Information about registration is available here.
W1: Smart Cities: Connectivity, Mobility, and Trust (Tuesday 21, 9:00 - 16:00, Room: Christian)
The goal for this workshop is to present recent advancement of control approaches in the broader context of smart cities and communities that is related to connectivity, mobility and trust. This session is sponsored by the technical committee on smart cities of the IEEE control systems society. This invited session is motivated by the growing emphasis on ensuring a sustainable, comfortable, economically viable future for urban environments, which has led to the term "Smart City". Considering the broadness of this exciting field, ranging from smart economy, smart environment, smart personnel, smart mobility, smart living to smart government, we aim to report recent research achievements and identify relevant challenges. We envision the session will be of interest to control theorists, robotics researchers, and computer scientists alike. Through these sessions, we have invited researchers from different backgrounds to discuss different approaches in addressing related problems. It is our hope that participants will draw inspirations from colleagues with different expertises, hence further their own quests. We believe this timely session proposal will be very much appealing to the general public of the conference.
- Qingshan Jia, Tsinghua University
- Fumin Zhang, Georgia Institute of Technology
- Robert Shorten (or Associate) University College Dublin
- Christos Cassandras (or Associate), Boston University
- Rong Su (or Associate), Nanyang Technological University
W2: The Internet of Threats (Tuesday 21, 9:00 - 16:00, Room: Frederik)
The Internet of Threats is a multidisciplinary, one-day workshop that aims to review current concerns, practices, and mitigations regarding cybersecurity for Internet of Things (IoT) devices. The workshop will be of broad interest to the CCTA2018 audience, and is will be formatted for engineers without deep cybersecurity knowledge wishing to gain context on cybersecurity issues in IoT. The workshop will bring together researchers from academia, government, and industry to discuss how cybersecurity interplays with control, networking, sensing, and policy.
IoT devices surround us in nearly every environment - sensor networks, wireless enabled appliances, healthcare equipment - and the interaction and security of these devices with existing networked environments is critically under-researched. Meanwhile, wide adoption of devices continues to grow in enterprise, home, industrial, transportation, military, critical infrastructure and healthcare environments. The US National Intelligence Council lists the ubiquity of the Internet of Things as one of six "Disruptive Civil Technologies" with expectations that "to the extent that everyday objects become information security risks, the IoT could distribute those risks far more widely than the Internet has to date."
This workshop will target an audience of control researchers not already familiar cybersecurity, as well as established researchers searching for new areas of interests and partnerships. The workshop will have an emphasis on cybersecurity topics relevant to control researchers, including a discussion of the landscape of past, present, and future cybersecurity threats on IoT devices, and how it impacts everything from how control systems get designed and used in practice, to policy and economic impacts. Considering the cross participation of academia, government, and industry, this workshop is an ideal fit for the scope and vision of CCTA.
- Vince Urias, Sandia National Laboratories
- Monzy Merza, Vice President of Security Research, Splunk and ul Bryant, Splunk
Abstract: There is a lot of buzz around vulnerabilities in IOT and ICS systems. In this talk we will provide a brief survey of some of the tools an attacker might use to target the technologies you build. We will then demonstrate how you, as the developers of technologies, can use freely available tools in your development lifecycle. And as a consequence, improve the security of your devices. - Sociotechnical Security Group, UK National Cyber Security Centre
Abstract: This presentation will seek to explore to what extent is IoT a completely new phenomenon. What do people really want out of IoT? What of the myriad offerings today bring more than just casual amusement to the user? The onus on consumers to discern security among IoT products should be minimal, but what dystopian scenarios await us if we place this responsibility entirely in others' hands? Who are the key players in the IoT, what are their vested interests, and how do we exert influence to ensure - as best we can - that they converge to bring genuine benefit to society? Our NCSC representative will discuss how UK plc is attempting to shape a healthy marketplace. What research are we funding to bring clarity to this multi-disciplinary and sociotechnical problem? How can the IoT play its part in making the Internet safe to live and work online? - Eric Gustafson, UC Santa Barbara
Title: Are We Doomed? The State of the Art of Firmware Analysis, and What We Can Do About It
Abstract: We are rapidly approaching a world in which embedded systems control everything. This new explosion of ubiquitous, connected devices,spurred by IoT and modern industrial control systems, means that the code we rely on for safety and security-critical applications is loaded into a diverse array of hardware devices. However, this extreme hardware and software diversity is causing a crisis for security analysts. Many modern analyses used to reverse-engineer or locate vulnerabilities in programs, such as fuzzing or symbolic execution, rely on abstractions provided by desktop and mobile operating systems to be tractable. What do we do when all of these abstractions disappear, and we are at the mercy of hardware we did not create and software we do not understand? In this talk, I will explore the grim state of firmware analysis, from the point-of-view of security researchers, including the specific physicality and heterogeneity issues that disrupt the status quo. I will then showcase the academic security community's efforts to tackle this problem, including recent work from UCSB on locating vulnerabilities in real embedded systems. Finally, I will introduce new features in UCSB's open-source `angr` binary analysis platform designed at enabling the security community to more easily understand the firmware of diverse, physical devices.
