CCCCatalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
  • Twitter
  • Facebook
  • Youtube
  • Rss
  • About
    • About CCC
    • Council Members
    • Council Meetings
    • CCC Council Nominations
    • Governing Documents
    • FAQ
    • Contact
  • Visioning
    • Visioning Activities
      • 2022
      • 2021
      • 2020
      • 2019
      • 2018
      • 2017
      • 2016
      • 2015
      • 2014
      • 2013
      • 2012
      • 2011 and Prior Years
    • Workshop Reports
    • RFP – Creating Visions for Computing Research
    • Blue Sky
    • CS for Social Good White Paper Competition
    • Robotics Roadmap
  • Leadership Development
    • Call for Council Nominations
    • Leadership in Science Policy Institute
    • Big Data Regional Hubs
    • Postdoc Best Practices
      • Postdoc Best Practice Final Reports
      • Postdoc Best Practice Resources
    • CIFellows
      • CIFellows 2021
      • CIFellows 2020
      • CIFellows 2020: For the Record
      • CI Fellows 2014 Workshop
      • 2011 Class
      • 2010 Class
      • 2009 Class
      • Assessment
      • Diversity
      • Success Stories
  • Task Forces
    • Computing Challenges to Humanity: Climate
    • Research Ecosystem Working Group
    • NextGen AI
    • Unique Ways to Compute
    • Socio Technical Resilience
    • Computational Challenges in Healthcare
    • Past Task Forces
      • AI Working Group
      • Weird Ways to Compute
      • Security, Integrity, and Trust
      • Future of Life in a Hybrid World
      • Computing Challenges to Humanity
  • Resources
    • CCC Call for Content
    • Workshop Reports
    • CCC-Led White Papers
    • Presentations
    • CCC Responds to the Community
    • Recent CCC Activities
    • Ongoing CCC Activities
    • CIFellows Spotlight
    • Great Innovative Ideas
    • Event Videos
    • Catalyzing Computing Podcast
    • Computing Research in Action
    • Computing Research Highlights
  • Events
    • Upcoming Events
    • Special Events
    • Past Events
    • CCC at AAAS
      • CCC at AAAS 2023
      • CCC at AAAS 2022
      • CCC at AAAS 2020
      • CCC at AAAS 2019
      • CCC at AAAS 2018
      • CCC at AAAS 2017
      • CCC at AAAS 2016
      • CCC at AAAS 2013
  • CCC by CS Area
    • AI /ML / Robotics
    • Architecture / Systems / Networking
    • Databases / Informatics / Data Science / HPC
    • Human-Computer Interaction / Graphics / Visualization
    • IoT / Ubiquitous
    • Programming Languages / Compilers / Software Engineering
    • Security / Privacy / Fairness
    • Theory / Algorithms
    • Miscellaneous
  • Blog
  • Podcast
  • Search
  • Menu

Mechanism Design for Improving Hardware Security


August 24-25, 2022

The Watergate Hotel
The Watergate Hotel, Virginia Avenue Northwest, Washington, DC, USA



Event Contact

Ann Drobnis
adrobnis@cra.org
2022662936


Event Type

2022 Events, 2022 Visioning Activities, Workshop


Event Category

CCC


Tags

computer architecture, computer hardware, systems and architecture

Overview

The Computing Community Consortium (CCC) will hold a visioning workshop on Mechanism Design for Improving Hardware Security on August 24-25, 2022. The workshop will be at The Watergate Hotel in Washington, DC. Workshop attendance will be by invitation only we will review the submitted white papers to help us create the agenda for workshop discussions and select attendees. White papers will be due April 10th, see more in the application tab. Workshop organizers Simha Sethumadhavan (Columbia University) and Tim Sherwood (University of California Santa Barbara) held an orientation webinar on January 13th, 2022 to outline the goals of the workshop and expand on what they are looking for in the white papers. Check out a recap of the orientation in the resources tab.

Join the Slack channel here.

More details about the motivation for the workshop can be found below:

From election security to critical health applications, trustworthy hardware is the bedrock of a modern free and healthy society. Once niche and arcane, the field of hardware security has recently become one of the most pressing issues in cybersecurity. Microarchitectural side channel attacks like Spectre and Meltdown have shown how pervasive, dangerous, and hard-to-fix a hardware attack could be; integrity attacks such as Rowhammer and CLKSCREW show how attackers can practically overwrite user data. As hardware development becomes more like software due to availability of free  hardware designs and tools the prevalence and discovery of these types of design/security problems are likely to accelerate. 

