On behalf of the organizing, program, and steering committees, it is our tremendous pleasure to welcome you to the 2017 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST) at the Ritz-Carlton, Tysons Corner in McLean, VA. We return to the Washington, DC metropolitan area due in a large part to the strong attendance from last year's event, and the proximity of government agencies and local industries that are increasingly concerned about issues related to hardware security.
iii program committee for their outstanding efforts and their dedication in creating a high-quality technical program in HOST 2017.
HOST 2017 will also continue to hold industry exhibits where our corporate sponsors will showcase their hardware security solutions. We have secured a large space for the exhibits and demo sessions as well as a larger meeting room for the other events of the technical program. Finally, the conference includes the best paper, best poster, and best hardware demo selection by a group of judges with the award presentation during the reception on Wednesday evening.
vii

Featured Speakers
Keynote 1
Improbabilities of Security Date / Time Tuesday May 2, 2017 / 9:00 -9:45
Speaker Paul Kocher, Cryptography Research
Today's engineering approaches are extremely effective at generating designs that are both highly efficient and virtually certain to harbor vulnerabilities. Paul Kocher will explore architectural trade-offs involving security, and how we will need to rethink traditional engineering approaches as the costs of insecurity increase. Hardware-based security approaches will play a larger role because hardware has intrinsic advantages that increase as systems scale, yet many basic questions remain unsettled such as what metrics best describe progress.
Biography
Paul Kocher is a security researcher and entrepreneur. His technical work includes discovering differential analysis, co-authoring the SSL/TLS protocol, and architecting numerous security hardware cores. He founded Cryptography Research in 1995 and grew the company organically until its acquisition by Rambus for $342M. In April 2017, Paul left Rambus as a full-time employee, but he remains an advisor to Rambus and an advisor and investor in a range of security-related start-ups. Given today's fast growing connectedness among diverse electronic systems, protection against security violations need to be built into such systems. Designing a security infrastructure could not effective if limited to the system level, but rather embedded at the most granular levels of the hierarchy. This presentation will discuss the role of infrastructure IP necessary to ensure hardware security and protect the potential intrusion at the block level and SOC level. It will also address the implications of security, functional safety and reliability requirements on all aspects of SOC lifecycle, design, silicon production, and in-system use. As the Internet of Things (IOT), 5G, Machine Learning, and Cloud Computing reshape the technology landscape, the notion of end-to-end security is becoming a major concern. Specifically in the Datacenter, we are seeing the integration of new forms of accelerators and compute which extend the threat profile. This talk will review the emerging Cloud and Datacenter landscape, the associated security research challenges, and the implications of delivering Hardware based security solutions. The Office of the Deputy Assistant Secretary of Defense for Systems Engineering (ODASD(SE)) is launching an initiative in support of trusted and assured access to advanced semiconductor technology for the Department of Defense (DoD) and well as the broader United States Government (USG). The initiative has three main elements:
(1) development of an alternate trusted photomask capability to preserve long-term trusted access and protection of Intellectual Property, (2) enhanced verification and validation activities at key government laboratories and the promotion of industry best practices and commercial standards in the areas of microelectronics trust and assurance, and (3) the development and transition of technologies in support of a new trust and assurance approach. This presentation will describe these efforts and discuss their status and the overarching management approach. In the recent past we have been witnessing an increasing effort invested in hardware-assisted security, mostly to secure the insecure legacy software. Hardware security schemes are often treated as an afterthought: an extension of the system but not an inherent design metric for the whole system. This limits their adoption and benefit to realworld systems. Emerging applications, for instance in IoT area, increasingly involve large numbers of connected and heterogeneous device swarms and pose crucial challenges on the underlying security architectures. Over the past two decades we have seen hardware security solutions and trends from Trusted Platform Modules (TPM), ARM's TrustZone, and Physically Unclonable Functions (PUFs), to very recent advances such as Intel's SGX and CET. However, despite their advantages these solutions are rarely used by third party developers, make strong trust assumptions about manufacturers, are too expensive for small constrained devices, do not easily scale, or suffer from side-channels. In this talk we will discuss the real-world impact of hardware-assisted security solutions, their strengths and shortcomings as well as new research and development directions. Much of the future success of computing rests on our ability to establish trust in the hardware we build. In this talk, it will be argued that the approach taken to build secure hardware, that is adding security measures to thwart attacks, is fundamentally flawed because practical systems cannot be declared provably secure. Strangely, for security it is better to take away than to give. By removing the mechanisms used to implement attacks, it becomes possible to build large provably safe systems. The approach will be shown applied to code injection and timing-based side channels. While these "subtractive" approaches are powerful, it still remains to be seen if the techniques are composable and applicable to emerging hardware security threats. 
