and Farinaz Koushanfar (UC San Diego), will be co-located with the 27th USENIX Security Symposium. It will begin with a reception on the evening of August 12th and conclude by 5 PM on the 13th.
The event will consist of deep dive group discussions as well as short visionary talks by several international speakers to lend perspectives on successful strategies for funding embedded security research overseas. Confirmed panelists include:
- Ross Anderson, University of Cambridge, UK
- Srdjan Capkun, ETH Zürich, Switzerland
- Brian Fitzgerald, FDA, US
- Sam Fuller, CTO Emeritus of Analog Devices, US
- Yongdae Kim, Korea Advanced Institute of Science and Technology, Korea
- Sandip Kundu, National Science Foundation, US
- Douglas Maughn, Department of Homeland Security, US
- Tomas Vagoun, NITRD, US
- Wenyuan Xu, Zhejiang University, China
This workshop is by invitation only – the CCC is seeking short position papers to both assist us in organizing the workshop and in selecting attendees to invite. Participants will consist of invited faculty members, industrial researchers, and government agency program managers.
How to Apply:
The workshop participants will be selected from among the responses to a call for 1-page position papers that address:
- a grand challenge,
- at a time-scale of 5-10 years out,
- requiring multiple experts or subdisciplines,
- identifying gaps in research,
- and presenting compelling opportunities for embedded security research and education.
The following list suggests some possible topics for the position papers, but any embedded security topic is welcome. This list is not exhaustive, but represents the broad definition of embedded security.
- Threat Models in Embedded Security:
- Side channels: Passive and Active
- Sensors and Actuators
- Physical attacks and defenses
- Counterfeiting, trojans
- Reverse engineering
- IP theft
- Tampering
- Third party IP integration
- Defenses:
- Anti-counterfeit, anti-tamper, obfuscation
- Embedded crypto: Symmetric and asymmetric, secure hashing, TRNG
- Energy-constrained security
- IP protection and tracing
- Verification
- Embedded Security Design Patterns:
- Computer architecture
- HW-SW co-design
- Applications:
- Industrial controls
- Autonomous vehicles
- Aviation
- Medical devices
- Power-grid
- Smart homes
- IoT
- Operational Technology
- Cyberphysical security
- Human factors in Embedded Systems: Psychology, Sociology, Economics, Policy
- Post-Quantum Cryptography in Embedded Systems
- Security Economics
- Protecting Legacy Systems
If you are interested in attending the workshop, please complete the application and submit the requested materials, including a one-page position paper, here by June 1st. If an interested participant needs an extension, email Khari Douglas at kdouglas@cra.org by June 1st. The workshop organizers will notify the selected attendees by June 15th. The CCC will offer domestic travel reimbursement for participants who desire it. For more information about the workshop, check out the workshop webpage.
If you have any questions feel free to contact Khari Douglas (kdouglas@cra.org).