The software and systems on which we depend are not formed completely by the organizations which created them, instead, they are assembled from a variety of pre-existing subcomponents created by disconnected actors operating within a complex supply chain. Any analysis of computing system security and privacy is incomplete without an understanding of this supply chain of both ephemeral and physical components that comprise computing systems on which we depend. Frailties existing at any one of the manifold nodes in the supply chain can have downstream effects both directly and indirectly to the security and resiliency of the assembled computing system.


This workshop seeks to gather case studies, empirical analysis, and research focused on understanding potential threats to the computing system supply chain, both hardware and software, and their future mitigation. This workshop will, through panels of noted experts, invited and paper presentations, provide case studies for improving policy and practices, as well as promising research and tools to address this national challenge.


The Cyber Resilient Supply Chain Technologies (CReSCT) Workshop will explore research and case studies to characterize, measure and enhance supply chain security for computing systems. Participants will consist heavily of academic and industry researchers but are also expected to include researchers from the National Laboratories and government agencies with a supply chain risk management mission related to computing systems.


Research advances presented at the workshop may help industry and government make powerful impacts to mitigate existing computing system supply chain vulnerabilities.

Workshop Format

One author of each accepted paper is expected to present the paper at the workshop. The format will be traditional conference-style research presentations with questions from the audience. Interactive and engaging presentations are welcomed.

Following notification to authors, more information will be provided regarding speaking times and other details. Accepted papers will be made available on the workshop web site. Authors are free to submit work appearing in CReSCT20 to other venues following the workshop (including extended versions of their short CReSCT work based on feedback received at the workshop), subject to those venues' restrictions.

Instructions for Submission

For consistency, many aspects of these instructions are drawn from the co-located IEEE Symposium on Security and Privacy guidelines.


To be considered, papers must be received by the January 20, 2020 submission deadline. Extensions will not be granted. Submissions must be original work and may not be under submission to another venue at the time of review (but as mentioned above, work may be submitted to other venues following the workshop).

Page Limit and Formatting

Submitted papers must be no longer than eight pages, including all figures. References and appendices will not count towards this limit, but reviewers are not required to read appendices.


Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8. Submissions may be automatically checked for conformance to these requirements. Failure to adhere to the page limit and formatting requirements are grounds for rejection without review.


Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader 9 and when printed in black and white.

Conference Submission Server

Papers must be submitted to the CReSCT submission site and may be updated at any time until the submission deadline. During the submission process, you will be asked to supply information regarding potential conflicts of interest of the paper's authors with program committee members. The review process is single-blind.

Publication and Presentation

Authors are responsible for obtaining appropriate publication clearances. Final versions of papers should include sources of funding. One of the authors of the accepted paper is expected to present the paper at the conference.


For any questions, contact the workshop co-chairs at: CReSCT@inl.gov






Zachary Tudor

Idaho National Laboratory


David Nicol

University of Illinois at Urbana Champaign

Program Committee

Charmaine Sample

Idaho National Laboratory

Program Committee

Michael Haney

University of Idaho


Program Committee


Charmaine Sample (Chair)

Idaho National Laboratory

Michael Haney (Co-Chair)

University of Idaho

Wayne Austad

Idaho National Laboratory

Nicole Beebe


Matt Bishop

University of California - Davis

Mike Borowczak

University of Wyoming

Hugh Boyes

University of Warwick

Ed Colbert

Virginia Tech

Brandon Eames

Sandia National Laboratory

Allan Friedman

National Telecommunications & Information Administration

Clemente Izurieta

Montana State University

Connie Justice


Larry Leibrock

Idaho State University

Lee Lerner

Georgia Tech

Sin Ming Loo

Boise State University

Art Manion


Sean Peisert

University of California - Davis

JV Rajendran

Texas A&M University

Indrajit Ray

Colorado State

Craig Rieger

Idaho National Laboratory

Tim Roxey

Formerly with NERC

Greg Shannon

Carnegie Mellon University

Jessica Smith

Pacific Northwest Laboratory

Angelos Stavrou

George Mason University

Ben Turnbull

University of New South Wales

Tim Watson

University of Warwick

Dongyan Xu

Purdue University