Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Reasoning About IoT Trustworthiness

On September 13, 2018, NIST will host a workshop on methods and technologies for reasoning about IoT trustworthiness. The workshop will feature presentations and discussions about current research on the NIST Cyber-Physical Systems (CPS) Framework, Framework Modeling, and Formalizing Reasoning about CPS Models.

“Trustworthiness,” as defined in the CPS Framework, encompasses the concerns of security, privacy, safety, reliability and resilience, which are too often addressed separately and in isolation in risk management approaches. Therefore, activities intended to address one concerns may adversely impact activities to address one or more other concerns. (The overall concept of trustworthiness was introduced in the CPS Framework and further explored during a 2016 workshop, “Exploring the Dimensions of Trustworthiness: Challenges and Opportunities.”)

This workshop will extend the trustworthiness discussion by looking at topics related to design for, and study of, IoT trustworthiness. 

Consider, for example, one of the challenges associated with conceiving, designing, building, and assuring increasingly larger and more complex CPS and IoT systems—namely, requirements in CPS models can take many, apparently inequivalent, forms. Careful reasoning about these requirements and models, however, allows one to assess their logical equivalence and thus allows one to determine whether or not the CPS model meets the concerns of its stakeholders. This formalized reasoning approach can reveal dependencies and tradeoffs between concerns.


IoT Workshop

National Institute of Standards and Technology

Gaithersburg, MD

13 Sept 2018


Reasoning about IoT Trustworthiness


The requirements that make up the specification of a CPS or IoT system are numerous; composing independently constructed and verified systems reveals friction between concerns that arise from their assembly into a single system. Understanding requirements’ relationships to concerns about the system and their interdependencies can be a challenge. Leveraging their interdependencies however is a major opportunity. This workshop will review approaches, including tools, for understanding the interplay between the various concerns associated with CPS or IoT system trustworthiness.


“It’s tough to make predictions, especially about the future.”

Yogi Berra


Date: September 13, 2018

Location: West Square Room, Bldg. 101, NIST Gaithersburg, MD

Time: 8:30 AM to 4:30 PM



8:30 - 9am Registration and Introduction

9am to 10:30 Panel 1: Trustworthiness of IoT

Moderator: M. Burns

  • Martin Burns (NIST) - Introduction CPS Framework: IoT Foundations
  • Marcello Balduccini (St. Joseph’s) - Executable Models of IoT
  • Ed Griffor (NIST) - Trust vs. Trustworthiness
  • Jeffrey Caso (McKinsey) - Beyond Security
  • Discussion

10:30-11:00 -- Break

11:00am to 12:30pm – Panel 2: Reasoning for IoT Trust: Approaches and Applications. Moderator: E. Griffor

  • Thomas Heverin (Drexel University/NAVSEA) - Practical Applications of Reasoning in Cybersecurity
  • Joe Jarzombek (Synopsys) - Enabling Automated Digital re-Certification of Cyber-Physical Systems
  • Julien Touzeau (Airbus)
  • Claire Vishik (Intel) - Potential multi-disciplinary use cases
  • Discussion

12:30 - 1:30pm Lunch

1:30 to 3:00pm Panel 3:Reasoning as a foundation for multi-disciplinary studies. Moderator: C. Vishik

  • Sergey Bratus (DARPA and Dartmouth)
  • Katerina Megas (NIST) - IoT Security
  • Katie Boeckl (NIST) - Privacy Engineering
  • Ravi Jain (FAA)
  • Eric Osterweil (George Mason University)
  • Discussion

3:00-3:15pm -- Break

3:15 to 4:15pm – Panel 4 : Next steps (Selected participants from previous panels)

Moderator: M. Balduccini


Participants: 3 moderators of the previous panels, one representative from each panel.

  • Panel discussion reports, from the representatives
  • Questions will be distributed in advance as well as captured from the discussion during the previous panels

4:15pm: Closing, conclusions, adjourn



This workshop will be held in the West Square Meeting Room adjacent to the NIST Cafeteria in Bldg. 101. The NIST Cafeteria is open, for refreshments and meal service, between 11am and 3pm.




If you are not registered, you will not be allowed on site. Registered attendees will receive security and campus instructions prior to the workshop.

NON U.S. CITIZENS PLEASE NOTE: All foreign national visitors who do not have permanent resident status and who wish to register for the above meeting must supply additional information. Failure to provide this information prior to arrival will result, at a minimum, in significant delays in entering the facility. Authority to gather this information is derived from United States Department of Commerce Department Administrative Order (DAO) number 207-12. 

*New Visitor Access Requirement: Effective July 21, 2014, Under the REAL ID Act of 2005, agencies, including NIST, can only accept a state-issued driver’s license or identification card for access to federal facilities if issued by states that are REAL ID compliant or have an extension. As of Monday, January 30, 2017, Federal agencies will be prohibited from accepting driver’s licenses and identification cards from the following states for accessing federal facilities: Maine, Minnesota, Missouri, Montana and Washington. For further details, please visit:

Acceptable Photo Identification:
For Non-US Citizens: Valid passport for photo identification
For US Permanent Residents: Permanent Resident/Green card for photo identification

Created July 27, 2018, Updated September 12, 2018