Grant Call 2a:
Trustworthy Computing for Secure Smart Nation Grant

NSOE-TSS Grant Call 2020: Trustworthy Computing for Secure Smart Nation Grant
Issued by National Satellite of Excellence in Trustworthy Software Systems

Overview

The National Satellite of Excellence in Trustworthy Software Systems (NSoE-TSS) is soliciting innovative research proposals in trustworthy computing for a secure Smart Nation. Up to four projects will be funded with a quantum of approximately SGD $500,000 and a duration of up to 2.5 years. The topics of interest for this grant call are intended to be broad, and cover secure and trustworthy computing in the context of smart systems and applications, including autonomous vehicles, drones, artificial intelligence, Internet-of-Things (IoT), cyber physical systems, sensor networks, machine learning, big data, Artificial Intelligence (AI), fintech, and other related domains.

In addition to high quality research, projects ought to clearly demonstrate a pragmatic contribution towards the advancement of Singapore as a secure Smart Nation. As such, projects ought to have a direct pathway to translation and deployment, as well as demonstrate the customization and application of trustworthy software to the relevant industry sectors. For example, to foster strong collaboration between research and practice, one of the co-PIs of a successful project could be a member of the relevant industry/agency.

The grant call will have two phases. The first phase will proceed as a conventional grant call where approximately four submitted proposals will be selected for funding. In the next phase, one of the four projects will be taken to greater maturity/deployment with an additional round of funding of up to SGD $1,000,000. More details will be announced at a later date.

Background and Challenges

The Smart Nation initiative aims to use technology to empower citizens and businesses to seize new opportunities in the digital economy, as well as enabling significant improvements on how we live, work and play. A Smart Nation is one that harnesses core technologies, such as autonomous vehicles, Internet of Things (IoT), digitalization, sensor networks, big data, machine learning, and to use these technologies to address key national challenges in the areas of health, education, transport, urban solutions, finance, and other application domains. More information about Singapore’s Smart Nation vision can be found here:

The Smart Nation --- Transforming Singapore through Technology

As Singapore continues with its transformation into a Smart Nation, the need to build certified trustworthy software systems to control homes, offices, transport systems, urban spaces, schools, hospitals and other environments is of paramount importance. New technology also means new threats, and new opportunities for cybercriminals and other malicious actors to cause disruption, tampering, hijacking, espionage, breach privacy, fraud and theft. Security and trustworthy software is one of the key enablers for a Smart Nation.

As technology becomes ubiquitous so do the threats. We must recognise potential risks and safeguard key critical systems and networks even as we make them smart. The software the drives smart devices and smart systems must be trustworthy, and secured against external and internal threats. Such trustworthy software is crucial for many sectors of the smart digital economy, including autonomous vehicles, drones, cyber physical systems, and financial institutions. These applications have a wide reach and share many common characteristics, such as:

Each application contains multiple heterogeneous computing components, such as physical and internet-of-things (IoT) devices. The computational hardware and software embedded in these physical devices is highly diverse in nature.
The physical devices in smart systems are often connected among themselves via an internal network. These devices may also be connected to the external cyberspace in order to enable the human user to manage and control such devices from anywhere around the world. Secure apps are required to control these devices.

The technical challenges related to the design and implementation of resilient trustworthy software for smart systems are manifold. A typical application domain will consist of a mix of both common and unique cyber security challenges, and the interactions between components can be diverse and highly complex by nature. Nevertheless, such challenges must be addressed for the advancement of Singapore as a secure Smart Nation.

Some examples of broad application domains of interest for the grant call are provided below. The examples include Internet of Things (IoT) for smart homes, sensor networks for public spaces, and cyber physical systems. The list is not meant to be exhaustive, and grant applicants are encouraged to consider these and related application domains, or to study specific challenges from a single domain.

