Session I: Monday, January 9th, 10:30 am -12:00 pm
1. Title: Formal Approaches to Security: Turing Wins the Game?
Room: Alexandria-2nd level/Capacity: 90
Moderator: Greg Shannon (OSTP)
Click here to download the list of session attendees and scribes
Abstract: For this breakout session we will discuss the long-term goal of defensive deterrence (in the Federal Cybersecurity R&D Strategic Plan), focusing on the following challenges:
- Developing and applying scalable formal methods
- Proving lower bounds on the strength of the weakest link
- Extracting information from incomplete searches for counterexamples
- Entangling various mechanisms to create unassailable security
- Working through unknowability, undecidability, intractability
After a 15 minute framing and 15 minute Q&A session with OSTP Assistant Directory for Cybersecurity Strategy, Greg Shannon, attendees will break into small groups (6-8 people) for an hour to consider challenge statements, competitions, and benchmarks that address the long-term goal of defensive deterrence. All small groups, even those not in the session are encouraged to submitted a 1-page PDF write up of their challenge on the cps-vo.org website. Hard copy packets of these 1-pagers will be handed out to attendees before the Wednesday morning panel.
2. Title: “OPEN” (Open room for ad hoc research discussions or side meetings)
Room: Fairfax Boardroom-2nd level/Capacity: 20
Click here to download the list of session attendees and scribes
3. Title: Cloud Security
Room: Grand Ballroom-Salon D-1st level/Capacity: 50
Moderator: Adita Akella (Wisconsin-Madison)
Click here to download the list of session attendees and scribes
Abstract: There has been a dramatic transformation of IT infrastructure in the past decade with the adoption of cloud computing, where processes that used to run on-site at a company are now migrating into data centers and run on hardware shared with other customers. This migration encompasses computing, storage, and networking. Using hosted infrastructure increases the velocity of deployments, as it allows for rapid up- and down-scaling of systems. Recent advances in virtualization and the advent of software defined infrastructure have accelerated the pace of migration. Even more recent trends are further disrupting this rapidly evolving space; these include the rise of microservices and the emergence of new, light-weight isolation technologies such as containers. A natural question that arises is: how to secure this modern compute ecosystem? The goal of this breakout session is to explore answers to this question. We plan to examine the security challenges and opportunities created by recent advances in cloud computing. On the challenges front, we will explore issues such as new threats and vulnerabilities, and old attacks re-imagined in the cloud computing space. On the opportunities front, we will examine issues such as security solutions uniquely enabled by the single administrator control of the cloud infrastructure, how to leverage the cloud’s software defined infrastructure to develop novel defense mechanisms. We will also explore opportunities for clean slate systems design; i.e., what capabilities to add to clouds to further improve security? In all cases, the idea is to explore all “layers” of the cloud stack ranging from infrastructure all the way to applications, protocols, and users.
4. Title: Transition to Practice (TTP) Bootcamp
Room: Grand Ballroom-Salon E-1st level/Capacity: 45
Moderator: Becky Bace (South Alabama & Infidel, Inc.), Michael Chambers (South Alabama)
Click here to download the list of session attendees and scribes
Abstract: Every PI would like to see their research make an impact in the real world. Although funding Transition to Practice (TTP)-worthy projects remains a Federal cybersecurity priority across multiple funding agencies, many PI’s are unclear about the logistics and means by which to transition their research into an operational cybersecurity context. Transitioning research doesn’t always equate to leaving academia to form a start-up company. A multitude of alternatives exist, such as licensing the intellectual property or finding a suitable developer to carry the idea forward. This session will be hosted by Becky Bace, an expert in moving basic cybersecurity research into real world systems. Becky has worked in academia, at a federal agency, and at venture capital firms. She’ll take you through the basics of how and why you should want to get your research into the hands of those who can use it!
