Final Breakout Reports (linked below):
1. Issues Surrounding Trustworthy Machine Learning
2. Post-Quantum Cryptography
3. Deployable and Impactful Security
4. Cybersecurity Metrics: Why is it so Hard?
5. Computer Security for At-Risk Populations
6. Network Security, Anonymity, and Censorship
7. Applied Mathematics for Secure and Trustworthy Cyberspace
8. Online Advertising and Tracking
9. Innovation in Cyber Security Education
10. AI, ML, and NLP for Personalized Privacy and Security Assistants
11. AI for Security
12. Defensive Cyber Deception
13. Social and Behavioral Aspects of Cyber Security
14. Trust and Security Opportunities and Challenges in Hardware Security
Breakout Sessions
As part of the 2019 NSF Secure and Trustworthy Cyberspace PI meeting, we will hold breakout sessions with the goal of identifying important new challenges and trends in securing cyberspace, new directions for research, and areas in which the SaTC community can contribute to an improved future society. Breakout sessions will take place over both days of the meeting, with an initial session on Day 1 (Monday, October 28, 2-3:30pm) to discuss the topic and brainstorm and a shorter session on Day 2 (Tuesday, October 29, 9:45-10:45am) to tighten the thinking and draft an initial report, followed by a brief report from the co-leads of each topic back to the whole group at the end of Day 2 (Tuesday, October 29, 2-3:15pm). There are 13 breakout topics, plus one "special" breakout group on government priorities and funding opportunities.
SaTC PI meeting participants (except undergraduate research participants): Participants are asked to choose one breakout group to participate in for both breakout sessions. If you did not register online, please visit the Attendee Help Desk to choose the breakout group you would like to participate in. We will do our best to accommodate all requests, but may need to make some adjustments based on the available space.
Breakout Topics
1. Issues Surrounding Trustworthy Machine Learning
2. Post-Quantum Cryptography
3. Deployable and Impactful Security
4. Cybersecurity Metrics: Why is it so Hard?
5. Computer Security for At-Risk Populations
6. Network Security, Anonymity, and Censorship
7. Applied Mathematics for Secure and Trustworthy Cyberspace
8. Online Advertising and Tracking
9. Innovation in Cyber Security Education
10. AI, ML, and NLP for Personalized Privacy and Security Assistants
11. AI for Security
12. Defensive Cyber Deception
13. Social and Behavioral Aspects of Cyber Security
14. Government Priorities and Funding Opportunities
15: Trust and Security Opportunities and Challenges in Hardware Security
Detailed topic descriptions are below.
Breakout Session Goals
Detailed goals for each of the 13 breakout topics are to address the following questions and issues:
1) What is the topic? Why is it important to society? to a secure and trustworthy cyberspace? in other ways?
2) Is there is an existing body of research and/or practice? What are some highlights or pointers to it?
3) What are important challenges that remain? Are there new challenges that have arisen based on new models, new knowledge, new technologies, new uses, etc?
4) Are there promising directions to addressing them? What kinds of expertise and collaboration is needed (disciplines and subdisciplines)?
5) Any other topic-specific questions/issues not covered by the earlier questions.
Breakout Group Topic Descriptions
1. Issues Surrounding Trustworthy Machine Learning
Co-Leads: Somesh Jha (University of Wisconsin), Aleksander Madry (MIT), and Patrick McDaniel (Penn State University)
Description: This breakout group will explore the challenges surrounding machine learning, including robustness, relationships between robustness/fairness/privacy and accuracy, and the related social issues.
Location: Juniper
2. Post-Quantum Cryptography
Co-Leads: Jonathan Katz (George Mason University) and Brian LaMacchia (Microsoft)
Description: If large-scale, general-purpose quantum computers become available, currently deployed public-key cryptosystems will be vulnerable. The NIST post-quantum cryptography standardization effort is already underway, but what else should SaTC researchers be focusing on now and in the future to prepare for a post-quantum future? We will discuss the current state of the art in quantum computing, cryptography, standards, and system design, and articulate a research agenda for post-quantum cryptography and security.
