Computing Community Consortium Blog

The goal of the Computing Community Consortium (CCC) is to catalyze the computing research community to debate longer range, more audacious research challenges; to build consensus around research visions; to evolve the most promising visions toward clearly defined initiatives; and to work with the funding organizations to move challenges and visions toward funding initiatives. The purpose of this blog is to provide a more immediate, online mechanism for dissemination of visioning concepts and community discussion/debate about them.

Mechanism Design for Improving Hardware Security – Call for White Papers and Orientation Webinar

December 13th, 2021 / in Announcements, call for papers, CCC, Security / by Khari Douglas

The Computing Community Consortium (CCC) will hold a visioning workshop on Mechanism Design for Improving Hardware Security during the summer of 2022 (exact date and location TBD). We seek short white papers to help create the agenda for the workshop and select attendees.

From election security to critical health applications, trustworthy hardware is the bedrock of a modern free and healthy society. Once niche and arcane, the field of hardware security has recently become one of the most pressing issues in cybersecurity. Microarchitectural side channel attacks like Spectre and Meltdown have shown how pervasive, dangerous, and hard-to-fix a hardware attack could be; integrity attacks such as Rowhammer and CLKSCREW show how attackers can practically overwrite user data. As hardware development becomes more like software due to availability of free  hardware designs and tools the prevalence and discovery of these types of design/security problems are likely to accelerate. 

Especially concerning is that these problems, while well-known and publicized, have generally not been fixed pervasively. Why? The answer, perhaps, is not only a lack of technical solutions that are considered practical but also a series of market failures such as information asymmetry, prisoners dilemmas, and markets for lemons, which disincentivize those who are able to fix serious security vulnerabilities from doing so.  

Underpinning these market failures is the fact that hardware security usually comes at a cost in terms of performance, power, or area; present issues in hardware security can be seen as the result of the players in the game of hardware security finding ways of avoiding paying this cost. 

At this workshop, participants will investigate ways to improve the design and uptake of hardware security mechanisms. In addition to looking at traditional technical solutions, the workshop will also consider new mechanisms to incentivize designers, system integrators, and users to create and maintain security of their systems. The workshop will bring together hardware and software security experts and economists and experts in devising and implementing governmental policies.

For participation in this workshop, we request white papers of no more than two pages. Topics of interest include, but are not limited to:

  • How do current policies and market structures disincentive hardware oriented security solutions? How do we fix this: what technical and policy frameworks are necessary to make progress in this area?
  • What are the mechanisms necessary to enforce a government mandate that says that X% of the performance or cost should be set aside for security? What mechanisms are necessary to determine X? How often should X be determined? Is there a quantitative approach for the organization to use up this security budget? How would this be enforced on user systems? Are there alternate government mandates that are actionable and can be supported technically?
  • Is there an equitable way to proportion the benefits of security and impacts of security attacks? What hardware support, if any, is necessary to facilitate this process? 
  • How do we establish a chain of responsibility for malicious and negligent action while also maintaining privacy?
  • How can hardware innovations (e.g. U2F tokens) fundamentally impact software dark economies?
  • What incentives are necessary to patch hardware bugs in a timely manner?
  • What education/certification requirements are necessary for increasing the awareness and application of hardware security solutions?
  • Are there parallels to software certification requirements for hardware? What would these assurance/certification requirements look like?
Simha Sethumadhavan

Simha Sethumadhavan

Tim Sherwood

Tim Sherwood

Workshop organizers Simha Sethumadhavan (Columbia University) and Tim Sherwood (University of California Santa Barbara) will host an orientation webinar from 1 – 2:30 PM ET on Thursday, January 13th, 2022 to outline the goals of the workshop and expand on what they are looking for in the white papers. Following the pre-recorded presentations there will be an opportunity for Q&A with the speakers. 

A submission form for the position papers will be released following the orientation webinar. Register to attend the orientation here and learn more about the workshop and its goals on the workshop webpage

Disclaimer: Posts on this blog report on happenings, opportunities, and issues that arise in the broad computing research community, and do not necessarily reflect the opinion of the CCC or the National Science Foundation.


Related posts:

  1. Two Hardware Security Design Flaws Affect Billions of Computers
  2. A Primer on the Meltdown & Spectre Hardware Security Design Flaws and their Important Implications
  3. WATCH Talk- New Frontiers in Hardware Security and Trust
  4. WATCH Talk- The CHERI Processor: Revisiting the Hardware-Software Interface for Security
  5. Call for Papers for the 7th Annual Hot Topics in the Science of Security (HoTSoS) Symposium
Mechanism Design for Improving Hardware Security – Call for White Papers and Orientation Webinar

Tags:

Comments are closed.