5. Title: Building Differentially Private Systems: Opportunities and Challenges
Room: Grand Ballroom-Salon F-1st level/Capacity: 40
Moderator: Ashwin Machanavajjhala (Duke)
Click here to download the list of session attendees and scribes
Abstract: Differential privacy has emerged as the gold standard for privacy preserving data analysis. Over the last decade, researchers from a variety of fields (including theory, databases, machine learning and security) have identified algorithms that ensure differential privacy and characterized asymptotic lower bounds on the error needed to solve tasks like answering counting queries and learning. In this breakout session, we will discuss the opportunities and barriers in developing systems for data analysis that ensure accuracy as well as provable guarantees of privacy. We will briefly discuss application domains where differential privacy implementations are being used or designed to release/analyze data. Challenges we may discuss include: (a) customizing differential privacy to settings with complex data types with multiple sensitive entities (like relational data), streaming data (like location traces), and correlated data (like in social networks) -- settings where differential privacy may not directly apply; (b) authoring safe differentially private software tools that do not permit side channel attacks, (c) building algorithms with optimal error on finite datasets and the challenges with data dependent algorithm design, and (d) developing end-to-end differentially private algorithms and benchmarks for evaluating their error.
6. Title: Cyber Resilience
Room: Grand Ballroom-Salon G-1st level/Capacity: 50
Moderator: Karl Levitt (UC-Davis)
Presenters: Karl Levitt (UC-Davis), Damon McCoy (NYU), David Ott (VMWare), Scott Tousley (DHS), Sam Weber (NYU)
Click here to download the list of session attendees and scribes
Abstract: The term resilience has been in various uses for over 400 years and has been applied to characterize the ability of something to withstand unexpected threats, where the “something” can be an individual, a community, an object, species, an ecosystem, etc. The dependable community has embraced the term primarily under the threat of natural faults by asserting that a resilient system should fail operational (provide the full service as if no cyber disturbance occurred) but if this is not possible fail safe (preserve a safety requirement) and as a last resort fail stop. Increasingly, organizations embrace cyber resilience as a general strategy for security where the goal is to deliver an intended cyber service in the presence of cyber events to the extent possible. Although there are differing views of it, Symantec among others associates five “pillars” with the resilience concept:
- Prepare/Identify, Protect, Detect, Respond, Recover
In its Cyber R&D Strategic Plan, NITRD has proposed a similar structure, again reflecting a multi-step and a dynamic approach to cyber resilience. In recent years, the security community has under the rubric of resilience begun to consider systems that dynamically cope with attacks, unexpected or previously unseen. DARPA has run several programs along this line, for example SRS (Self-Regenerative Systems), which explored many techniques towards systems that dynamically respond to attacks. Although there are fairly straightforward approaches, such as intrusion-prevention systems, today’s systems mostly rely on human-driven responses to attacks. For the rapidly emerging applications, such as connected cars, cyber-controlled processing plants, and smart grids, human-level response is too slow; but fully automated response is considered too dangerous and too easily thwarted by an informed adversary, particularly when triggered by imperfect detection. Thus there is a clear need for the research community to take on the challenge of resilience. This breakout session is open to all of the research topics that bear on resilience, including but not limited to:
- System architectures in support of resilience
- The specification of “intended” cyber service for different situations
- The specification of “safety” requirements for different applications
- Approaches to detection, particularly approaches to cope with imperfect detection.
- “Moves” a system can take to achieve resilience
- Overall, does the automation of resilience introduce too many new and undefendable attack surfaces that preclude its serious consideration?
- Can “risk” to the mission be the overarching principle that characterizes the components of resilience?
- Are there measurable metrics to characterize cyber resilience?
7. Title: Exploitable Bugs in Hardware Designs
Room: Manassas-2nd level/Capacity: 40
Moderator: Cynthia Sturton (UNC-Chapel Hill)
Scribe: Warren Hunt
Click here to download the list of session attendees and scribes
Abstract: As hardware designs have gotten larger and more complex, there are more security-critical vulnerabilities arising from incomplete and erroneous specifications, buggy designs and hidden and unexpected interactions between components. This breakout will look at the science of anticipating, measuring and counter-acting the effects of vulnerabilities resulting from hardware design and specification errors. There are several key challenge problems in combating unintentional errors—as opposed to adversarial injected Trojans--in hardware designs. The focus of this breakout is on architecture, design, and formal verification methodology for detecting and correcting exploitable vulnerabilities in hardware. The breakout will identify the key challenges, and promising directions in this area.