Location: Walnut A
3. Deployable and Impactful Security
Co-Leads: Michelle Mazurek (University of Maryland) and Daphne Yao (Virginia Tech)
Description: This breakout group will focus on the deployability and impact of security research. To what extent should academic research be contributing to solving practical security problems? Are security researchers willing to solve practical problems? Does the community sufficiently recognize such efforts? If not, how should the academic community (or at least a subset of it) strategize to make impacts and stay relevant?
Location: Lakeside 1
4. Cybersecurity Metrics: Why is it so Hard?
Co-Leads: Kishor Trivedi (Duke) and Shouhuai Xu (University of Texas at San Antonio)
Description: This breakout group will focus on cybersecurity metrics in order to identify the key technical challenges and shed light on future research directions. The importance of metrics is clear, but the difficulty --- e.g., why is it technically so difficult (other than the often-said lacking of data)? --- is not understood. This group will focus on the technical difficulty and ideas for moving forward.
Location: Beech A
5. Computer Security for At-Risk Populations
Co-Leads: Damon McCoy (NYU) and Elissa Redmiles (Microsoft/Princeton)
Description: This breakout group will focus on the emerging area of computer security for at-risk and marginalized populations. These include demographic groups whose life circumstances render them particularly vulnerable to digital abuse, with examples being victims of domestic or intimate partner violence, refugees, human trafficking victims, (voluntary) sex workers, and more. Ensuring computer security for them proves particularly tricky, and there’s a nascent body of research seeking to understand the unique nature of the digital risks each population faces, as well as how to design and safely execute interventions to improve their digital security. Working with and learning from marginalized populations -- who may have developed unique protective skills that are especially effective or who may reason about digital risks in unique ways -- may also enable us to better improve security for all users.
Location: Beech B
6. Network Security, Anonymity, and Censorship
Co-Leads: Nick Feamster (University of Chicago) and Nick Hopper (University of Minnesota)
Description: This breakout group will address the technical challenges of securing networks, supporting anonymous communication, and supporting content-based handling of communications. It will also address the apparent and fundamental tradeoffs among these properties, as well as the social challenges of determining what behaviors are desired and how to choose among competing needs.
Location: Hickory
7. Applied Mathematics for Secure and Trustworthy Cyberspace
Co-Leads: Steve Miller (Rutgers University) and Vinod Vaikuntanathan (MIT)
Description: Mathematics has an important role to play in making cyberspace secure and trustworthy. For example, the underpinnings of cryptographic systems – and of many attacks on them – often involve interesting mathematical concepts and tools. The goal of this group is to increase collaboration between security researchers and mathematicians, by identifying important areas in which there are needs for advances in mathematics, and ways in which mathematicians can contribute to advancing our understanding of, and ability to, secure cyberspace. This is an opportunity for security researchers to pose problems to mathematicians, and for mathematicians to discuss the context of the problems with security researchers.
Location: Retreat 2
8. Online Advertising and Tracking
Co-Leads: Athina Markopoulou (University of California-Irvine), Zhiyun Qian (University of California-Riverside), and Zubair Shafiq (University of Iowa)
Description: The “free” web is supported by online behavioral advertising, which relies on a complex and opaque tracking ecosystem to surveil users across the web. The goal of this breakout is to assess the current state-of-the-art as well as medium- and long-term evolution of online tracking and advertising ecosystems given mainstream adoption anti-tracking and ad-blocking technologies. This breakout group will discuss recent research to improve anti-tracking and ad-blocking technologies as well as discuss the impact of alternate monetization models and emerging regulations on the future of online advertising and tracking.
Location: Dogwood
9. Innovation in Cyber Security Education
Co-Leads: Latifur Khan (UT Dallas) and Bhavani Thurasingham (UT Dallas)
Description: This breakout group addresses cybersecurity education with a special interest machine learning security. The goal of the group is to assess the developments in Cyber Security (including machine learning security) in recent years and to determine the directions for developing a comprehensive education curriculum in this field, the group will focus topics such as (i) how the prerequisites needed to be changed to develop qualified professionals and (ii) how to adapt the core courses to include recent development in the field.
