1st Workshop on Cyber-Security
Arms Race (CYSARM)
November 15, 2019
Venue: Hilton London Metropole
225 Edgware Road, London, UK

Thank you for your participation!

Programme for CYSARM 2019

15th November 2019, London UK

Time Title & Authors
[07:30-09:00] Breakfast & Registration
[09:00-09:05] Welcome and Introduction
  Keynote Talk
[09:05-10:00] "Winning Against any Adversary on Commodity Computer Systems"
Virgil Gligor (CMU)
[10:00-10:45] Coffee Break
  Session 1: Trustworthy Computing  |  Session chair: Alessandro Carrega (CNIT)
[10:45-11:10] "Bootstrapping Trust in a “Trusted” Virtualized Platform"
Hagen Lauer (Monash University), Amin Sakzad (Monash University), Carsten Rudolph (Monash University), Surya Nepal (CSIRO's Data61) | [ Slides ]
[11:10-11:35] "A Framework for Efficient Lattice-Based DAA"
Vadim Lyubashevsky (IBM), Anja Lehmann (IBM), Liqun Chen (University of Surrey), Nada El Kassem (University of Surrey) | [ Slides ]
[11:35-12:00] "hTPM: Hybrid Implementation of Trust Platform Module"
Justin Kim (Microsoft), Evan Kim (Tesla)
[12:00-14:00] Lunch Break
  Panel Discussion
[14:00-15:00] "Trade-offs in Cyber Security: what is the cost of security?”
Moderated by Chris Mitchell.
  • Pino Caballero-Gil (University of La Laguna)
  • Virgil Gligor (CMU)
  • Daniel Gruss (Graz University of Technology)
  • Joseph Liu (Monash University)
  • Francois-Xavier Standaert (UC Louvain)
[15:00-15:45] Coffee Break
  Session 2: Vulnerability Management and Security Analysis  |  Session chair: Liqun Chen (University of Surrey)
[15:45-16:10] "Secure Zero-Day Detection: Wiping Off the VEP Trade-Off"
Mingyi Zhao (Snap Inc.), Moti Yung (Google)
[16:10-16:35] "Short Paper: Data Log Management for Cyber-Security Programmability of Cloud Services and Applications"
Alessandro Carrega (CNIT), Matteo Repetto (CNIT) | [ Slides ]
[16:35-16:45] Best Paper Award received:
"Bootstrapping Trust in a “Trusted” Virtualized Platform"
Hagen Lauer (Monash University), Amin Sakzad (Monash University), Carsten Rudolph (Monash University), Surya Nepal (CSIRO's Data61)
[16:45-17:00] Closing Remarks

Proceedings of the 1st ACM Workshop on Workshop on Cyber-Security Arms Race

CYSARM'19 proceeding - Open Access

Keynote Talk

Virgil Gligor, Carnegie Mellon University

Title: Winning Against any Adversary on Commodity Computer Systems

Abstract: The axioms of insecurity on commodity computer systems suggest that an adversary will have an asymmetric advantage over any defender “forever.” This implies that the defender-adversary arms race on such systems always favors the adversary, as often emphasized by conventional security wisdom. In this presentation, I illustrate how a defender can win against any adversary by establishing root of trust on a commodity system unconditionally; e.g., without any tradeoffs. Then I will show how to maintain the defender’s advantage in protecting selected applications, and explain why this is still uncommon on commodity systems.

Virgil D. Gligor is a Professor of ECE at Carnegie Mellon University. His research interests have ranged from access control mechanisms, penetration analysis, and denial-of-service protection, to cryptographic protocols and applied cryptography. Gligor was an Associate Editor of several ACM and IEEE journals and the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of the ACM SIG on Security Audit and Control, and the 2013 Technical Achievement Award of the IEEE Computer Society. He was also inducted into the National Cyber Security Hall of Fame.