Especially concerning is that these problems, while well-known and publicized, have generally not been fixed pervasively. Why? The answer, perhaps, is not only a lack of technical solutions that are considered practical but also a series of market failures such as information asymmetry, prisoners dilemmas, and markets for lemons, which disincentivize those who are able to fix serious security vulnerabilities from doing so.  

Underpinning these market failures is the fact that hardware security usually comes at a cost in terms of performance, power, or area; present issues in hardware security can be seen as the result of the players in the game of hardware security finding ways of avoiding paying this cost. 

At this workshop, participants will investigate ways to improve the design and uptake of hardware security mechanisms. In addition to looking at traditional technical solutions, the workshop will also consider new mechanisms to incentivize designers, system integrators, and users to create and maintain security of their systems. The workshop will bring together hardware and software security experts and economists and experts in devising and implementing governmental policies.

Questions and topics to be discussed at the workshop include:

  • How do current policies and market structures disincentive hardware oriented security solutions? How do we fix this: what technical and policy frameworks are necessary to make progress in this area?
  • What are the mechanisms necessary to enforce a government mandate that says that X% of the performance or cost should be set aside for security? What mechanisms are necessary to determine X? How often should X be determined? Is there a quantitative approach for the organization to use up this security budget? How would this be enforced on user systems? Are there alternate government mandates that are actionable and can be supported technically?
  • Is there an equitable way to proportion the benefits of security and impacts of security attacks? What hardware support, if any, is necessary to facilitate this process? (insurance)
  • How do we establish a chain of responsibility for malicious and negligent action while also maintaining privacy?
  • Are the mechanisms for hardware security different from those required for privacy?
  • How can hardware innovations (e.g. U2F tokens) fundamentally impact software dark economies
  • What incentives are necessary to patch hardware bugs in a timely manner?
  • What education/certification requirements are necessary for increasing the awareness and application of hardware security solutions?
  • Are there parallels to software certification requirements for hardware? What would this assurance/certification requirements look like?
Agenda

August 24, 2022 (Wednesday)

12:30 PM Rapid Covid Tests Available | Cecchi Foyer
01:00 PM Welcome Reception with Lunch Available | Whisky Terrace
02:00 PM Welcome and Opening Remarks | Cecchi Ballroom
02:30 PM Incentivizing Cybersecurity: Paul Rosenzweig | Cecchi Ballroom

Abstract:  All technological development is bottomed, in the end, on human behavior.  So the key to good cybersecurity is to incentivize humans.  The question is how?  And the answer lies in the economics of cybersecurity.  It is, mostly, a private domain with lots of externalities.  Economic theory tells us that we can mitigate those externalities with taxes, subsidies or regulation.  But those solutions come with their own problems.  In the end, we face the challenge of a economic control structure from the horse and buggy era that needs to deal with technological developments that occur at Tesla speed.

03:00 PM Group Discussion: Incentivizing Cybersecurity | Cecchi Ballroom
03:45 PM Reflections on Assurance: Steve Lipner | Cecchi Ballroom

Abstract: This brief presentation will introduce the problem of assurance of cybersecurity and review some of the history that led the software industry to make assurance a priority. It will then review approaches to creating and scaling processes for improving the assurance of real-world software products and services. The key finding after more than twenty years’ experience is that software security assurance is similar to other attributes of product quality and is a responsibility of developers and subject to continuous improvement based on root-cause analysis of discovered problems. The presentation will discuss the issues raised by a need for certification and of product security, and wrap  up with some thoughts on hardware security and the workshop questions and topics.

04:15 PM Group Discussion: Bringing About Change | Cecchi Ballroom
04:45 PM BREAK | Cecchi Foyer
05:00 PM Group Discussion: Bringing it to Hardware | Cecchi Ballroom
05:30 PM Breakouts | Cecchi Ballroom/Boardroom/Corning
06:30 PM Report Back | Cecchi Ballroom
07:30 PM Dinner | Kingbird Terrace

August 25, 2022 (Thursday)

08:00 AM Breakfast | Whisky Terrace
09:00 AM Recap Day 1 | Cecchi Ballroom
09:15 AM Regulating Security: Success and Pitfalls: Kevin Fu | Cecchi Ballroom
09:45 AM Group Discussion: Regulations | Cecchi Ballroom
10:15 AM BREAK | Cecchi Foyer
10:30 AM Industry Panel: Complexities in Productizing Security and What Incentives Would Really Work? (Claire Vishik, Phil Vachon, Jason Oberg) | Cecchi Ballroom

This panel will feature a discussion on industry participants at various stages of development and will explore barriers to adoption, important real-world constraints often under-considered in research, and lessons learned.