Trustworthy Software for the Internet of Things (IoT) for Smart Homes

The rise of the Internet of Things (IoT) and a Smart Nation go hand-in-hand. Ever decreasing hardware costs and increased network connectivity means that various home appliances (lighting fixtures, air conditioners, home security cameras, etc.) can be made "smart" for the modern smart home. Smart devices can also be used for new applications, such as voice activation and monitoring for elder care.

However, the rapid growth of Internet of Things (IoT) means that proper attention to important issues such as security and privacy may be neglected. This is especially troubling, given that the scope and size data collected by IoT devices makes for a very big and attractive target, and this poses a significant privacy concern. IoT devices also represent a large attack surface that infiltrates deep into homes and businesses. As with more conventional computer systems, IoT devices can be vulnerable to malware, botnets, ransomware, and other types of malicious interference. In one extreme, a network of IoT devices may be completely taken over, allowing for devices to be used for denial of service (DoS) attacks, steal sensitive data, or to hijack control over IoT-control physical devices or smart components.

For example, the infamous Mirai malware can infect consumer devices IP cameras and home routers running the Linux operating system. The malware turns these devices into remotely controlled bots that can be used to launch network-based attacks. The growth of IoT means that this and similar attacks will become increasingly impactful. In the absence of reliable monitoring and regular security maintenance, attacks may not be detected until it is too late, or may not be noticed at all.

Given the diversity of manufacturers, applications and environments, enforcing the security of IoT devices is particularly challenging. There is no one recognised standard for the security certification of IoT devices, making the compliance landscape murky. In general, IoT devices ought to be resilient in the face of a hostile environment, where edge components are assumed to fall into adversarial hands.

Vendors of IoT devices may claim one or more properties such as system integrity, resilience against classes of software defects, conformance to a given state machine, privacy, or a lack of undeclared management interfaces. However, such claims may not be discoverable or backed by evidence. Researchers may propose techniques to validate claims in the absence of specific vendor support. Typical verification tasks may include:

Task/context/thread recovery for further static analysis.
Interrupt handler dataflow recovery.
General dataflow source and sink detection, dataflow recovery across threads/interrupt context
Rewriting of binaries for runtime instrumentation to verify vendor conformance claims

Trustworthy Software for Smart Sensor Networks for Public Spaces

Sensor networks provide the means to gain awareness of our surroundings using data collected through a mesh of sensors. Sensors are integrated into, or paired with, network connected smart devices that can communicate information to one or more collection nodes. Sensor networks will continue to be deployed in public spaces as part of the Smart Nation initiative. Applications include real time decision making during events or emergencies.

As sensor networks are deployed, security becomes a concern. Sensor networks are vulnerable to eavesdropping, disruption and hijacking. Eavesdropping can leak data as it is sent from a sensor nodes to aggregation points, and information can be gained either passively or by actively spoofing messages. Disruption usually takes the form of a denial-of-service (DoS) attacks, either in the routing, link or transport layers. For example, a link-layer DoS may take the form of a radio frequency jamming attack that interferes with the transmission of messages for wireless sensor networks. Cross-layer DoS attacks are also possible, such as the malicious broadcast of a high-power packets in the hope that most or all nodes will connect. Sensor networks may also be vulnerable to hijacking in the form of Sybil attacks, where an attacker impersonates nodes and illegitimately takes on multiple identities. This may allow an attacker to manipulate, corrupt, or control network data, or lead to denial of service in the form of disconnections.

Power, environmental and application-specific constraints can make sensor network security cumbersome. The implementation of the security mechanism must be tightly integrated into every component of the sensor network. The security policies must be implementable and enforceable in an environment where low power consumption is of utmost importance.