Location: Walnut B
10. AI, ML, and NLP for Personalized Privacy and Security Assistants
Co-Leads: Norman Sadeh (CMU) and Shomir Wilson (Penn State University)
Description: The expertise and effort required for someone to properly manage their security and privacy far exceeds the abilities of a typical user. Research over the past decade has shown that it is possible to develop privacy assistants that can help us read privacy policies, help us manage complex privacy settings, and more generally nudge us to adopt safer practices. In this breakout group, we invite people to join us to discuss what would be necessary to take these advances further and develop intelligent security and privacy assistants that could help us better manage our security and privacy decisions, taking into account models of our own knowledge as well as models of relevant contextual attributes needed to effectively support us across a wide range of security and privacy situations.
Location: Retreat 2
11. AI for Security
Co-Leads: Kamalika Chaudhuri (UC San Diego), Hao Chen (UC Davis), and Xinyu Xing (Penn State University)
Description: This breakout group will cover (1) how to leverage AI to facilitate conventional security analysis (e.g., building better reverse engineering tools) (2) how to utilize AI to find new knowledge for security incident analytics (3) how to use AI to expedite security product development.
Location: Birch
12. Defensive Cyber Deception
Co-Leads: Deniz Gurkan (University of Houston), Aron Laszka (University of Houston), and Rakesh Verma (University of Houston)
Description: This breakout group will focus on cyber deception. Cyber deception is an emerging proactive defense approach that aims to diminish adversaries' information advantage (i) by masquerading real networks, systems, and services and (ii) by deploying fake ones (e.g., honeypots and honeynets). Even though cyber deception is recognized as a key approach for surveilling adversaries in action, detecting intrusions, delaying lateral movement, etc., there remain significant gaps in the science of cyber deception that must be addressed by the SaTC community, including bridging the gap between practical deception techniques and formal models of deception and quantifying the effectiveness of deception.
Location: Laurel
13. Social and Behavioral Aspects of Cyber Security
Co-Leads: April Edwards (US Naval Academy) and Vivek Singh (Rutgers University)
Description: This breakout group will focus on the best practices for collecting, monitoring and analyzing data streams for content that might be exposing an individual or organization to harm? Two specific needs are 1) how do we collect, label and manage datasets for research purposes? and 2) how do we validate that machine learning techniques that are applied to these data sets are accurately identifying the right instances?
Location: Chestnut
14. Government Priorities and Funding Opportunities
Day 1 Co-Leads: Douglas Maughan, Chaitanya Baru, Rebecca Hwa, and Wendy Nilsen (NSF).
Day 2 Co-Leads: Tomas Vagoun (NITRD) and Naomi Lefkovitz (NIST)
Description: This is a special breakout group, consisting of presentations from and discussions with representatives of NSF. During the Day 1 breakout sessions, Douglas Maughan and Chaitanya Baru (NSF) will talk about the NSF Convergence Accelerator, Rebecca Hwa will talk about the National Artificial Intelligence Research Institutes, and Wendy Nilsen (NSF) will talk about Smart and Connected Health and Smart and Connected Communities, including answering questions from session participants. During the Day 2 breakout sessions, Tomas Vagoun and Naomi Lefkovitz will discuss the Federal Cybersecurity R&D Strategic Plan and lead a discussion about the challenges shaping the strategy and the research envisioned by the strategic plan.
Location: Aspen
15.Trust and Security Opportunities and Challenges in Hardware Security
Co-Leads: Swaroop Ghosh (Pennsylvania State University) and Rashmi Jha (University of Cincinnati)
Description: This breakout group will discuss various opportunities of adding security in CMOS chips using emerging memory (RRAM, PCM, STTRAM etc), logic (FeFET, TFET etc), and other hardware devices, as well as threats they impose due to their intrinsic nature that can be exploited, and brainstorming on mitigation approaches.
Location: Poplar