Name Email Affiliation Perspective and Expertise Position Paper Biography
Charles Clancy tcc@vt.edu Virginia Tech Software security on embedded systems will be a mostly solved problem as 5G homogenizes computational resources and we can apply best practices from IT world to the OT world; the security frontier then becomes the sensors, actuators, and control logic that sit on top of this infrastructure and realize complex cyber-physical systems.

The machine learning renaissance is significantly improving the performance of sensor signal processing and control algorithms, but there is no way to train these systems under all adversarial inputs in order to build provably secure systems. Thus the grand challenge for the future of IoT/CPS security becomes securing these complex autonomous systems in an era of black-box deep learning AI.

Clancy position paper Clancy bio
Dongyan Xu dxu@cs.purdue.edu Purdue University Dongyan position paper Dongyan bio
Reza Azarderakhsh razarderakhsh@fau.edu Florida Atlantic University and PQSecure Technologies I am an active researcher in the area of post-quantum cryptography on embedded devices including hardware and software platforms. I have published more than 15 papers in top venues in this topic only. My research has been supported by NSF, NIST, and ARO as well as industry. I teach a course on “Cryptographic Engineering and Labs” at FAU. I am part of submission of NIST standardization process for post-quantum cryptography Reza position paper Reza bio
Carl Landwehr carl.landwehr@gmail.com George Washington University My perspective is that of an experienced researcher and former NSF and IARPA Program Manager, now semi-retired. I currently support NSA’s Science of Security research program and pursue other interests that seem likely to make a difference in improving the (sad) state of cybersecurity in our cybperinfrastructure. Further details on my career and pubiications are available at http://landwehr.org Carl position paper Carl bio
Susan Squires susan.squires@unt.edu University of North Texas It is only through the combination of the social and technical disciplines that will give us new insights on how security decisions are made within the group context leading us to novel security solutions. As an anthropologist with a knowledge of technology and the social sciences, I have tried to provide a bridge linking technology to human factors both on the individual and group levels. The collaboration of the social and technical is not easy but has great potential if realized. Susan position paper Susan bio
Patrick Schaumont schaum@vt.edu Virginia Tech I have worked for several years on side-channel analysis and fault injection. I have also worked on hardware-software codesign and cryptographic engineering for embedded systems. My perspective is on the secure composition problem in embedded systems. While we understand very well how to build larger systems from components (modules, processors, memories, ..), we don’t understand yet how to extrapolate security properties from smaller modules to the embedded system. Patrick position paper Patrick bio
David Maimon dmaimon@umd.edu University of Maryland David position paper David bio
Hassan Salmani hassan.salmani@howard.edu Howard University My research background is on hardware security and trust and hardware Trojans (HTs) in specific. HTs have imposed significant threats on electronic devices. Majority of research has been focused on detecting and preventing HTs whose implementation and operation are limited into one integrated circuit. However, Internet of Things (IoT) enable attackers to gain remote access to electronic devices (embedded systems) and load malicious firmware. Such capability makes it possible to realize software-controlled HTs whose implementation may not leave considerable footprints but their impact can be widespread. Therefore, HTs in IoT demand specific attention. Hassan position paper Hassan bio
Peter Harsha harsha@cra.org CRA I’m Director of Government Affairs for the Computing Research Association (the parent organization of CCC), so I spend a lot of time thinking about the intersection of computing research and policy. I’d bring an understanding of the current policy environment and a hope to understand what a research agenda in embedded security looks like and how to convey that best to policymakers. no position paper or bio
Dong Wei dong.w@siemens.com Siemens Corporate Technology Purdue Enterprise Reference Architecture (PERA) has been around for almost 30 years. The layered-architecture includes devices and software components from Level 0 to Level 4. There is a clear boundary between IT and OT. Nowadays, most manufactories just place security device (firewall, VPN, etc.) at the entrance point of the plant floor network, assuming that 1) plant floor networks are static after the production line is placed into production; 2) cyberattacks only come from devices external to the plant floor network. However, the rapid convergence between IT and OT has been observed in the manufacturing industry, more and more devices in IT and OT exchange data directly. Therefore, it is obvious that the layer-architecture will be replaced by a meshed-architecture, and the above mentioned two assumptions do not hold anymore. This transformation from PERA to post-PERA architecture is shown in the following diagram. Thus, the following questions are raised naturally – what does it mean for cybersecurity in the new manufacturing industry? What cybersecurity challenges are introduced? What can we, as cybersecurity professionals, do to address those new challenges? Dong position paper Dong bio
Benjamin Justus benjamin.justus@siemens.com Siemens Corporation Benjamin position paper Benjamin bio
George Burrus gburruss@usf.edu University of South Florida My research to date focuses on the social-psychology of cybercrime motivations and the systems’ response to the problem. The current state of cybersecurity research is limited as the vast amount of generated data remains unavailable to researchers. My hope is to forge an interdisciplinary research collaboration that will involve government agencies as well as industry. We can only begin to do that by showing stakeholders that our research is of value to the practice of cybersecurity. George position paper George bio
Ken Hoyme ken.hoyme@bsci.com Boston Scientific I have had a 35 year career working in industrial research and R&D in safety and security critical cyber-physical systems (aviation, medical devices, etc.) I have been involved in government funded research, working with academia, standards activities and interactions with regulators. I have also designed life-critical systems that are in use every day – 24/7/365. I have published and been granted patents. I have co-chaired a standards group on medical device security. I believe this provides a unique perspective on the topics to be addressed in this workshop as I can bridge from research to fielded systems. Ken position paper Ken bio
Carl Gunter cgunter@illinois.edu University of Illinois I have worked on security for embedded devices in the power grid, healthcare, and home settings. Carl position paper Carl bio
Todd Carpenter todd.carpenter@adventiumlabs.com Adventium Lab I develop safe and secure solutions for mission-critical and life-critical embedded systems in commercial and military avionics, medical devices, space, and industrial control. Many of the issues and solutions needed in one domain share similarities with other domains. The IoT revolution with ubiquitous computing, sensing, actuation, networking, and information collection has the potential to enhance global culture and standards of living, yet serious safety and security implications remain unaddressed. I would like to be involved to encourage new education and research into solving these issues. Todd position paper Todd bio
Sean Smith sws@cs.dartmouth.edu Dartmouth College Education: For close to 20 years, I have been deeply involved in education: developing and teaching course in wide variety of computer systems and cybersecurity topics—including authoring a textbook (“The Craft of System Security.”) More recently, I developed and taught a course on IoT security—and published a book on that last year with O’Reilly (“The Internet of Risky Things”) Research: For close to 15 years, I have worked in a consortium looking at cybersecurity in the power grid–and by extension, the smart grid and IoT. Prior to returning to academia in 2000, I worked in industry on embedded system security. Sean position paper Sean bio
Bart Knijnenburg bartk@clemson.edu Clemson University I can bring a decision-making and user interface perspective to the workshop. In this regard, my expertise is as follows: – My research is about understanding smart technology users’ privacy decision-making practices.

