The Annual IIoTSBOM event brings together local and international experts working on securing appliances and SBOMs. It is targeted to device manufacturers, system architects, application engineers and software developers, security engineers and security developers.

This event is free to attend, but requires pre-registration at least 2 weeks in advance due to space limitations.

Agenda :

09.30 welcome & registration

10.00 introductionary notes : Cybersecurity for devices challenges and opportunities, SBOM state of affairs by LSEC and Flanders Make. Is Zero Trust achievable?

by Ulrich Seldeslachts, CEO LSEC & Valentijn de Leeuw, Flanders Make

Cybersecurity in Industry state of the union, a perspective on current developments without fear uncertainty and doubt, indicating facts and developments. Putting the world of SBOMs and IIoTSBOM in perspective and indicating the need to consider both supply chain – manufacturers need to secure as well as the corporate end user, and their respective cybersecurity teams.

10.30 TrustedIoT – (and Zero Trust) – relation to IIoTSBOM – IIoT

by Prof Dr An Braeken (VUB)

The security of IoT (Internet of Things) is done at different levels, ranging from hardware over software to network communication. The Trusted-IoT project will mainly focus on security at the hardware level. Existing and new techniques for hardware-based security modules will be applied and evaluated on different types of IoT devices. Different aspects can be explored and will be presented

10.35 Secure execution for embedded environmental monitoring applications by Laurent Segers (VUB)

Embedded devices are gaining popularity and are increasingly used in many IoT applications. Newer generations of microcontrollers allow to provide these embedded systems more sensing and processing capabilities while operating on constraint energy budgets. This increased data gathering and processing inevitably leads to higher risks of data leakage and possible direct attacks on the embedded devices themselves.
In this talk we depict the use case of environmental monitoring to investigate the security mechanisms recently integrated into the silicon of newer generations microcontrollers. This includes secure communication between the IoT devices and the remote server and secure code execution (TrustZone).
The hardware and software development challenges will be highlighted, together with some opportunities and possible limitations.

10.55 Multi-Core RISC-V platforms, by Masoom Rabbani (KUL)

Does your product have multiple processors? Today, chances are that you have to answer “yes” to this question. If this is the case, how can you assert that none of these processors have been hacked?
In this talk the use-case of a drone is used as a vehicle to present our proposed solution.
With RISC-V implementations popping out in different forms and flavours, there typically is an implementation available for each processor in your product. In our solution we substitute every processor with one such RISC-V implementation. By implementing these RISC-V’s on a single FPGA only a single chip has to be attested.
One small RISC-V is added to attest the health of the entire FPGA. While doing so, every other processor on the FPGA is also attested. In the drone use-case, four electronic speed controllers are moved to the FPGA, one processor for communication is moved and one more high-end processor that serves as flight controller is also housed on the FPGA. Like this, attesting one FPGA gives a health status of the entire drone.

11.15h Coffee & Tea break

11.30h Trusted robotics in the field of quality assurance, by Benjamin Drost (GFAI)

The world becomes a little more interconnected with each passing day, and this trend extends to the industrial sector, where processes are monitored, and products are inspected for quality compliance.
In this presentation, we introduce a concept for a secure network composed of actuators and sensors, ensuring that their communication cannot be intercepted or altered. Each component is secured using Trusted Platform Modules (TPMs), and communication protocols are tunneled through a secure VPN network.
As a use case, we also explore various approaches to quality inspection using specific actuators and sensors.

11.50h Low-power FPGA-SoC-based secure mobile robot architecture, by Sergio Pertuz & Cornelia Wulf (TUD)

This presentation delves into the protection of hardware accelerators within untrusted environments and extends our focus to the incorporation of security features compatible with the Robot Operating System 2 (ROS2) through microROS, utilizing the FreeRTOS operating system. In our system, unauthorized access of software tasks to hardware accelerators is prevented, ensuring the security of critical components. The protection is focused on hardware accelerators that are used in a hardware / software codesign and accessed via AXI memory mapped interfaces.
Our solution builds upon the isolation mechanisms provided by the L4Re operating system framework, introducing a hardware task scheduler that operates within spatial and temporal constraints.

