HotSoS 2018 Summary Report

HotSoS 2018 Summary Report

The fifth annual Hot Topics in the Science of Security: Symposium and Bootcamp (HotSoS) was held on 10-11 April 2018 in Raleigh, NC. Sponsored by the National Security Agency (NSA) in cooperation with the Association for Computer Machinery (ACM), HotSoS 2018 was hosted by North Carolina State University, and attended by over 120 participants from government, academia, and industry. The academic attendees represented sixteen universities from around the world. As in previous years, HotSoS 2018 focused on the five Hard Problems and provided an opportunity for participants to address the development and advancement of scientific foundations of cybersecurity.

This year’s HotSoS featured both paper/research and industry tracks, presentations, and a poster session. The paper tracks were organized into three focus areas: Vulnerabilities and Detection, Secure Construction, and Applications and Risk Evaluation. There were 29 paper submissions, and the nine full papers selected were on subjects that included intrusion detection, privilege drop, homomorphic encryption, control reconfiguration, risk assessment methods, code security, and quantitative evaluations of common hardware protections. The winning paper was “Robustness of Deep Autoencoder in Intrusion Detection under Adversarial Contamination” by Pooria Madani and Natalija Vlajic, University of York, Toronto, Ontario.

There were two tutorials (Combinatorial Security Testing Course and the Cyber Security Framework) as well as industry track presentations on DevSecOps: Security at the Speed of Software Development; HACSAW: A Trusted Framework for Cyber Situational Awareness; and Compliance as Code: Policy Governed Automated Security Checkpoints.

Keynote presentations included “Foundational Cybersecurity Research: Report of a Study by NASEM,” that addressed the question “What is a science of cybersecurity and what should the United States Government do to advance it?” as well as keynotes that focused on vulnerability sharing, cybersecurity for aviation weapons systems, and the role of access controls in cybersecurity. Other invited presentations dealt with air gaps, the impact of information sources on code security, and microarchitectural attacks. There was also a panel featuring cybersecurity framework practitioners. Of the 57 poster submissions, the 18 posters selected covered topics including intrusion and anomaly detection, ransomware, post-quantum cryptography, coding errors, facial identification, and others. The Best Poster was “What Proportion of Vulnerabilities Can Be Attributed to Ordinary Coding Errors?” Rick Kuhn and Raghu Kacker, National Institute of Standards and Technology, and Mohammad Raunak, Loyola University of Baltimore.

For members of the Science of Security-Virtual Organization, the agenda and presentations are also available.