HotSoS 2021 Summary Report

 

Hot Topics in the Science of Security (HotSoS) 2021

 

The National Security Agency (NSA) virtually hosted the 8th Annual Symposium on the Science of Security (HotSoS), from 13-15 April 2021. The General Chair was Adam Tagert (NSA) and Program Co-Chairs were Özgür Kafali (University of Kent) and Ahmad Ridley (NSA). HotSoS brings together researchers from diverse disciplines to promote the advancement of work related to the Science of Security and Privacy initiative (SoS) and features a mix of invited keynotes, Works-in-Progress (WiP) discussions, presentations of already published work, and student presentations. The format of HotSoS was revised this year to focus on discussions of ongoing research. This year's virtual event provided the opportunity for those who might otherwise be unable to attend to engage with other SoS researchers. Over 1200 individuals registered for HotSoS ’21, and more than 625 participated over the three days. The participants, a mix of government, academia, and industry, came from 36 countries. HotSoS 2021 was designed to encourage interaction among presenters and attendees and focus on WiP, posters, and student presentations. In addition to 4 keynote presentations, HotSoS 2021 included presentations of 12 published papers, 8 WiP manuscripts, 5 student presentations, and 15 posters which, in total, represented the work of 116 authors from 37 universities. In addition to the keynotes and posters, there were 7 topical sessions which included paper presentations and WiP discussions, and a student presentation session. In keeping with the goal of collaborative community engagement, HotSoS 2021 again featured WiPs which provide an opportunity for authors to get early feedback on a research direction, technology, or idea before it has been fully evaluated, or to discuss systems in an early, pre-prototyping phase; submissions were restricted to session attendees. The agenda also included a special session on Science of Security Hard Problems.

The first keynote presentation, entitled "Securing Data in Clouds: Making the Most of Trusted Hardware," was given by Nick Felts of NSA and explored how trusted hardware can be leveraged to provide meaningful protections to data within clouds. Werner Haas of Cyberus Technology gave a keynote entitled "Spectre Attacks: Exploiting Speculative Execution - and why the heck is the computer speculating anyway?" Haas was one of the authors of the paper that won the SoS 8th Annual Best Scientific Cybersecurity Paper competition and a related paper that received an Honorable Mention at the 7th Annual Paper Competition, and his presentation addressed the earlier research in the context of today. The third keynote, "Why rigorous underpinnings for cyber security education and training matter? Experiences from CyBOK: the Cyber Security Body of Knowledge" by Awais Rashid of the University of Bristol, focused on a science of security approach to cyber education and training and the development of such an approach in the form of CyBOK. The final keynote presentation, "Working with Academia at the UK National Cyber Security Centre," was given by Paul Waller of the UK's Government Communications Headquarters (GCHQ) and addressed the mission and activities of the NCSC and its various programs partnering with academia.

The seven topical sessions represented a mix of published papers and facilitated WiP discussions organized around a theme. The themes were: Cloud Security; To Err is to be Human; Flanking the Defense; Humans aren't only Users; Saving the Physical World from Cyber; Go Where I Send Thee; and the aptly named wrap-up session, Potpourri for 1000.

There were five papers presented during the student paper session by students from Morgan State University, University of Pittsburgh, University of Kent, and the University at Albany.

HotSoS 2021 included a special breakout discussion session centered around what should constitute the Science of Security Hard Problems. SoS Lablet Principal Investigators originally identified five Hard Problems when the SoS program was initiated. SoS community influencers are revisiting the SoS Hard Problems and their definitions in preparation for a second decade of the NSA SoS Program. The Hard Problems session consisted of small discussion groups followed by a joint session with summaries from the discussion group moderators. The topics were as follows:

  • AI Trustworthiness
  • Adversaries
  • Human Behavior
  • Human Weakness
  • Time
  • Rethinking Security Measures
  • Systems
  • Adoption of Tech
  • Data Provenance

Fifteen posters were presented at HotSoS representing the work of over 20 authors from multiple universities and institutions. The HotSoS 2021 Best Poster Award "Managing the Security Risk of Open-Source Dependencies: Current Tools and Challenges" was given to Nasif Imtiaz and Laurie Williams from North Carolina State University.

The agenda and selected presentations are available here.

For non-members, information about the SoS VO community and the process for requesting membership is available here.

In 2022, the 9th Annual HotSoS will be hosted by the University of Illinois at Urbana-Champaign, with Sayan Mitra as the General Chair.
 

Submitted by Anonymous on