Travel Info
Previous SOSEs


SOSE 2017 Workshop on Cutting Edge IoT  

Holiday Inn SFO Airport Hotel

April 7, 2017

Moderator / Organizer

Dr. Jeffrey Voas

National Institute of Standards and Technology, USA

Email: j.voas@ieee.org

Jeffrey Voas is a computer scientist at the US National Institute of Standards and Technology (NIST) in Gaithersburg, MD. Before joining NIST, Voas was a Technical Fellow at SAIC and was an entrepreneur who co-founded Cigital, a software testing and security company which now has over 1,000 employees and is now owned by Synopsys (publicly traded). He has served as the IEEE Reliability Society President (2003-2005, 2009-2010, 2017) and served on the IEEE Board of Directors (2011-2012). Voas has authored and co-authored hundreds of papers. Voas co-authored two John Wiley books (Software Assessment: Reliability, Safety, and Testability [1995] and Software Fault Injection: Inoculating Software Against Errors [1998], Voas is on the editorial board of IEEE Computer Magazine and was on the Editorial Advisory Board of IEEE Spectrum Magazine for 4 years. Voas received his undergraduate degree in computer engineering from Tulane University (1985), and received his M.S. and Ph.D. in computer science from the College of William and Mary (1986, 1990 respectively). Voas is a member of IEEE-Eta Kappa Nu , Fellow of the IEEE, Fellow of the Institution of Engineering and Technology (IET), and Fellow of the American Association for the Advancement of Science (AAAS). Voas*s current research interests include block chain and Internet of Things (IOT). Voas is an Adjunct Chair Professor of Computer Science at the National Chiao Tung University in Hsinchu, Taiwan. Voas received the Gold Medal from the US Department of Commerce in 2014 for his work on vetting mobile apps to enhance smartphone security.


8:20 am -8:30 am Dr. Jeffrey Voas (NIST), ※Welcome Message§

8:30 am -9:30 am Dr. Angelos Stavrou (George Mason University), Keynote Speaker

9:30 am -10:15 am Dr. Bill Tonti (IEEE Future Directions Committee Director)

10:15 am 每 10:30 am Coffee Break

10:30 am 每 11:15 am Dr. Apostol Vassilev (NIST)

11:15 am 每 Noon Rick Kuhn (NIST)

Noon 每 1pm Lunch

1:00 pm 每 1:45pm George Hurlburt (STEMCorp)

1:45 pm 每 2:30pm Dr. Joseph Williams (Governor*s Office, State of Washington, USA)

2:30 pm 每 2:45 pm Coffee Break

2:45每 3:30 pm Dr. Ram Sriram (NIST)

3:30 每 4:15 pm Roy Want (Google)

4:15每 5:00 pm Prof. Mahmoud Daneshmand (Stevens Institute of Technology)

5:00 pm Adjourn

Keynote Speaker: Dr. Angelos Stavrou, George Mason University, USA

Title: Leveraging Blockchain-based protocols in IoT systems


The Internet of Things (IoT) encompasses a wide range of processes: sensing, computation, communication, time, context, and data, to name only a few. How does all of these function as a system when using commercially available components that can be purchased from anywhere and at a low cost, and with little or no component pedigree available? To provide some practical answers to the these questions, 
we purchased components and created a set of small use cases to see how it all interoperated. 

In this talk, we will focus on use cases where the application of cryptography is not done properly or the cryptographic libraries employed exhibit security flaws. To that end, we demonstrate the need for mechanisms that will allow low-resource sensors to authenticate and exchange data in a way that does not rely on heavy cryptographic operations. We believe the need for group authentication and message integrity can be adequately satisfied using modified blockchain protocols that rely on proof-of-storage for some of the sensor operations creating groups of networked sensors that prove their membership not only using key material but also historical transactional data. Our work is preliminary but shows how blockchain protocols can be applied in IoT systems in a meaningful manner solving an actual need without the burden of complex operations that usually accompany the blockchain concept.

About the speaker:

Dr. Angelos Stavrou is an Associate Professor at George Mason University and the Director of the Center for Assurance Research and Engineering (CARE) at GMU. Stavrou has served as principal investigator on research awards from NSF, DARPA, IARPA, DHS, AFOSR, ARO, ONR, and he is an active member of NIST's Mobile Security team and has written more than 90 peer-reviewed conference and journal articles. Stavrou received his M.Sc. in Electrical Engineering, M.Phil. and Ph.D. (with distinction) in Computer Science all from Columbia University. He also holds an M.Sc. in theoretical Computer Science from University of Athens, and a B.Sc. in Physics with distinction from University of Patras, Greece. Stavrou is an Associate Editor of IEEE Transactions on Reliability and IET Journal on Information Security. His current research interests include security and reliability for distributed systems, security principles for virtualization, and anonymity with a focus on building and deploying large-scale systems. Stavrou received the GMU Department of Computer Science Outstanding Research Award in 2010 and 2016 and was awarded with the 2012 George Mason Emerging Researcher, Scholar, Creator Award, a university-wide award. In 2013, he received the IEEE Reliability Society Engineer of the Year award. He is a NIST guest researcher, a member of the ACM and USENIX, and a senior IEEE member.

