The Cybersecurity Taskforce of the Computing Community Consortium (CCC) will host a leadership workshop to envision the future of embedded security research on August 13th in Baltimore, Maryland.
Embedded systems such as pacemakers, autonomous vehicles, and the Internet of Things often have real-time constraints and electromechanical components that lead to different vulnerabilities and solutions from traditional computing systems. Embedded security is the study of physical properties, computational properties, and human factors that protect embedded systems from attack.
The workshop, co-chaired by Wayne Burleson (UMass Amherst), Kevin Fu (CCC Cybersecurity Taskforce Chair, University of Michigan), and Farinaz Koushanfar (UC San Diego), will be co-located with the 27th USENIX Security Symposium. It will begin with a reception on the evening of August 12th and conclude by 5 PM on the 13th.
Wayne Burleson
Kevin Fu
Farinaz Koushanfar
The event will consist of deep dive group discussions as well as short visionary talks by several international speakers to lend perspectives on successful strategies for funding embedded security research overseas. Confirmed panelists include:
- US: Sam Fuller, CTO Emeritus of Analog Devices
- China: Wenyuan Xu, Zhejiang University
- Korea: Yongdae Kim, Korea Advanced Institute of Science and Technology
- UK: Ross Anderson, University of Cambridge
Sam Fuller
Wenyuan Xu
Yongdae Kim
Ross Anderson
This workshop is by invitation only – the CCC is seeking short position papers to both assist us in organizing the workshop and in selecting attendees to invite. Participants will consist of invited faculty members, industrial researchers, and government agency program managers.
How to Apply:
The workshop participants will be selected from among the responses to a call for 1-page position papers that address:
- a grand challenge,
- at a time-scale of 5-10 years out,
- requiring multiple experts or subdisciplines,
- identifying gaps in research,
- and presenting compelling opportunities for embedded security research and education.
The following list suggests some possible topics for the position papers, but any embedded security topic is welcome. This list is not exhaustive, but represents the broad definition of embedded security.
- Threat Models in Embedded Security:
- Side channels: Passive and Active
- Sensors and Actuators
- Physical attacks and defenses
- Counterfeiting, trojans
- Reverse engineering
- IP theft
- Tampering
- Third party IP integration
- Defenses:
- Anti-counterfeit, anti-tamper, obfuscation
- Embedded crypto: Symmetric and asymmetric, secure hashing, TRNG
- Energy-constrained security
- IP protection and tracing
- Verification
- Embedded Security Design Patterns:
- Computer architecture
- HW-SW co-design
- Applications:
- Industrial controls
- Autonomous vehicles
- Aviation
- Medical devices
- Power-grid
- Smart homes
- IoT
- Operational Technology
- Cyberphysical security
- Human factors in Embedded Systems: Psychology, Sociology, Economics, Policy
- Post-Quantum Cryptography in Embedded Systems
- Security Economics
- Protecting Legacy Systems
If you are interested in attending the workshop, please complete the application and submit the requested materials, including a one-page position paper, here by June 1st. The workshop organizers will notify the selected attendees by June 15th. The CCC will offer domestic travel reimbursement for participants who desire it. For more information about the workshop, check out the workshop webpage.
If you have any questions feel free to contact Khari Douglas (kdouglas@cra.org).