11:30 AM Breakouts | Cecchi Ballroom/Boardroom/Corning
12:15 PM LUNCH | Whisky Terrace
01:15 PM Breakouts Report Back | Cecchi Ballroom
01:45 PM Report Writing | Cecchi Ballroom
02:45 PM Group Discussion | Cecchi Ballroom
03:15 PM BREAK | Cecchi Foyer
03:30 PM Writing Breakouts | Cecchi Ballroom/Boardroom/Corning
04:00 PM Government Updates: Ryan Craven (ONR), Sanjay Rekhi (NIST), Vivek Menon (NRO), Gang Qu (NSF), Lok Yan (Darpa) | Cecchi Ballroom
04:45 PM Wrap up and Next Steps | Cecchi Ballroom
05:00 PM Workshop Ends | Cecchi Ballroom
Organizers

Organizing Committee:

Simha Sethumadhavan, Columbia University
Simha
Tim Sherwood, UC Santa Barbara
Sherwood
Logistics

The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Participants are asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.

In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; and no alcohol will be covered.

For more information, please see the Guidelines for Participant Reimbursements from CCC.

A virtual participation option will be available for participants who are not comfortable attending in person.

Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).

Application

At this workshop, participants will investigate ways to improve the design and uptake of hardware security mechanisms. In addition to looking at traditional technical solutions, the workshop will also consider new mechanisms to incentivize designers, system integrators, and users to create and maintain security of their systems. The workshop will bring together hardware and software security experts and economists and experts in devising and implementing governmental policies.

We seek short white papers to help create the agenda for the workshop and select attendees. White papers are due April 10th, you can submit them here.

For participation in this workshop, we request white papers of no more than two pages. Topics of interest include, but are not limited to:

  • How do current policies and market structures disincentive hardware oriented security solutions? How do we fix this: what technical and policy frameworks are necessary to make progress in this area?
  • What are the mechanisms necessary to enforce a government mandate that says that X% of the performance or cost should be set aside for security? What mechanisms are necessary to determine X? How often should X be determined? Is there a quantitative approach for the organization to use up this security budget? How would this be enforced on user systems? Are there alternate government mandates that are actionable and can be supported technically?
  • Is there an equitable way to proportion the benefits of security and impacts of security attacks? What hardware support, if any, is necessary to facilitate this process? 
  • How do we establish a chain of responsibility for malicious and negligent action while also maintaining privacy?
  • How can hardware innovations (e.g. U2F tokens) fundamentally impact software dark economies?
  • What incentives are necessary to patch hardware bugs in a timely manner?
  • What education/certification requirements are necessary for increasing the awareness and application of hardware security solutions?
  • Are there parallels to software certification requirements for hardware? What would these assurance/certification requirements look like?

Workshop organizers Simha Sethumadhavan (Columbia University) and Tim Sherwood (University of California Santa Barbara) held an orientation webinar on Thursday, January 13th, 2022 to outline the goals of the workshop and expand on what they are looking for in the white papers. A recap of the orientation can be found on the resources tab.

 

Resources

Submit white papers here.

Join the Slack channel here.

Workshop Orientation Materials

Pre-recorded presentation

Slide Deck

Q&A Recording

Q&A Transcript

 

 

CRA - Uniting Industry, Academia and Government to Advance Computing Research and Change the World.
CCC - Catalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
Increasing the Success and Participation of Underrepresented Groups in Computing Research.
CRA-E - Addressing society’s need for a continuous supply of talented and well-educated computing researchers.
CERP - Promoting diversity in computing through evaluation and research.
Increasing interaction between industry partners and other organizations involved in computing research for the benefit of all.
CRA Home | Contact Us | Unsubscribe/Removal of Information | Terms of Use         © Copyright 2021 - CRA
The CCC Hybrid Workshop on Best Practices for Hybrid Workshops NITRD 30th Anniversary Commemoration
Scroll to top