– I have an NSF grant on “using process tracing to improve household IoT users’ privacy decisions”.

– Our work on the data-driven development of IoT privacy-setting interfaces recently won the best paper award at the Intelligent User Interfaces conference.

Bart position paper Bart bio
Vivek Venugopalan vivekv@isi.edu University of Southern California – Information Sciences Institute I have 7 years of industry experience with cyber physical system security for aerospace and building systems. Specifically, I would like to offer an industry perspective on product security which is critical in today’s embedded system landscape. My experience in my current role as a contributor on federally funded projects has given me an insight into academic research and the TRL of different security solutions. We need to educate, motivate, and train the next generation of students to be ready for the challenges in embedded system security. Vivek position paper Vivek bio
Brad Reaves bgreaves@ncsu.edu North Carolina State University

I am an assistant professor with a primary research focus on network and application security. measuring and improving the security and privacy of computer systems, with a particular emphasis on telephone networks and software for mobile platforms. My research integrates knowledge from fields as diverse as signal processing and digital communications; data science, machine learning, and statistics; cryptography; program analysis; reverse engineering; and Internet and telephone networks.

One key theme of my research is providing security in legacy systems that do not provide confidentiality or integrity guarantees.

My position paper highlights the role of voice and multimedia in modern embedded systems and highlights key open research questions about providing confidentiality, privacy, integrity, and authentication for voice and multimedia security.