12.10 Protecting CGRAs with the HERA Methodology, by Johannes Knoedtel (BTU/Rostock)

This presentation delves into the protection of hardware accelerators within untrusted environments and extends our focus to the incorporation of security features compatible with the Robot Operating System 2 (ROS2) through microROS, utilizing the FreeRTOS operating system. In our system, unauthorized access of software tasks to hardware accelerators is prevented, ensuring the security of critical components. The protection is focused on hardware accelerators that are used in a hardware / software codesign and accessed via AXI memory mapped interfaces.
Our solution builds upon the isolation mechanisms provided by the L4Re operating system framework, introducing a hardware task scheduler that operates within spatial and temporal constraints

12.30 Lunch Break & User Group Session (during lunch)

13.15  European Cyber Resilience Act (CRA) impact for machine builders and technology producers introduction and status update – legislation requirements on Software Bill of Materials, by Bernd Fiten and Pedro Demolder (Time Lex)

Since the start of IIoTSBOM as an activity, we indicated the growing interest and importance of legal frameworks indicating requirements for the need of SBOMs. The European Commission started with the creation of the Cyber Resilience Act as the follow-up of the Cyber Security Act. During this talk, Pedro and Bernd will be putting the CRA into context and explaining its impact to device manufacturers in Europe.

Pedro Demolder is an IP/IT and data protection lawyer at Timelex, performing privacy and data protection (GDPR) compliance audits for SMEs and multinationals in various sectors. He assists clients in the implementation of data protection requirements in day-to-day activities, processes, and systems. He regularly advises clients on complex issues regarding data protection law, often at the crossroads of other domains such as online platforms, product manufacturing, and human resources. He drafts information notices for virtually any target audience and is very well acquainted with data processing, data exchange, and data sharing agreements.Pedro is also experienced in all matters relating to cybersecurity. He advises clients on the legal, technical, operational, and organisational aspects of information security and provides related trainings. Pedro assists clients with setting up data breach management procedures, notification procedures and processes, as well as contingency strategies.

Bernd Fiten is a lawyer who specializes in privacy and data protection law, e-commerce law, intellectual property law and general commercial law. Bernd helps clients with complying with European and Belgian data protection and cybersecurity legislation, such as GDPR, e-Privacy Directive, NIS Directive, etc. He also drafts and negotiates various types of IT contracts. He also advises clients on related domains such as electronic communication, electronic signatures, cookies, direct marketing, social media, biometrics, surveillance cameras, etc.Bernd is a member of the Dutch-Speaking Bar Association of the Brussels Bar since 2016 and a teaching assistant at CiTiP (KU Leuven). He has a master’s degree in Intellectual Property and ICT Law from the University of Leuven.

Following the introduction, a discussion on the impact of the CRA and its relation to the, expected baseline requirements and key learnings from SBOM deployments in relation with the current status of the legislation development stage will be held. 

14.15h European Cyber Resilience Act Discussion & interactions 

14.45h Coffee & Tea Break

15.00 SBOM Github workshop and continuation of User Group session – create your own SBOMs with Github – also for non programmers. Go home with your first SBOM!

You don’t have to be programmer to do this. Bring your own laptop would help. We’ll guide you through some basic programs, connect to some Github repositories and help you creating your own first SBOM.

16.00 Microsoft GitHub – SBOM developments introduction & workshop

by Justin Hutchings, Senior Director of Product Management Github (via Zoom)

During this session, we’ll take a deep dive into the Github SBOM developments tool, how to apply it, how to generate SBOMs, how they relate in perspective of others in the segment. The platform itself is relatively straighforward, but how will this evolve in the future according to Github. What are the experiences, best practices and insights into the list of vulnerabilities being exposed as a result. How can consumers now best use and apply the SBOMs for their developments. Join the discussion with Justin.

17.00h Closing notes, invitation to closing drinks in De Lodge (10-15 min walk across the park)

18.00h Close of event

Register on eventbrite to join in in person and get acquainted with your peers and our team of experts.

Location : Flanders Make, Gaston Geenslaan in Leuven.

or

Register now for this and other SBOM-related webinars and seminars.

During this in person event and webinar on November 16th from 9.30 – 5.30pm CET, we will be sharing some of our experiences and best practices on what we can learn from these developments.

Join in on this and up-and-coming monthly webinars on the topic.

The webinar is free to participate to, but limited in space to participate in so please

register via Eventbrite to join in, in person.

register to participate in the Zoom webinar.

Zoom Webinars Review

The session will be recorded and made available for further distribution after this session.ADD TO CALENDAR