Trustworthy Software for Smart Cyber Physical Systems

Cyber physical systems (CPS) exist as the interaction between the physical and cyber worlds. On one hand is the physical world, with sensors, motors, actuators, robotics, and on the other hand is the cyber world, which processing, artificial intelligence, networking and control systems. Given the physical and sometimes safety critical nature of cyber physical systems, security and trustworthy software is of utmost concern. CPS are also diverse by nature, and include applications such as robots, manufacturing and (semi-)autonomous vehicles, each with differing security and certification requirements. For example, autonomous vehicles are both safety critical, and may rely on a complex multi-loop interaction of both physical and cyber components, including artificial intelligence (AI) systems, and numerous inputs (vision) and outputs (vehicle response). Typical CPSs contain many moving parts (sometimes literally), which present unique challenges in the domain of trustworthy software systems. Others may incorporate networking leaving the system vulnerable to network-based attacks, including denial-of-service and eavesdropping. Others may incorporate machine learning and deep neural networking components, which present their own unique cybersecurity challenges.

The prevention, detection, and resilience of cyber physical systems is a key concern for a secure Smart Nation. The key challenge is how to understand and model the complex interactions between the cyber and physical worlds, allowing for a better understanding of the consequences of attack, design new detection algorithms, and design trustworthy algorithms and architectures to meet these challenges. Even specific components of CPSs, such as networking or AI, may be vulnerable to attack, and proposals that aim to harden specific elements or interactions are welcome.

Project Scope and Topics

This grant call encourages diverse and innovative proposals for development and deployment of tools and services to certify the security and resilience of embedded software systems, or the development and deployment of trustworthy software systems to enable certification for the advancement of a secure Smart Nation. Grant applicants are encouraged to study these or other relevant challenges, including but not limited to:

Energy management in devices without compromising security
Software testing, inspection and certification (e.g. post-crash analysis techniques, binary re-writing and instrumentation with minimal impact)
IoT devices, Drones and autonomous vehicles
Secure mobile apps to control devices
"Bring your own device" (BYOD) issues
Intelligent control systems for devices
Tamper-resistant devices
IoT security architecture and standards
Vulnerability assessment and penetration testing of IoT devices and environments (e.g. Medical IoT, Industrial IoT)
Secure protocols for networked devices and solutions to improve IoT network security
Hardened industrial devices to detect malicious events in sensor and control data in critical infrastructure
Software defined security and zero trust networks
Integrated security orchestration, automation and response for cyberphysical systems, IoT, IT and other emerging technologies
Governance and policy issues (e.g. cybersecurity governance, risk and compliance tools for IoT, 5G, OT)
Next generation connectivity
Infrastructure for the digital economy
Drones and autonomous vehicles
Smart sensor networks
Wearable devices or smartphones
Physical infrastructure augmentation
Confidential computing for better cloud security
Big data (e.g. Privacy preservation amidst dynamic data sharing, Intelligent analytical tools that correlate multiple events over time at a large scale)
Fintech (e.g. secure app development and payment, identity access management, addressing threats to mobile and application security and privacy)

The grant call is intended to be very general, and any proposal relating to trustworthy software systems in the context of a Smart Nation are welcome, even in other areas not explicitly listed above.

Grant Eligibility

The grant call is open to all researchers from a publicly-funded Singaporean Institute of Higher Learning (IHL) or Research Institution (RI). Each proposal submission must have a Principal Investigator (PI) who is a full-time researcher (or part-time with at least 75% appointment) at publicly-funded Singapore based IHL/RI. Grant applicants must meet the following requirements to be eligible for funding under the grant call:

Evidence of pathway to deployment of proposed research is essential. This includes, but not limited to, deployment in industry or a Singaporean company.
Each team must have a PI from an IHL/RI and may have a co-PI from the corresponding industry sector / agency.
External collaborators are allowable and are not restricted to any category, but are not eligible to receive any funding.
All project work must be done in Singapore, unless expressly approved by the NSoE-TSS.
Proposals already funded by other funding agencies are not eligible for funding under this grant call.

Submission

Grant applicants shall submit the full proposals by the specified deadline through the online submission site at https://cmt3.research.microsoft.com/TCASSN2020. Submissions are online only. Hardcopy or e-mail submissions will not be accepted. The typical project duration is 2 - 2.5 years.