Brad position paper Brad bio
Sauvik Das sauvik@gatech.edu Georgia Tech I recently completed my Ph.D. in Human-Computer Interaction from Carnegie Mellon University, where I wrote a dissertation on how social influences affect cybersecurity behaviors and how to design security systems that better take advantage of human social behaviors. I’m now faculty at Georgia Tech, where I’m continuing my research along these lines – specifically, designing, implementing and evaluating cyberphysical systems that encourage better end-user security and privacy behaviors. Sauvik position paper Sauvik bio
Insup Lee and Jim Weimer lee@cis.upenn.edu University of Pennsylvania Cyber-physical systems security; Internet-of-medical-things; embedded real-time systems; runtime verification Insup position paper Insup bio
Michael Nowatkowski mnowatkowski@augusta.edu Augusta University I am an Associate Professor of Information Security with the Augusta University Cyber Institute and the Program Director for Cyber Science with the School of Computer and Cyber Sciences. I hold a PhD and Master of Electrical and Computer Engineering from Georgia Institute of Technology and a Bachelor of Science in Electrical Engineering from Rose-Hulman Institute of Technology. I teach courses in protocol analysis, ethical hacking, embedded systems, and hardware reverse engineering. In the past, I have taught several courses about analog and digital electronics. I have been in academia for over ten years. Michael position paper Michael bio
Ingrid Verbauwhede ingrid.verbauwhede@esat.kuleuven.be KU Leuven – COSIC & UCLA Ingrid Verbauwhede’s main expertise includes system and architecture design, embedded system, ASIC and FPGA design and design methodologies for real-time, low power embedded security systems. She will bring her experience in interdisciplinary research linking design for security with novel technologies and circuits as well as investigating the requirements of novel cryptographic algorithms on secure hardware and HW/SW co-design to the workshop. Ingrid position paper Ingrid bio
Alvaro Cardenas alvaro.cardenas@utdallas.edu University of Texas at Dallas

A decade ago (in the Usenix Security 2008 workshop HotSec) I presented my second paper on how control theory and cyber-security needed to work hand in hand to address the new emerging risks of cyber-physical systems. This paper has become one of my most cited papers, and in the decade following this publication, we have seen a large and active academic community using concepts in control theory to improve the security of cyber-physical systems. I would like to use this opportunity to return a decade later to another workshop associated with Usenix Security and discuss my perspective on the developments in this field in the last decade, which have been summarized in a recently accepted article at the ACM Computing Surveys journal.

Alvaro position paper Alvaro bio
Dan Holcomb holcomb@engin.umass.edu UMass Amherst Academic researcher focused on securing future embedded systems. Background is in hardware design, security, and design automation. Dan  position paper Dan bio
Robert Dick dickrp@umich.edue University of Michigan

My background is in embedded systems analysis and design. I have experience with security and privacy challenges in wireless, infrastructureless, defect-tolerant networks and with MMU-directed techniques for processor-memory bus encryption. I also co-founded and served as CEO of a wearable electronics company. Although my work on embedded systems has been broad, I have led two projects on the topic of security and intend to work heavily on security in large-scale IoT systems in the future.

I think my background in integrated circuits, optimization, VLSI, algorithms, operating systems, and technology commercialization may add something of value to the conversation and hope it is possible to attend.

The position paper is co-authored by Mingyan Liu and Armin Sarabi who would also like to attend. I have asked them to submit their own biographies.

Robert position paper Robert bio
Denise Anthony ingrid.verbauwhede@esat.kuleuven.be Dartmouth & University of Michigan (as of 09/2018) I am a sociologist with expertise on user privacy perceptions and behavior. Much of the focus of my work is in health care, though I also work on privacy related to mobile and embedded technologies in general. As of September 2018 I will be moving to the School of Public Health (and also Sociology) at University of Michigan. Denise position paper Denise bio
Armin Sarabi arsarabi@umich.edu University of Michigan The growing number of IoT devices, and the ever-changing flaws and attack vectors that affect these systems, calls for machine learning enabled frameworks that can automatically detect failures and threats. My background in data-driven security allow me to contribute to this field by guiding the development of such tools for real-time assessment of IoT systems. Armin position paper Armin bio
Dan Massey Daniel.Massey@colorado.edu University of Colorado Boulder I’m particularly interested in security for cyber physical systems. My current interests focus on vehicle cybersecurity and I’ve recently been appointed to lead the University of Colorado effort on integrating cybersecurity education across the campus. My past experience includes a mix of academic, industry, and governmental work. In Fall 2017, I returned to academia after working as a Homeland Security program manage. In 2018, I’m working with an international team on vehicle cybersecurity issues and testified before relevant groups at the European Union. Prior to joining DHS, my cybersecurity related work focused primarily on network security. Dan position paper Dan bio
Miroslav Pajic miroslav.pajic@duke.edu Duke University My research focuses on design of high-assurance embedded and cyber-physical systems (CPS) with varying levels of autonomy and human interaction; the main objective is to provide strong safety and performance guarantees even in the presence of attacks and malicious activity. Consequently, my work is at the confluence of embedded systems, formal methods and control theory, with applications ranging from automotive and medical CPS, to industrial automation. My work also combines theoretical results with system building and development of open experimental platforms for design of secure embedded and CPS components. My work has resulted in first public demonstration of attack-resilient control on a real American Built Car (whose model we cannot disclose) as part of the DARPA HACMS program, as well as several technology transfers into industry (more details can be found in the attached CV). Miroslav position paper Miroslav bio
Edward Suh suh@ece.cornell.edu Cornell University I have strong technical backgrounds in the intersection of hardware (computer architecture) and security. I’d be interested in discussing how hardware and software should be designed together to build secure embedded systems and how we can provide strong security assurance of a whole (both hw and sw) system. Edward position paper Edward bio
Mingyan Liu mingyan@umich.edu University of Michigan I’m been working in systematic risk quantification at a firm level, which involves aggregating data collected at the host level and applying various feature extraction and machine learning techniques. The position paper submission is joint with two colleagues. Mingyan position paper Mingyan bio
Jim Davis jdavis@oit.ucla.edu UCLA & Clean Energy Smart Manufacturing Innovation Institute

