Hardware

Recent advances of isolated execution technologies, especially the emergence of Intel Software Guard eXtension (SGX), revolutionize the model of computer security and empower programs with sensitive data and code to be shielded from untrusted operating systems. However, their security guarantees have not yet been thoroughly investigated against the notorious vector of information leakage side-channel attacks. It is conceivable that side-channel attacks with full control of the underlying operating system are more diverse, efficient and robust than those from unprivileged programs.

Increasingly medical devices are dependent on software and the wireless channel for their operations, which also pose new vulnerabilities to their safe, dependable, and trustworthy operations. Medical devices such as implantable insulin pumps, which are in wide use today, continuously monitor and manage a patient's diabetes without the need for frequent daily patient interventions. These devices, not originally designed against cyber security threats, must now mitigate these threats.

Creative educational and research programs need to be developed that will inspire young adults (also known as millennials) to pursue critical skills needed to drive our cybersecurity and STEM future and close the ever increasing cybersecurity talent gap. In this regard, educators and researchers must develop innovative curriculum incorporating emerging technologies, in addition to the theoretical content, to help cultivate and retain a highly skilled cybersecurity workforce.

Ensuring a high level of security and reliability in the electronic computing devices is a significant challenge. Central issues include secure and reliable identification, authentication and integrity checking of underlying hardware. Hardware-based security primitives such as physical unclonable functions (PUFs) are still a work-in-progress in terms of the cost they require to guarantee reliable operation and their resistance to physical attacks.

Recent years have shown the fallacy of Certificate Authorities (CAs); insiders are able to steal master signing keys and impersonate certificates, exploitation of system vulnerabilities and other means of infiltration allow attackers to gain access to CAs and copy their keys, etc. At stake is the mere survival of public key infrastructures as trust in them is bootstrapped from trust in certificates that bind public keys to known identities. The current attack surface exposed by CAs makes trust in their issued certificates questionable.