All relevant sections in the online submission form should be filled out. These documents are required as attachments:

• Full Proposal in PDF format

• Budget, Objectives, Deliverables, KPIs, Gantt Chart in MS Excel document

• Slide deck of 5 slides explaining significance of work proposed in PDF format

The full proposal and budget should be prepared according to the templates provided. All fields and spreadsheets are required to be filled in. The full proposals should contain all relevant information required for a proper and complete evaluation of their merits without the need to go back to applicants for additional information. The applicants may be contacted during the submission and evaluation period to request clarifications or additional supporting documents.

Please download the following templates for the submission of the grant documents:

• Proposal Template

• Budget, Objectives and Deliverables, Performance Indicators, Gantt Chart Templates

Shortlisted applicants will be asked to make presentation to the Evaluation Committee in July.

For further enquiries, please write to nsoe-tss@comp.nus.edu.sg

Important Dates

Submission Opens: 7th January 2020

Submission Closes: 6th May 2020, 11:59pm Singapore time. Short-listed grant applicants will be asked to make a presentation during the evaluation period.

Presentation of shortlisted proposals to Evaluation Committee: 20th July 2020

Notification: By 7th August 2020. Successful applicants are to submit final proposals within 14 days of notification.

Grant Award: By 1st September 2020

Project Starts: 1st October 2020. Award acceptance and research collaboration agreements must be signed before the project start date.

Guide on Project Cost Items and Budget Preparation

The budget of the projects to be submitted should be between SGD $400,000 and SGD $600,000. A typical project quantum is SGD $500,000 for a period of 2 years or 2.5 years.

This grant call will provide the funding support of approved qualifying direct costs and 10% of indirect costs of a project. The purchase of additional equipment or the hiring of new manpower is not allowed 6 months before the project completion date.

In addition to the standards specifically stated herein, expenses must be reasonable and comply with the internal guidelines of the respective organization (company/institution/agency) that is consistently applied regardless of the source of funds, for a given category of expenditure.

Additional Funding

One year after the projects are funded for the first phase, a research challenge will be conducted where the winning teams will appear before a panel and explain how the deployment of their findings add social / commercial value to Singapore from the perspective or vision of secure smart nation. Only the winning teams in the first phase of Grant call 2 will be invited to submit proposals in the second phase of Grant Call 2. One of these winning teams will be deemed the winner of the research challenge. They will proceed to the next phase with an additional grant amount of up to SGD $1,000,000 funding to deploy their research results in a concrete set-up.

Details will be announced at a later date.

1. FUNDABLE DIRECT COSTS

1.1. Manpower Related Expenses

Type of Expenses: Salaries

Allowable Costs: Basic salaries, and 13th month annual wage supplement (AWS) as well as employer’s contribution to CPF on basic salaries and AWS of supportable personnel. Supportable personnel are defined as those who are (i) directly involved in the R&D project, (ii) full-time permanent employees of the companies/IHLs/RI and (iii) tax residents in Singapore. Fractional charging for staff costs based on time commitment to the project must be practiced. Grant should support EOM costs and related benefits (as per employment contract) as long as it is in line with the consistency applied IHLs/RIs’ HR policies.

All other costs related to manpower / remuneration are excluded.

1.2. Equipment and Technical Software Related Expenses

Type of Expenses: Equipment and software purchase

Description: Only costs incurred in the purchase of new equipment approved by the NRF through the NSOE-TSS for the purpose of this grant can qualify.

All other costs will be excluded.

1.3. OOE – related expenses and Overseas Travel Related expenses

Type of Expenses: Travel & COLA

Description: Travel and COLA for overseas conferences directly relevant to the research area outlined in the project and necessary to accomplish project objectives. All travel must align to the existing and consistently applied Company or IHL/RI’s travel policies regardless of the source of funds.

All other costs will be excluded.