My perspective and expertise is on cyber security in manufacturing and cyber security with university research from the perspective of a CIO.

I was lead technical author of the MForesight 2017 Report, “Cybersecurity for Manufacturers: Securing the Digitized and Connected Factory” https://turing.cra.org/ccc/wp-content/uploads/sites/2/2017/10/MForesight-Cybersecurity-Report.pdf.

As Principal CIO Advisor for the Clean Energy Smart Manufacturing Innovation Institute (CESMII).

I was CIO at UCLA from 2000 – 2015 and am not Academic CTO focused on IT in research education and public private partnership programs

Jim position paper Jim bio
Mastooreh Salajegheh and Mihai Christodorescu msalajeg@visa.com Visa Research Mastooreh position paper  bios
Jean-Baptiste Jeannin and Baris Kasikci jeannin@umich.edu University of Michigan

Jean-Baptiste Jeannin brings a unique perspective on security for aircraft, from small drones to airliners. His background is in formal verification applied to aircraft safety and security.
Baris Kasikci’s research is centered around developing techniques, tools, and environments that help developers build more reliable, secure, and efficient software. He is particularly interested in developing techniques and building systems that allow programmers to better reason about their code.

position paper bio
Kyle Ingols kwi@ll.mit.edu MIT Lincoln Laboratory

MIT Lincoln Laboratory serves to bridge the gap between academic research and fielded systems in support of US national security. Messrs. Bush and Ingols, and their colleagues, though members of the Cyber Security and Information Sciences division, are frequently called upon to collaborate with Lincoln’s other mission areas on a wide variety of hard problems in security, running the gamut from satellites to undersea systems, from large RADARs to microelectronic fabrication, from standalone devices to large networks and systems-of-systems. In addition to our interest in the low-level work in the field, we hope our work and their colleagues’ work with critical infrastructure and other Government systems can help to inform the discussion.

Kyle position paper Kyle bio
Jorge Guajardo jorge.guajardomerchan@us.bosch.com Robert Bosch LLC – Research and Technology Center

My research work has spanned several aspects of embedded security including algorithmic optimizations for efficient implementations of cryptographic primitives on constrained processors, side-channel attack countermeasures, secure storage technologies and hardware security and finally protocols. I am very interested in novel solutions to real world security problems which are practical.

Jorge position paper Jorge bio
Michael Dunaway wmd1519@louisiana.edu NIMSAT Institute University of Louisiana at Lafayette

I am Director of the NIMSAT Institute at University of Louisiana, and serve collaterally as Director of the Louisiana Business Emergency Operations Center, and as Chair of the Private Sector/Economic Development Committee of the Governor’s Cybersecurity Commission. I also Chair the Public Safety SuperCluster of the NIST Global City Teams Challenge. These positions are directed toward developing and implementing technologies to enhance public safety and disaster resilience, that depend fundamentally on secure and reliable connectivity between embedded systems, IoT sensors, critical infrastructures, and that interface with human operators and organizations. My contribution to the CCC workshop on Embedded Security would be based on ongoing research at UL in data analytics, SCADA sensors in critical infrastructures, and operational coordination for pre- and post-disaster scenarios, as well as on my involvement in national Smart and Connected Communities programs, specifically focused on Public Safety systems and technologies.

Michael position paper Michael’s bio

Arun Lakhotia’s bio (colleague of Michael who he would like to bring with him if possible)

Daniel Genkin and Yuval Yarom danielg3@seas.upenn.edu University of Pennsylvania and University of Adelaide

position paper Daniel’s bio

Yuval’s bio