Speaker: William Tonti, IEEE Future Directions Committee Director

Title: Hardening the Internet of Things 〞 Requirements for Commercial Technology Implementation


Please click here for extended abstract

About the speaker:

Dr. Tonti holds a BSEE from Northeastern University, an MSEE and a P.h.D  from the University of Vermont, and an MBA from St. Michael*s College. He retired from IBM in 2009 after 30+ years of service, working as the lead semiconductor technologist for a large part of his career.   Dr. Tonti  holds in excess of 290 issued  patents, and has been recognized as an IBM Master Inventor.  He was honored by having his 250*th patent issue transcribed into the U.S. Congressional Record.   Dr. Tonti is a Fellow of the IEEE a past IEEE Reliability Society President, a recipient of the IEEE Reliability Engineer of the Year award, and the IEEE 3*rd Millennium medal.  Dr. Tonti joined IEEE in 2009 as the Director of IEEE Future Directions where he works alongside staff and volunteers to incubate new technologies within the IEEE.

Speaker: Apostol Vassilev, NIST

Title: Entropy as a Service: unlocking the full potential of cryptography


Securing the Internet requires strong cryptography, which depends on good entropy for generating unpredictable keys. Cryptography is fundamentally important for protecting data in transit over the Internet or at rest on devices. Today, the security of data protected by cryptography depends not on secret algorithms, but primarily on having strong keys and keeping them secret. Generating strong cryptographic keys is no simple matter, however. Experts recommend using deterministic random bit generators (DRBGs), but the sequence of numbers generated by a DRBG can be traced predictably to the seed (initial value) supplied to the generator. Thus, DRBGs must be seeded with hard-to-guess random data from a reliable source. In information theory, such so-called ※high-entropy§ sources provide true randomness. They are usually based on nondeterministic physical processes such as ring oscillators or some kind of quantum behavior. In contrast, most practical computer systems rely on events like mouse movements, keyboard stroke timings, network events, and hard-disk access times to generate hard-to-guess random data for seeding DRBGs. Although sometimes plausible, such sources often provide only a limited amount of unpredictability. This problem is exacerbated in computing environments that often lack the sources of nondeterminism harnessed by traditional computers for harvesting entropy: embedded devices, IoT devices with limited computational capabilities, cloud computing, etc. This talk introduces entropy as a service architecture that provides entropy from a decentralized root of trust, scaling across diverse geopolitical locales and remaining trustworthy unless much of the collective is compromised. This novel approach is intended to address the proverbial Achilles* heel of cryptographic security protection, namely the lack of strength of the keys used to protect critical data and enable clients on the Internet and IoT to benefit from high-quality entropy in order to unlock the full potential of cryptography.

About the speaker

Dr. Vassilev is a Research Team Lead in the Security Testing Validation & Measurement Group at NIST. He is an active participant in several national and international cryptographic standards groups. Dr. Vassilev works closely with academia, industry and government agencies on the development and adoption of novel approaches to cybersecurity testing and measurement. He is a chairman of the government-industry working group dedicated to modernizing Cryptographic Validation Programs at NIST through automated machine-based testing methodologies. Dr. Vassilev holds a Ph.D. in Mathematics. He holds six US patents and has authored over thirty papers in leading scientific journals.

Speaker: Rick Kuhn, NIST

Title: Combinatorial Methods for Testing Networks of Things


Combinatorial testing (CT) is a proven method for more effective software testing at reduced cost. This method takes advantage of the empirically determined interaction rule, which is based on analysis of thousands of software failures. The rule states that most failures are induced by single factor faults or by the joint combinatorial effect (interaction) of two factors, with progressively fewer failures induced by interactions between three or more factors. Therefore if all faults in a system can be induced by a combination of t or fewer parameters, then testing all t-way combinations of parameter values is pseudo-exhaustive and provides a high rate of fault detection. New algorithms compressing combinations into a small number of tests have made CT practical for industrial use, making it possible to do better testing at lower cost. The talk explains the background, method, and tools available for combinatorial testing, with examples and case studies. Traditional methods such as covering arrays from statistical Design of Experiments will be included, along with extensions such as sequence covering arrays, and measures of combinatorial coverage. New results on using combinatorial methods for detection of certain types of faults without a conventional test oracle will also be introduced. Applications to "Internet of Things" testing will be illustrated using the Voas IoT primitives: sensors, aggregators, communication channels, e-utilities, and decision triggers. 

