A workshop held in conjunction with the 18th ACM Conference on Computer and Communications Security (ACM CCS 2011).
Built on the continuous success of ACM STC 2006-2010, this workshop focuses on fundamental technologies of trusted and high assurance computing and its applications in large-scale systems with varying degrees of trust. The workshop is intended to serve as a forum for researchers as well as practitioners to disseminate and discuss recent advances and emerging issues.
- Submission due: July 18, 2011 (extended deadline)
- Notification: Aug. 15, 2011
- Final version: Aug. 22, 2011 8:00am EDT (hard deadline)
- Workshop date: Oct. 17, 2011 (MONDAY)
Farinaz Koushanfar
Rice University
Keynote title: Trusting The Open Latent IC Backdoors
Abstract:
Since the Integrated Circuits (ICs) form the core computing and communication kernels for the
personal computing, industries, governments and defense in the modern era, ensuring IC trust -- in
the presence of untrusted third-party foundries and unidentified supply chains -- has become a major
challenge. The prohibitive cost of manufacturing state-of-the-art ICs in nano-meter scales has made
the use of contract foundries and third party Intellectual Property (IP) the dominant
microelectronics business practice. The hidden backdoors into the chips are a double-edge sword. On
one hand, the clandestine backdoors embedded by the reliable designers or trusted supply chain
providers enable tracking or having post-fabrication control of the ICs on the production line and
while in-use. On the other hand, the latent backdoors (a.k.a., Trojans) implanted by the untrusted
third-party manufacturer or unknown supply chain entities enable the potential external adversaries
to control, monitor, or to spy the chip software/data contents and communications.
In this talk, we question the contemporary IC backdoor research model directed by interested organizations, primarily defense and government. The talk then suggests better understanding of the hidden backdoor disclosure models to improve the quality and impact of the IC Trust research.
Farinaz Koushanfar is an Assistant Professor in the Department of Electrical & Computer Engineering at Rice University, where she is the Director of Texas Instruments (TI) DSP Leadership University Program. Before joining Rice in 2006, she received her Ph.D. in Electrical Engineering and Computer Science and her M.A. in Statistics both from UC Berkeley. Her research focus is in the area of embedded systems. She creates techniques for synthesis and design of embedded systems with an emphasis on customizable, adaptive, lightweight, and secure devices. Her ongoing projects are focused on hardware protection and trust, security of hardware-based and cyber-physical systems, efficient embedded systems design, and emerging technologies and applications. For her contributions, she has received a number of awards and honors including the Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, ACM SIGDA Outstanding New Faculty Award, Office of Naval Research (ONR) Young Investigator Program (YIP) Award, Army Research Office (ARO) Young Investigator Program (YIP) Award, National Science Foundation (NSF) CAREER Award, Young Faculty Award from the Defense Advanced Research Projects Agency (DARPA), MIT Technology Review TR-35, Intel Open Collaborative Research (OCR) Fellowship, and a Best Paper Award at Mobicom. |
Gaurav Shah
Google
Keynote title: Chrome OS Verified Boot: Scalable Boot Security for a Consumer Operating System
Abstract:
Verified Boot provides cryptographic assurances that the firmware, operating system kernel, and file
system have not been tampered with when a system starts up. This talk will take a technical deep
dive into the design and implementation of Chrome OS Verified Boot. We will explore some of the
novel features of the implementation - fast boot times in spite of verification, a
developer/jail-break mode which provides users with the flexibility to run a different operating
system, and rollback protection that prevents verification of old but properly signed vulnerable
code. Finally, the talk will discuss some of the unique challenges in implementing and managing
verified boot for a consumer operating system.
Gaurav Shah is a software security engineer at Google and part of the Chrome OS security team. At Google, he works on various design, implementation and operational aspects of Chrome OS security including verified boot, key management and enterprise security. Mr. Shah received a BS in Computer Science from Indian Institute of Technology Roorkee and a PhD in Computer Science from University of Pennsylvania. His doctoral dissertation described and analyzed covert network timing channels that can be created without compromising host or network software. His previous research has spanned various aspects of information hiding, intrusion detection, and e-voting security. |
STC 2010 STC 2009 STC 2008 STC 2007 STC 2006