Visible to the public HotSoS 2022 SummaryConflict Detection Enabled

Hot Topics in the Science of Security (HotSoS) 2022

The University of Illinois at Urbana-Champaign (UIUC) virtually hosted the 9th Annual Symposium on the Science of Security (HotSoS), from 5-7 April 2022. The General Chair was Sayan Mitra (UIUC) and Program Co-Chairs were Adam Tagert (NSA) and Benjamin Ujcich (Georgetown University). HotSoS brings together researchers from diverse disciplines to promote the advancement of work related to the Science of Security and Privacy initiative (SoS), and features a mix of invited keynotes, Works-in-Progress (WiP) discussions, and presentations of already published work. Almost 350 individuals registered for HotSoS'22, more than would have been able to attend had the event been held in person. The participants were a mix of government, academia, and industry from 15 different countries. In addition to 3 keynote presentations, HotSoS 2022 included 2 presentations from NSA's Best Scientific Cybersecurity Paper Competition, 11 published papers, 6 WiP manuscripts, and 11 posters or demos which, in total, represented the work of 102 authors from 34 universities and institutions. In keeping with the goal of collaborative community engagement, HotSoS 2022 again featured WiPs which provide an opportunity for authors to get early feedback on a research direction, technology, or ideas before a paper has been fully evaluated, or to discuss systems in an early, pre-prototyping phase.

The first keynote presentation, "Cybersecurity Threat Landscape," given by Jason Burt of the Cybersecurity and Infrastructure Agency (CISA), focused on the role of CISA and addressed the variety of threats that it is dealing with.

Jeannette Wing of Columbia University gave a keynote entitled "Trustworthy AI," which dealt with delivering the promise of AI benefits while addressing the scenarios that have life threatening consequences for people and society, and how trustworthy AI can be achieved.

The final keynote, "Model Checking Memory Safety of Industrial Code" by Mark Tuttle of Amazon Web Services, discussed CBMC, a bounded model checker for C, and described some of the things they have done to make bounded model checking just another form of unit test at AWS.

There were also presentations given on the Winning and Honorable Mention papers from the 9th Annual Best Scientific Cybersecurity Paper Competition. The winning paper, "On One-way Functions and Kolmogorov Complexity," was presented by the authors, Yanyi Liu from Cornell University and Rafael Pass from Cornell Tech. One-way functions (OWF) are a key underpinning in many modern cryptography systems. These functions can be efficiently computed but are difficult to reverse, as determining the input based on the output is computationally expensive. OWFs are vital components of modern symmetric encryptions, digital signatures, authentic schemes and more. Until now, it has been assumed that OWF functions exist, even though research shows that they are both necessary and sufficient for much of the security provided by cryptography.

The paper which received an Honorable Mention, "Retrofitting Fine Grain Isolation in the Firefox Renderer," was presented by Shravan Narayan of the University of California, San Diego, one of seven authors. This paper provides a security solution for use in the Firefox web browser while also demonstrating that the technology can be utilized for other situations. The solution, RLBox, is a culmination of many advances that enable software to securely use software components, such as libraries, which have not been verified as trustworthy.

The HotSoS 2022 Best Poster Award, "A Study of Security Weaknesses in Android Payment Service Provider SDKs," was given to Samin Yaseet Mahmud and William Enck of North Carolina State University. The HotSoS best Undergraduate Poster award was given to "Identifying Online Misbehavior," by Sanjana Cheerla, also of North Carolina State University

The agenda and selected presentations are available here.

The SoS program, in its 10th year, is important to NSA because it enables NSA leadership to understand where to invest time, people and resources in order to safeguard national security systems and the defense industrial base. Details on SoS successes over the past year can be found in the 2022 SoS Annual Report available here.

For non-members, information about the SoS VO community and the process for requesting membership is available here.

HotSoS 2023 will again be held virtually, and the call for papers will be issued in the fall of 2022.