About the speaker

Rick Kuhn is a computer scientist in the Computer Security Division of the National Institute of Standards and Technology. He is an author of two books and more than 100 publications on information security and software assurance, and is a senior member of the Institute of Electrical and Electronics Engineers (IEEE). He co-developed the role based access control model (RBAC) used throughout industry, and led the effort establishing RBAC as an ANSI standard. Before joining NIST, he worked as a systems analyst with NCR Corporation and the Johns Hopkins University Applied Physics Laboratory. He received an MS in computer science from the University of Maryland College Park, and an MBA from the College of William & Mary. 

Projects & bio: http://csrc.nist.gov/staff/Kuhn/kuhn_rick.html

Publications: http://scholar.google.com/citations?user=1ZdBywEAAAAJ&hl=en

Speaker: George Hurlburt, STEMCorp

Title: Modeling in a NOT Environment


The Internet of Things (IOT) is best considered a federate of loosely connected Networks, of Things (NOT) each oriented around a purposeful function. Each NOT requires a rigorous design architecture to satisfy its desired engineering intent. Fortunately, architecture has evolved from a relationally based technology to a graph based approach, whereby network dynamics and be more precisely modeled. The emerging National Institute for Standards and Technology (NIST) roadmap for NOT design serves as a useful framework for a generalized NOT graph model. This Tutorial lays the groundwork to build a graph model based ontology using the NIST NOT framework. The intent is to instantiate real data world data over this emergent model within a graph database. The goal of this research effort is to demonstrate the utility of an overarching graph ontology as both a diagnostic and run-time tool for IOT related activity from the NOT perspective. A secondary goal is to develop straightforward data entry into a persistent store for automated triple generation, thus increasing utility and reducing the learning curve for use. The tutorial concludes by exploring advanced concepts such as built in rule based test procedures, graph metrics as dynamic performance and pattern indicators and applicability to other related domains.

Speaker: Dr. Joseph Williams, Governor*s Office, State of Washington, USA

Title: Securing a vision for IoT


Businesses in the IoT space, both those operating today and others still to come, are providing the connectivity and analysis that will shape our lives in the years ahead. IoT will complement our existing business strengths and change the way we work, live and play. There is a delicate but important dance that must happen with economic development for IoT and protecting the public interest against potential IoT abuses. 

About the speaker

Dr. Joseph Williams is Governor Jay Inslee's ICT Sector Lead and the State of Washington's Director of Economic Development for its booming ICT industry. Previously an executive with Microsoft and the dean of the School of Business, Government, and Economics at Seattle Pacific University, Dr. Williams was the host of the recent Washington State IoT Summit, which focused on the very topics in this session.

Speaker: Ram D.Sriram, NIST

Title: Toward Internet of Everything: Architectures, Standards, and Interoperability


The Internet, which has spanned several networks in a wide variety of domains, is having a significant impact on every aspect of our lives. These networks are currently being extended to have significant sensing capabilities, with the evolution of the Internet of Things (IoT). With additional control we are entering the era of Cyber-physical Systems (CPS). In the near future the networks will go beyond physically linked computers to include multimodal-information from biological, cognitive, semantic, and social networks. This paradigm shift will involve symbiotic networks of people (social networks), smart devices, and smart phones or mobile personal computing and communication devices that will form smart net-centric systems and societies (SNSS). These devices 每 and the network -- will be constantly sensing, monitoring, interpreting, and controlling the environment. A key technical challenge for realizing the ※Internet of Everything (IoE)§ is that the network consists of things (both devices and humans) which are heterogeneous, yet need to be interoperable. In other words devices and people need to interoperate in a seamless manner. This requires the development of standard terminologies (or ontologies) which capture the meaning and relations of objects and events. Creating and testing such terminologies will aid in effective recognition and reaction in a network-centric situation awareness environment. In this talk, I will provide a unified framework for Internet of Things, Cyber-Physical Systems, and Smart Networked Systems and Societies, and then discuss the role of ontologies for interoperability. I will also describe representative projects at the National Institute of Standards and Technology. 

