HotSoS 2020 Summary Report

Hot Topics in the Science of Security (HotSoS) 2020

The University of Kansas virtually hosted the 7^th Annual Symposium on the Science of Security (HoTSoS), from 22-24 September 2020. HotSoS brings together researchers from diverse disciplines to promote the advancement of work related to the Science of Security and features a mix of invited talks, panels, tutorials, and refereed papers to be published by ACM. HotSoS was established several years ago to set standards for the SoS community as well as to provide a venue for publishing scientific work, which is often underappreciated in larger conferences. The proceedings of the seven HotSoS conferences have been published by ACM and, as a result, other conferences and symposia have begun to appreciate the value of Science of Security research. This year’s virtual event, originally scheduled for in-person attendance in April, provided the opportunity for those who might otherwise be unable to attend to engage with other SoS researchers. Over 400 participants representing 126 institutions, including government, industry, and academia registered for HotSoS 2020. In addition to keynote and paper presentations, participants also reviewed Works-in-Progress (WiP) and posters.

The first keynote presentation, entitled “Access Control Verification for Everyone” by Andrew Gacek of Amazon Web Services (AWS), focused on AWS’ Identity and Access Management (IAM) Access Analyzer, an automated reasoning service for auditing permissions to cloud resources. Lyle Paczkowski of Sprint’s keynote presentation, “Is Hardware Root of Trust hard to do, and Trustworthy?” addressed supply chain security, the future state of IoT security, and the fact that carbon-based and silicon-based identity will become the ultimate security objective. Joshua Guttman, Worcester Polytechnic Institute/MITRE, provided a keynote on “Trust Engineering via Cryptographic Protocols,” noting that trust engineering requires a system design with each decision based on definite assumptions and reliable conclusions about peers, that peer answers are cryptographically protected, and there is a relationship between protocol analysis and trust. The final keynote, by Michael Hicks of the University of Maryland and Correct Computation, Inc., was entitled “Evaluating Fuzz Testing.” This paper was the winner of the Science of Security 7^th Annual Best Scientific Cybersecurity Paper Competition and focused on evaluating potential advances in randomized testing fuzzing technology scientifically.

Three paper sessions dealt with CPS and Industrial Control, Modeling, and Systems. The 12 papers selected for presentation represented the work of 46 authors from 16 institutions, 13 of which are universities. The Best Paper award was given to the presentation, part of the first paper session, entitled “Simulation Testbed for Railway Infrastructure Security and Resilience Evaluation” by researchers from Vanderbilt University, Johns Hopkins Applied Physics Laboratory, and the National Institute of Standards and Technology. 

The WiP sessions were introduced at last year’s HotSoS and were again part of HotSoS 2020. Six papers were presented and discussed at three separate sessions to allow adequate time for a full exchange of ideas. The ultimate goal for each WiP session was to provide authors with detailed, actionable feedback, which they will then use to improve their manuscripts prior to submission for publication at a different venue.

Twenty posters were submitted to HotSoS 2020, all of which were selected for presentation. The selected posters were from 17 universities and represented the work of 59 authors. 

Two Best Poster Awards were presented:

• Best Poster was given to “Decentralized backup and Recovery of TOTP Secrets” by researchers from the University of California, Berkeley

• Best Undergraduate Poster was won by cadets from the United States Military Academy for “A Raspberry Pi Sensor Network for Wildlife Conservation”

For members of the Science of Security Virtual Organization, the agenda and selected presentations are available here on the website.

For non-members, information about the SoS VO community and the process for requesting membership is available here.

HotSoS 2020 proceedings are now available in the ACM Digital Library and can be found here.

The National Security Agency will virtually host the 8^th annual HotSoS from 13-15 April 2021. In addition to keynotes, panels, and presentation of published works, HotSoS 2021 will expand on the WiP sessions to help authors shape their work for the future.