Bio: Eric Gustafson is a PhD. candidate at UC Santa Barbara's Security Lab. In a broad sense, Eric's work focuses on how the way we understand security changes in the presence of new computing paradigms, such as IoT, and industrial control systems. Eric's recent work has focused on exploring the boundary between hardware and software, and how this complex relationship can be applied to various kinds of static and dynamic program analysis. Through his work, Eric contributes to multiple open-source projects, including the popular binary analysis toolkit `angr`. In his spare time, Eric enjoys hacking competively with Shellphish, UCSB's world-renowned hacking team. - Dr. David Zage, Intel
Title: "Automotive Security and Safety - Now and Future"
Abstract: The Internet of Things has truly become part of our everyday lives, not only by modernizing our watches and refrigerators, but also by becoming part of automotive and other control-centric, safety-critical embedded systems. This begs the question, how do you build secure and reliable systems that engender public confidence? In this talk, we will explore the current state of automobile security and examine what it will take to build reliable and secure vehicles. Finally, we will look at the hurdles to solve, including how safety and security must coexist in the system, for a truly comprehensive solution.
Bio: David Zage is a Security Architect in the Transportation Solution Division (TSD) at Intel Corporation, where he focuses on developing a holistic security strategy and architectures for multiple In-Vehicle Entertainment (IVE) and automotive platforms. His work and interests span multiple areas including self-healing systems, fault-tolerant protocols, confidentiality and integrity-preserving cloud storage solutions, applied machine learning, and large-scale data analytics. He obtained his BS and PhD in computer science from Purdue University. David has authored over twenty peer-reviewed publications and multiple patents and regularly serves on the program committee for academic conferences. - Dr. David White, Chief Information Security Office, Sandia National Laboratories
Title: "IoT in an Enterprise Cyber Defense Strategy".
Abstract: Dr. White will discuss current state of the art in enterprise defense and how modern, security focused organizations perform cyber security. He will further discuss how IoT fits into those enterprises and the challenges associated with them.
Bio: As the Chief Information Security Officer, Dr. David R. White is responsible for identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology security risks. As Director of Cyber Security & Mission Computing, he also leads Sandia's cyber security, high performance computing, and mission software engineering efforts. David previously served as Senior Manager for Sandia's Cyber Security Research and Development programs that support the U.S. Department of Defense, where he conceptualized and managed projects in cyber modeling and simulation, dynamic defense, industrial control systems, data analytics, red teaming, and supply chain risk management. He also worked as Senior Manager for Science & Engineering Information Systems, where he spearheaded the development, delivery, and support of mission-critical software and information systems such as client-server applications, databases, web services, and service-oriented architectures used to facilitate key high-security government agency initiatives. David received his bachelor's and master's degrees in Engineering from Brigham Young University, and his Ph.D. in Engineering with an emphasis on Computational Geometry and Computation Mechanics from Carnegie Mellon University. In 2013, David was named a National Security Fellow by Harvard University's Kennedy School of Government, where he conducted research on defending the U.S. electric grid from cyberattack. Raised in metropolitan Massachusetts and rural Utah, David now calls Albuquerque, New Mexico, home. He and his wife, Catherine, enjoy spending time hiking, reading, and all types of sporting events with their five children.