Workshop Papers (Symposium registration required)

 

Workshop Presentations

 

 

Welcome and Keynote Address

  • Zach Tudor, Associate Laboratory Director - National & Homeland Security Directorate, Idaho National Laboratory & Executive Chair, CReSCT Workshop
  • Mark Tehranipoor – Hardware Root-of-Trust for Cyber Security, Intel Charles E. Young Preeminence Endowed Chair Professor in Cybersecurity at the Department of Electrical and Computer Engineering, the University of Florida and IEEE Fellow.

 

Paper Session One – Software and Systems

Char Sample, Moderator - CReSCT Program Chair & Chief Scientist, Cybercore, Idaho National Laboratory

Assessment of Cyber Security Implications of New Technology Integrations into Military Supply Chains

Identifying Ubiquitous Third-Party Libraries in Complied Executables Using Annotated and Translated Disassembled Code with Supervised Machine Learning

Modelling and Assessment of IoT Supply Chain Security Risks: The Role of Structural and Parametric Uncertainties 

Binary Analysis with Architecture and Code Section Detection Using Supervised Machine Learning

 

Panel Discussion One – Supply Chain  

Dongyan Xu, Moderator – Head, Dept. of Computer Science, Purdue University

  • Gabriela Ciocarlie – SRI International
  • Paulo Costa – George Mason University
  • Brandon Eames – Sandia National Laboratory
  • Aniket Kate – Purdue University

 

Panel Discussion Two – Industry/Sponsor

Virginia Wright, Moderator –Cybercore, Idaho National Laboratory

  • Nadya Bartol – Boston Consulting
  • Diana Kelley – Microsoft
  • Gale Pomper - Dreamport

 

Paper Session Two – Hardware Support

Michael Haney, Moderator – CReSCT Workshop Program Co-Chair & Assitant Professor, University of Idaho

Toward a Trustable, Self-Hosting Computer System

EM Fingerprints: Towards Identifying Unauthorized Hardware Substitutions in the Supply Chain Jungle

On-Chip Randomization for Memory Protection Against Hardware Supply Chain Attacks to DRAM

 

Closing Remarks

David Nicol, Franklin W. Woeltge Professor of ECE and Director of the Information Trust Institute,  University of Illinois, Urbana-Champaign

           

 

Workshop Information

The software and systems on which we depend are not formed completely by the organizations which created them, instead, they are assembled from a variety of pre-existing subcomponents created by disconnected actors operating within a complex supply chain. Any analysis of computing system security and privacy is incomplete without an understanding of this supply chain of both ephemeral and physical components that comprise computing systems on which we depend. Frailties existing at any one of the manifold nodes in the supply chain can have downstream effects both directly and indirectly to the security and resiliency of the assembled computing system.

This workshop seeks to gather case studies, empirical analysis, and research focused on understanding potential threats to the computing system supply chain, both hardware and software, and their future mitigation. This workshop will, through panels of noted experts, invited and paper presentations, provide case studies for improving policy and practices, as well as promising research and tools to address this national challenge.

The Cyber Resilient Supply Chain Technologies (CReSCT) Workshop will explore research and case studies to characterize, measure and enhance supply chain security for computing systems. Participants will consist heavily of academic and industry researchers but are also expected to include researchers from the National Laboratories and government agencies with a supply chain risk management mission related to computing systems.

Research advances presented at the workshop may help industry and government make powerful impacts to mitigate existing computing system supply chain vulnerabilities.

Topics of Interest include (but not limited to):

• Studies of specific hardware or software supply chains for computing systems
• Hardware or software analysis techniques where the end goal is computing system supply chain verification
• Methods for analysis of the supply chain for computing systems
• Risk models for management of supply chains, either in the chain or in the end device
• Integration of complexity models highlighting aspects such as emergent behaviors, self-organization, sudden transitions, large events, self-organization, evolutionary dynamics and fundamental uncertainty.
• Tools and techniques for designing hardware and software components resistant to unauthorized supply chain modifications
• Tools and techniques for hardware and software modification detection
• Tools and techniques for hardware and software counterfeit detection
• Software bill of materials, case studies or analysis methods
• Hardware bill of materials case studies or analysis methods
• Supply chain research and empirical studies affecting embedded, 10T, or specialty computing systems, or research highlighting distinctions in the associated supply chains
• Tools for analyzing software and hardware composition data to assist in risk analysis at scale
• The role and risks of policy tools such as transparency to better secure the supply chain
• Direct and indirect security and privacy effects of manipulation of computer system supply chain elements

Workshop Format

One author of each accepted paper is expected to present the paper at the workshop. The format will be traditional conference-style research presentations with questions from the audience. Interactive and engaging presentations are welcomed.

Following notification to authors, more information will be provided regarding speaking times and other details. Accepted papers will be made available on the workshop web site. Authors are free to submit work appearing in CReSCT’20 to other venues following the workshop (including extended versions of their short CReSCT work based on feedback received at the workshop), subject to those venues' restrictions.

Paper Submission Deadline extended to
January 20, 2020

Instructions for Submission

For consistency, many aspects of these instructions are drawn from the co-located IEEE Symposium on Security and Privacy guidelines.

To be considered, papers must be received by the January 20, 2020 submission deadline. Extensions will not be granted. Submissions must be original work and may not be under submission to another venue at the time of review (but as mentioned above, work may be submitted to other venues following the workshop).

Page Limit and Formatting

Submitted papers must be no longer than eight pages, including all figures. References and appendices will not count towards this limit, but reviewers are not required to read appendices.

Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8. Submissions may be automatically checked for conformance to these requirements. Failure to adhere to the page limit and formatting requirements are grounds for rejection without review.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader 9 and when printed in black and white.

Conference Submission Server

Papers must be submitted to the CReSCT submission site and may be updated at any time until the submission deadline. During the submission process, you will be asked to supply information regarding potential conflicts of interest of the paper's authors with program committee members. The review process is single-blind.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. Final versions of papers should include sources of funding. One of the authors of the accepted paper is expected to present the paper at the conference.

Questions

For any questions, contact the workshop co-chairs at: CReSCT@inl.gov

Organizers

Zachary Tudor

Chair

Idaho National Laboratory

David Nicol

Co-Chair

University of Illinois at Urbana Champaign

Charmaine Sample

Program Committee Chair

Idaho National Laboratory

Michael Haney

Program Committee Co-Chair

University of Idaho

Program Committee