About the speaker

Ram D. Sriram is currently the chief of the Software and Systems Division, Information Technology Laboratory, at the National Institute of Standards and Technology. Before joining the Software and Systems Division, Sriram was the leader of the Design and Process group in the Manufacturing Systems Integration Division, Manufacturing Engineering Laboratory, where he conducted research on standards for interoperability of computer-aided design systems. Prior to joining NIST, he was on the engineering faculty (1986-1994) at the Massachusetts Institute of Technology (MIT) and was instrumental in setting up the Intelligent Engineering Systems Laboratory. Sriram has co-authored or authored more than 250 publications, including several books. Sriram was a founding co-editor of the International Journal for AI in Engineering. Sriram received several awards including: an NSF*s Presidential Young Investigator Award (1989); ASME Design Automation Award (2011); ASME CIE Distinguished Service Award (2014); the Washington Academy of Sciences* Distinguished Career in Engineering Sciences Award (2015); ASME CIE division*s Lifetime Achievement Award (2016). Sriram is a Fellow of IEEE, ASME, AAAS and Washington Academy of Sciences, a member (life) of ACM and AAAI. Sriram has a B.Tech. from IIT, Madras, India, and an M.S. and a Ph.D. from Carnegie Mellon University, Pittsburgh, USA.

Speaker: Roy Want, Google Android

Title: Making the Internet of Things Great Again


In a world of billions of Internet connected smart devices, preferentially discovering things situated nearby and allowing easy user interaction with them, creates a powerful filter for users to overcome the scale and complexity of this global system. Merging the virtual World Wide Web with nearby physical devices that are part of the Internet of Things (IoT), will allow anyone with a mobile device (such as a smartphone), to walk up, and with the appropriate authorization, monitor or control anything. This is the vision of the Physical Web project at Google, and this talk will describe its motivation, goals, and how it's being made ubiquitously available to all users.

About the speaker

Dr. Roy Want graduated from Cambridge University, England in 1988. He is currently a Research Scientist at Google. Previous positions include Sr. Principal Engineer at Intel Corporation, and a Principal Scientist at Xerox PARC. He holds the grade of ACM and IEEE Fellow. His research interests include mobile and ubiquitous computing, distributed systems, context-aware operation, and electronic identification. He has more than 25 years* experience working in the field of mobile computing. He served as the Editor-in-chief for IEEE Pervasive Computing from 2006-2009, and he is currently the Past Chair for ACM SIGMOBILE. To date, he has authored or co-authored more than 75 publications, with 70 issued patents in this area. For more information about Dr. Want's academic and industrial achievements see http://www.roywant.com/cv/vita.htm.

Speaker: Mahmoud Daneshmand, Stevens Institute of Technology

Title: The ※Internet of Things§ (IoT) Challenges


Billions of ※things§ connected to the Internet are generating mountains of Data on all aspects of the human life. Unlike the traditional ※Static Data§, the IoT data is dynamic, it is ※Data in Flight§, ※Data in Motion§, also called ※Streaming Data§. Data streams arrive continuously and so rapidly that it is not feasible or useful to store in a conventional database and analyze at the time of our choosing, if it is not processed immediately, its operational value and use might be lost forever. The Nature of Data Analytics has changed. ※The challenge of IoT today is making sense of all the data we*re creating and capturing§, says Ginni Rometty, chairman, president and CEO of IBM. ※Analytics Are a Key Part of Value Creation in IoT§, says Pankaj Patel, (ex) EVP of Cisco. The Biggest Challenge of IoT is near-real-time Management and Analytics of ever-increasing Streams of data generated by IoT.
This talk presents the End-to-End IoT System including: ※things domain§, ※device domain§, ※network domain§, ※service domain§, and ※end user domain§, as well as challenges associated with each of these domains. Emphasize will be on end-to-end IoT Data Streams Analytics challenges including: data acquisition, data communications & networking, data quality & reliability, data security & privacy, fog/edge & cloud computing, and stream data analytics technologies. Future academia & industry challenges including research directions and opportunities emerging from disruptive technologies of: IoT, and near real-time large-scale Big Data Streams Analytics will be covered.

About the speaker

Dr. Daneshmand is Professor of Department of Business Intelligence & Analytics as well as Department of Computer Science at Stevens Institute of Technology. He has more than 35 years of Industry & University experience as Professor, Researcher, Assistant Chief Scientist, Executive Director, Distinguished Member of Technical Staff, Technology Leader, Chairman of Department, and Dean of College at: Bell Laboratories; AT&T Shannon Labs每Research; University of California, Berkeley; University of Texas, Austin; Sharif University of Technology; University of Tehran; New York University; and Stevens Institute of Technology. 
He has Ph.D and M.S. degrees in Statistics from the University of California, Berkeley; M.S. and B.S. degrees in Mathematics from the University of Tehran. He is well recognized within the academia and industry and holds key leadership roles in IEEE Journal Publications, Conferences, and Industry每IEEE Partnership. He has served as General Chair, Keynote Chair, Panel Chair, and Technical Chair of many IEEE major conferences. He has given several Keynote speeches in IEEE as well as international conferences. He is an expert on IoT Big Data Streams Analytics, and Co-Founder and chair of the Streaming Committee of the IEEE IoT Journal.