General Chairs:

Program Co-Chairs:

Program Committee:

  • Martin Albrecht (Royal Holloway, University of London)
  • Frederik Armknecht (University of Mannheim)
  • Tassos Dimitriou (Department of Computer Engineering at Kuwait University)
  • Peter Y A Ryan (University of Luxembourg)
  • Pierre-Alain Fouque (Université de Rennes)
  • Andrea Höller (Infineon AT)
  • Linzhi Jiang (University of Surrey)
  • Ghassan Karame (NEC Research Labs, Germany)
  • Ioannis Krontiris (Huwaei Technologies, Germany)
  • Mark Manulis (University of Surrey)
  • David Oswald (University of Birmingham)
  • Thomas Poeppelmann (Infineon Technologies AG)
  • Matteo Repetto (CNIT)
  • Mark D. Ryan (University of Birmingham)
  • Riccardo Sisto (Politecnico di Torino)
  • Christos Xenakis (University of Piraeus)
  • Oriol Farras Ventura (Rovira i Virgili University)
  • Melek Oenen (EURECOM)

Call for Papers (Closed)

Important Dates

  • Submission deadline: 22 July 2019, 11:59 PM (AoE, UTC-12) [Extended]
  • Notification of acceptance: 9 August 2019 [Extended]
  • Camera-ready papers: 30 August 2019 (hard deadline)
  • Workshop date: 15 November 2019
Call for Papers (PDF)


Cybersecurity is a complex ecosystem that is based on several contradicting requirements. For this reason, it is often defined as an arms race between attackers and defenders: for example, when a new security model or algorithm is devised, it could act as a double-edged sword since it might both enhance the security posture of a system and introduce additional vulnerabilities. Similarly, many of the novel technological solutions that are used to improve the security of systems and networks are also being used by those who wish to threaten well-established algorithms and protocols. For example, it is already known that when large-scale quantum computers become available they will be able to break almost all the public-key cryptographic algorithms currently in use. Security is also about balancing several trade-offs, e.g. security vs privacy, security vs trust, security vs usability, security vs cost, research vs standardization, academic research vs real applications, just to name a few. For example, while artificial intelligence provides the ability to efficiently analyse massive data streams to detect patterns of anomalous behaviour, it also threatens user privacy by enabling the analysis of individual behaviours, and democratic government by subverting opinions via electronic media. Likewise, the use of trustworthy computing and trusted hardware: while it fortifies systems by providing stronger security and operational assurance guarantees, it also allows attackers to perform stealthy attacks and could be used to damage user privacy. The goal of CYSARM workshop is to foster collaboration and discussion among cyber-security researchers and practitioners to discuss the various facets and trade-offs of cybersecurity and how new security technologies and algorithms might impact the security of existing or future security models.

Topics of Interest

Topics of interest include but are not limited to:

  • Arms races and trade-offs in cyber-security (e.g., attackers vs defenders, security vs privacy, security vs trust, security vs usability, etc.)
  • Double-edged sword techniques in cyber-security (e.g., artificial intelligence)
  • Impact of quantum computing on cyber-security (not limited to cryptography)
  • Intrusion detection and evasion, and counter-evasion (also applied to malware analysis)
  • Next-generation trustworthy computing security solutions and attacks (e.g., TPMs, TEEs, SGX, SE), and their impact
  • Novel attacks and protection solutions in mobile, IoT and Cloud
  • Security analysis of protocols, including use of formal techniques
  • Standardization of cyber security and trust techniques
  • Validation of cyber-security technologies
  • Post-quantum cryptography and advanced cryptographic techniques (e.g., homomorphic encryption, secure multi-party computation and differential privacy)

Submission Guidelines

We invite the following types of papers:

Regular paper submissions should be at most 12 pages in double-column ACM format including the references and appendices (the latest sigconf template is available at: https://www.acm.org/publications/proceedings-template -- authors should not change the font or the margins of the ACM format). Regular papers should describe original work that is not previously published or concurrently submitted elsewhere.
The workshop will also consider short research paper submissions of up to 6 pages, using the same template. Research papers aim at fostering discussion and collaboration by presenting preliminary research activities, work in progress and/or industrial innovations. Research papers may summarize research results published elsewhere or outline new emerging ideas.

Submissions must be anonymous, and authors should refer to their previous work in the third-person. Submissions must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Submissions are to be made on EasyChair. You will be requested to upload the file of your paper (in PDF format only). Submissions not meeting these guidelines risk rejection without consideration of their merits. Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees. Papers will be included in the ACM Digital Library, with a specific ISBN. Each accepted paper must be presented by an author, who will have to register by the early-bird registration deadline.

Submissions are to be made on EasyChair at:




- FutureTPM (GA: 779391)
- PROMETHEUS (GA:780701)
- ASTRID (GA: 786922) and
- PAPAYA (GA: 786767) projects.
All projects have received funding from the European Union’s Horizon 2020 research and innovation programme under the above-mentioned grant agreement numbers.