8. Title: SaTC Frontier Projects I
Room: McLean-2nd level/Capacity: 60
Moderator: Michael Bailey (UIUC)
Presenters: David Kotz (Dartmouth), Vern Paxson (ICSI), Mayank Varia (Boston)
Click here to download the list of session attendees and scribes
Abstract: The SaTC Frontier projects are center scale efforts that provide high level visibility to grand challenge research areas in cybersecurity. These projects are collaborative, multi-university research and education activities that will help protect the nation’s vast, critical infrastructure and enable a more secure information society. This session will have presentations from the following frontier projects.
- Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives: this project pursues in-depth empirical analyses of a range of online criminal activities by mapping out the evolving attacker ecosystem that preys on online social networks, studying how relationships among these criminals are established, maintained and evolve over time, and measuring the efficacy of today’s security interventions.
- Enabling trustworthy cybersystems for health and wellness: this project develops usable authentication and privacy tools, trustworthy control of medical devices and effective methods to detect malware, compute trust metrics and audit medical information systems and networks.
- Modular Approach to Cloud Security: this project develops methods for building information systems with meaningful multi-layered security guarantees that are built from smaller and separable functional components, where the security of each component is asserted individually, and where security of the system as a whole can be derived from the security of its components.
9. Title: SaTC Frontier Projects II
Room: Mt.Vernon-2nd level/Capacity: 40
Moderator: John Russell (AAAS & NSF)
Presenters: Mike Reiter (UNC-Chapel Hill), Norman Sadeh (Carnegie Mellon), Amit Sahai (UC-Los Angeles), Salil Vadhan (Harvard)
Click here to download the list of session attendees and scribes
Abstract: The SaTC Frontier projects are center scale efforts that provide high-level visibility to grand challenge research areas in cybersecurity. These projects are collaborative, multi-university research and education activities that will help protect the nation’s vast, critical infrastructure and enable a more secure information society. This session will have presentations from the following frontier projects.
- Privacy Tools for Sharing Research Data: this project refines and develops formal definitions and measures for privacy and data utility, as well as technological, legal and policy tools to aid the collection, analysis and sharing of sensitive data in cyberspace while protecting individual privacy.
- Rethinking security in the era of cloud computing: this project develops novel and improved solutions for unified authentication and authorization and auditing across diverse services; effective monitoring and diagnosis for security management of services, networks, datacenters and users; and pervasive encryption to, from and within the cloud.
- Towards effective Web privacy notice and choice: a multi-disciplinary perspective: this project develops scalable technologies to semi-automatically extract key privacy policy features from website privacy policies, and presents these features to users in an easy-to-digest format that enables them to make more informed privacy decisions as they interact with different websites.
- Center for Encrypted Functionalities: this project investigates the use of new encryption methods, known as program obfuscation, to make a computer programs, and not just its output, invisible to an outside observer while preserving the way it works or its functionality.
10. Title: What Can Programming Languages and Cryptography do for Security?
Room: Rosslyn I-Lobby level/Capacity: 40
Moderators: Abhi Shelat (Northeastern), Elaine (Runting) Shi (Cornell)
Click here to download the list of session attendees and scribes
Abstract: Research in programming languages and cryptography both emphasize formal and compositional security and are both cornerstones in the science of cybersecurity. We aim to discuss how joint work in these communities can help improve the way we construct secure systems and the way we prove them secure. We plan to discuss questions such as:
- What are the exciting recent results at the intersection of PL & Crypto?
- What near-term, medium-term, and longer-term goals should we set as a community-wide agenda?
- What difficult scientific challenges can we hope to resolve by bringing together PL and cryptography?
11. Title: Secure Computation Progress, Methods, Challenges, and Open Questions
Room: Rosslyn II-Lobby level/Capacity: 60
Moderator: David Evans (UVA)
Click here to download the list of session attendees and scribes
Abstract: Over the past decade, there has been remarkable progress in using cryptography to enable verifiable and privacy-preserving multi-party computation. The goal of this breakout is to assess the current state-of-the-art and reach consensus on what problems have largely been solved, what problems are ripe for solutions within the next year or two, and what long-term challenges remain. We will consider both underlying techniques and tools, motivating and potential applications, and hurdles that need to be addressed before secure computation can be widely and effectively deployed.