Dr. Wang received his PhD from NCSU in 1996 in computer engineering, working on medical image processing. He transitioned his research interests to cyber security in late 90s while working at IBM and successfully led the creation of a comprehensive set of network security solutions and was awarded with several patents. He joined US army research office to start the cyber security research program in 2003 and was appointed as computer science division director in 2008. He has managed DoD research investment over the past decade that led to the significant advances in scientific foundation of cyber security. He led many new research thrusts, such as WSN security, cyber situation awareness, and lately cyber deception. In 2012 he was given the Army Commander's Award for Civilian Service for outstanding leadership with resulting substantive positive impact to basic science, and transition of research to critical applications and analytical capabilities. In 2016 he was elected Fellow of IEEE for his contribution to cyber security research. This tutorial seeks to showcase the use of Trusted Platform Modules (TPM) and Trusted Execution Environments (TEE) as they pertain to providing isolated security environments and metrics usable by every major component of a platform. Hardware security implementations, modern operating systems including some of their software and firmware utilize measurements from TPMs to ensure the reliability of platforms. We will discuss Intel technologies such as Intel Trusted Execution Technology (TXT) and how it uses TPMs to measure platform components. We will also showcase how BIOS platforms utilize TPMs to ensure the SPI flash has not been tampered with and explain Intel boot guard technology. Furthermore, modern operating systems have dependencies on TPMs and we will discuss how Windows 10 uses them to ensure Virtualization Based Security (VBS) has not been tampered with. Lastly we will also discuss modern TEEs such as ARM TrustZone, and Intel SGX and how those can be used to provide secure code isolation. We will engage with the audience to showcase the usage of TPMs and TEEs by going over their history, their applicability and showing how both are used in hardware, platform firmware and on operating system security features. The objective of this tutorial is to summarize and present the available body of knowledge in trusted and secure design of analog/mixed-signal/RF ICs/IPs, covering both known vulnerabilities and available remedies. Furthermore, this tutorial seeks to discuss the limitations of the current state-of-the-art in this topic, highlight the concomitant risks, and suggest research directions and steps to be taken toward designing, fabricating and deploying trusted and secure analog/mixed-signal/RF circuits. More specifically, a comprehensive survey of the relevant literature will be provided, organized around four themes: (i) hardware Trojans and Trojan states in analog/mixedsignal/RF ICs along with existing detection/prevention methods, (ii) analog/mixed-signal/RF IP piracy scenarios and techniques for proving authenticity and ownership, (iii) analog/mixed-signal/RF IC counterfeiting and detection mechanisms, and (iv) limitations of existing methods in the analog/mixed-signal and RF domain, focusing on the gaps that exist in our current understanding of this problem and potential directions towards filing them and mitigating the threats in analog/mixed-signal/RF ICs/IPs. Crucial and critical needs of security and trust requirements are growing in all classes of applications, manufacturing, automobiles, electronic voting machines, wearable devices etc. The increased integration and reliance on remote and embedded electronics as the basis for personal, commercial, and growing industrial systems in internet of things (IoT) is driving the need for upgraded security and trust in these cyber-physical systems (CPS). Remote access or control of a single sensor or micro-controller by a hacker can lead to full control on entire electronic network. This situation is expanding rapidly posing serious security and privacy challenge to manufacturers as well as customers/operators, and requires immediate and tactfully strategic solution to avoid conceivable property and human losses and to counter the advantage made available to adversaries by the increasing complexity of software and hardware and the additional flexibility provided by mobile devices to interact with these systems.
The objective of this tutorial is to perform in-depth overview of IoTs, the architectures and design flow and evaluate the security requirements in design framework using threat models. Furthermore, the tutorial will investigate emerging hardware based security solutions to provide enhanced level of security and trust. 
Workshop
Internet of Things (IoT) and Automotive Security Workshop (IASW)
Enter the nascent era of the Internet of Things (IoT), where small embedded devices loaded with sensors collect information from their surroundings, process it and relay it to remote locations for further analysis. While IoT manufacturers are aware of the security implications, security in IoT devices is either neglected or treated as an afterthought. This is often due to the short time to market (TTM) and reduction of costs driving the device's design and development process. Furthermore, concentrating on the software-based protection schemes often leaves the hardware unintendedly vulnerable, allowing for new attack vectors on the hardware and the hardware-software interface. Overall, there is a lack of security-oriented IoT design methodologies dedicated to highly-secure IoT system deployment. To solve this problem, systematic analysis using standard assessment strategies and metrics on security and privacy concerns on IoT and automotive systems becomes a necessity. 