2. NON-FUNDABLE DIRECT COSTS

2.1. EOM Related Expenses

Type of Expenses: Principal Investigators/ Co-Investigators/ Programme Managers EOM Cost and Overtime

Description: Not allowable.

Type of Expenses: Staff Insurance

Description: Not allowable unless they are incurred under an established and consistently applied policy of the Company or IHL/RI. Company or IHL/RI may be requested to certify that such payments are in accordance with its established policy or on the same terms as the other staff.

Type of Expenses: Unconsumed leave

Description: Provision for unconsumed leave is not allowable.

Type of Expenses: Student Assistants / Interns

Description: Not allowable for students who are recipients of existing awards (or stipends) or students who are not residents of Singapore. For IHL/RI, only full-time students enrolled in local institutes of higher learning qualify to be supported as a student assistant/ intern.

2.2. Equipment Related Expenses

Type of Expenses: General Policy

Description: No purchase of equipment is allowed unless specifically provided for in the grant and approved by NRF through the NSOE-TSS. The procurement of such equipment must be made according to the formal established and consistently applied policies of the Company or IHL/RI. The invoices for all claims must be dated before the end of the Term.

Type of Expenses: Cost of capital works and general infrastructure, general purpose IT and communication equipment, office equipment, and furniture and fittings

Description: Not allowable under direct costs, unless specifically provided for in the grant and approved by NRF through the NSOE-TSS. Examples of such costs are computers, office productivity software, PDAs, mobile phones, photocopier machines, workstations, printers etc.

2.3. OOE Related Expenses

Type of Expenses: General Policy

Description: Not allowable for expenses that are not directly related to the Research. All procurement of such items must be made according to the formal established and consistently applied policies of the Company or IHL/RI.

Type of Expenses: Visiting Professors/Experts

Description: Not allowable unless specifically provided for in the grant and approved by NRF through the NSOE-TSS. The visiting professor must be identified and his/her contribution to the project must be clearly defined and described in the proposal.

Type of Expenses: Audit Fees

Description: Not allowable. This includes both internal and external audit fees.

Type of Expenses: Entertainment & refreshment, Fines and Penalties, Legal Fees and Staff retreat

Description: Not allowable.

Type of Expenses: Overhead Expenses

Description: Not allowable unless specifically provided for in the grant and approved by NRF through the NSOE-TSS based on the nature of the research. This includes rental, utilities, facilities management, telephone charges, internet charges, etc.

Type of Expenses: Patent Application

Description: Not allowable. This includes patent application filing, maintenance and other related cost.

Type of Expenses: Professional Membership Fees

Description: Not allowable. This applies to PI and Co-Investigators as well as all research staff funded from the grant.

Type of Expenses: Software

Description: Not allowable under director cost unless specifically provided for in the grant and approved by NRF through the NSOE-TSS.

Type of Expenses: Professional Fees (including fees to consultants)

Description: Not allowable unless specifically provided for in the grant and approved by NRF through the NSOE-TSS.

2.4 Overseas Travel Related Expenses

Type of Expenses: General policy

Description: Not allowable unless specifically provided for in the grant and approved by NRF through the NSOE-TSS. All travel must be by Economy Class airfare and for all other travel-related claims be aligned with existing and consistently applied institutions’ travel policies regardless of the source of funds. Support for the total travel expenses is capped at S$18,000 per year.

Type of Expenses: Meeting Overseas Collaborator

Description: Not allowable for students.

Type of Expenses: Local and Overseas Conferences

Description: Not allowable, unless directly required for the research and specifically provided for in the grant and approved by NRF through the NSOE-TSS. Conference participation should be directly relevant to the research area outlined in the project and necessary to accomplish project objectives. Not allowable for students, unless they are PhD students who are presenting papers for the project. Not allowable for collaborators. Overseas travel is capped at S$6,000 per PI per trip, capped at S$18,000 per year (for the entire project).

For any cost items that are not listed above, research institutions should consult NCR Directorate, as prior approval will be required.

2.5 Research Scholarship