Session II: Tuesday, January 10th, 10:30 am-12:00 pm
1. Title: Security and Privacy in the Internet of Things (IoT)
Room: Alexandria-2nd level/Capacity: 90
Moderator: Jonathan Katz (Maryland)
Click here to download the list of session attendees and scribes
Abstract: It is clear that security and privacy concerns are of critical importance as the “Internet of Things” is deployed. But are the security/privacy concerns in this space fundamentally different from traditional security/privacy concerns? Is it a difference in kind, or merely one of degree? What are the unique challenges that arise? Are new ideas needed, or is it just a matter of applying existing ideas? And are solutions likely to be technical in nature, or more likely to be a result of policies, laws, and economics?
2. Title: “OPEN” (Open room for ad hoc research discussions or side meetings)
Room: Fairfax Boardroom-2nd level/Capacity: 20
3. Title: Stopping 0-Days with Formal Languages
Room: Grand Ballroom-Salon D-1st level/Capacity: 50
Moderators: Sergey Bratus (Dartmouth), Sean Smith (Dartmouth)
Click here to download the list of session attendees and scribes
Abstract: The Internet insecurity epidemic is a consequence of ad hoc programming of input handling at all layers of network stacks, and in other kinds of software stacks. The only path to trustworthy software that takes untrusted inputs is treating all valid or expected inputs as a formal language, and the respective input-handling routines as a recognizer for that language. When input handling is done in ad hoc way, the de facto recognizer, i.e. the input recognition and validation code ends up scattered throughout the program, does not match the programmers’ assumptions about safety and validity of data, and thus provides ample opportunities for exploitation.
4. Title: Psycho-Social Aspects of Cyber-Security: Why is Human (Still) the Weakest Link?
Room: Grand Ballroom-Salon E-1st level/Capacity: 45
Moderator: Cleotilde Gonzalez (Carnegie Mellon)
Scribe: Brad Myers
Click here to download the list of session attendees and scribes
Abstract: Why people fall victims of cyber attacks? and how attackers manage to deceive their victims? We will focus our discussion on addressing these questions but not from a technical point of view, but form a cognitive and social science perspective. The lead will introduce the importance of accounting for human’s cognitive and social aspects in the design of solutions for cyber defense. We will discuss research that is relevant to understanding an attacker’s intentions and strategies; the defender’s habits, biases, and behavior; and the computational representations of these behaviors.
5. Title: Addressing the Diversity Gap in Cybersecurity with K-12 Outreach
Room: Grand Ballroom-Salon F-1st level/Capacity: 45
Moderator: Ashley Podhradsky (Dakota State)
Click here to download the list of session attendees and scribes
Abstract: Finding novel ways to bring cyber security topics to young women and minorities serves to address a recognized national need for security education at the K-12 and undergraduate level, and begins to address the widening gap between the availability and demand for qualified and diverse security professionals. Designing security education interventions that are creative, socially relevant, and accessible to an underrepresented population in cyber security is a challenge that informs how education and outreach can be performed within other contexts. This breakout session will discuss approaches and methods to engage and support a diverse population in cyber security. Topics include social media, K-12 classroom outreach, working with existing non-profit organizations, partnering with organizations performing similar work, and creating a supporting infrastructure for inspiration and evaluation.
6. Title: Semantics-Aware Security Research
Room: Grand Ballroom-Salon G-1st level/Capacity: 50
Moderators: Will Enck (North Carolina State), Xiaofeng Wang (Indiana-Bloomington)
Scribe: Tudor Dumitrias
Click here to download the list of session attendees and scribes
Abstract: The pervasiveness of human-generated text data presents a unique opportunity for security researchers to better understand, and effectively defend against emerging threats. For instance, tweets, technical posts, white papers and research articles in the public domain are a gold mine for collecting valuable Cyber threat Intelligence. Many infected websites can be efficiently and accurately identified through analyzing the text content for inconsistencies between the semantics of injected text they host (e.g., for selling Viagra) and the content expected to be on these sites (e.g., under an .edu domain). Further, analyzing the semantics of text data can help detect the discrepancies between a mobile app’s description and its operation, recover a web site’s privacy policies from its text content, capture potential exposure of classified information from messages (e.g., emails) to be publicly released. Increasingly, the security community has come to realize that such semantic processing can significantly enhance security protection and has the potential to completely change the landscape of security technologies. However, unlike its successful application to biomedical and molecular biology research, semantic analysis has so far been applied to security domains only in an ad-hoc way, without any systematic methods and core technologies that can enable reuse of security-specific semantic approaches across disparate security studies. The purpose of this breakout session is to discuss the research on such foundations, as well as the new application domains, for this emerging “Security-NLP” area.
7. Title: Safe-Guarding Runtime Monitors
Room: Manassas-2nd level/Capacity: 40
Moderator: Mathias Payer (Purdue)
Click here to download the list of session attendees and scribes
Abstract: The system security community has proposed a plethora of defense mechanisms that protect programs in the presence of vulnerabilities. Runtime monitors (e.g., CFI, CPI, ASLR, stack canaries, DEP, or diversity) detect security violations (e.g., control-flow hijacking, data corruption, or memory corruption) and terminate the process. Runtime monitors must be implemented efficiently for wide-spread adoption but their runtime data must be protected against adversarial access. This breakout focuses on trade-offs between different security policies and how their runtime data and code can be protected.
8. Title: Physically Unclonable Functions Research
Room: Mt. Vernon-2nd floor/Capacity: 40
Moderator: Jakub Szefer (Yale)
Click here to download the list of session attendees and scribes
Abstract: A Physically Unclonable Function (PUF) is a unique and stable physical characteristic of a piece of computer hardware, which emerges due to variations in the fabrication processes. PUFs have become an important and promising hardware primitive for fingerprinting, authenticating, or storing cryptographic keys in computing devices. Research on PUFs aims to create or uncover devices or circuits that have the unique, stable, and unclonable characteristics so they can be used as PUFs. Challenges of PUFs research are in developing devices, protocols and applications (software). In the PUFs breakout sessions we will discuss these challenges further as well as opportunities that PUFs bring to computer security and brainstorm future of PUFs research.
9. Title: Security of Cyber-Physical Systems
Room: Rosslyn I-Lobby level/Capacity: 40
Moderator: Saman Aliari Zonouz (UIUC)
Scribe: Emily Nichols (Internet2)
Click here to download the list of session attendees and scribes
Abstract: Cyber-Physical Systems (CPS) are yielding novel problems and solutions for security researchers. CPSs connect computerized controllers and human supervisors with physical systems used in the energy, transportation, water, manufacturing, and other sectors. Recent attacks against CPS have prompted unprecedented investigation into new threats and mitigations against CPSs. Modern CPSs are founded on control theory, real-time systems, and obscure, often ad-hoc programming practices. The traditional definitions of security are often in conflict with the goals and operational constraints of CPSs. A security measure that blocks a system operator from executing a critical action could cause as much or more damage than an actual attack! In this session, we will encourage interactive discussions about widely deployed application of CPS, and the emerging research problems in their security. We will start with a few motivating examples of real world attacks against CPS infrastructures, and how the adversary capabilities and objectives, vulnerabilities, attack methods and impact, and challenges in the design of defense solutions differ in each case. We will then open up for discussions from the audience
10. Title: Cybersecurity and Privacy Research for U.S. Government Agencies
Room: Rosslyn II-Lobby level/Capacity: 60
Moderator: Atul Prakash (Michigan-Ann Arbor)
Presenters: Angelos Keromytis (DARPA), Dan Massey (DHS), Robinson Pino (DoE), Mike Walker (DARPA)
Click here to download the list of session attendees and scribes
Abstract: Panelists will discuss their agencies’ goals for and approaches to cybersecurity and privacy research. The panelists will also compare NSF-style research to research in their agencies. Examples of types of questions that the panel may address include: What’s the difference in the types of research a researcher is expected to do for the different agencies? What can graduate students and faculty learn from mission-focused research beyond what one learns from curiosity-driven NSF research? What are the elements that lead to a successful proposal?
11. Title: Emerging Privacy Research
Room: McLean-2nd level/Capacity: 60
Moderator: Nicolas Christin (Carnegie Mellon)
Scribe: Raquel Hill (Indiana)
Click here to download the list of session attendees and scribes
Abstract: Several reports over the past year have indicated that users are increasingly concerned about their privacy, and data collection practices from both corporations and governments. Consequently, privacy enhancing technologies, ranging from communication tools (e.g., Signal, Tor) to digital currencies (e.g., Zcash), have received significant attention.