SoS quarterly Science of Security Lablet meeting at UMD

Lablets meet to provide research updates about SoS Hard Problems

College Park, MD

October 27, 2015

The SoS quarterly Science of Security Lablet meeting, sponsored by NSA, was hosted by the Lablet at the University of Maryland (UMD) on October 26 and October 27, 2015.  Jonathan Katz, Principle Investigator at UMD, hosted the event. Each Lablet and NSA provided speakers. They shared current research, presented interim findings, and stimulated thought and discussion about the Science of Security.  A panel discussed progress in addressing the hard problems of cyber security.

Gil Nolte, Director, Trusted Systems Research at NSA, described the meeting as “an opportunity to share perspectives between NSA and the Lablets” and as a “mechanism for sharing and for increasing opportunities for dialogs to share and advance scientific research.”   He cited the volume of articles which have come out of the Science of Security project now posted on the CPS-VO web page—more than 250.  He further addressed the importance of continuing to find ways to address the five cybersecurity Hard Problems: scalability and composability, policy-governed secure collaboration, predictive security metrics, resilient architectures, and human behavior.

A panel of leading researchers from the four Lablets provided an update on their views of the progress being made to solve the five hard problems.  Comparing the state of scientific knowledge prior to the Lablet program to the current state, they concluded that definite progress is being made.  Scientific rigor, measurement, better definition and precision, and a better answer to the question “what do we have to show for all this work?”  have come about.

Dave Nicol, UIUC, described progress for resilience as growing from the absence of precise specification to precision in specification, including system properties of affordability, safety, usability, and scalability.  Michael Maass, CMU, described progress in composability.  Attack surface analyses , he said, now involves new linear-complexity approach where previous approaches had combinatorial complexity and that we now have coverage-based attack surface approach for translating resource-constrained attack analysis to detectors/filters and  scalable graph-based analysis for finding insider threats.  Tudor Dumitras, UMD, and Laurie Williams, NCSU, offered further insights.

Individual research presentations included multiple papers by each presenter.  Dr. John S. Baras, UMD, presented a trio of works on “Trust, Mistrust, Recommendation Systems and Collaboration.”  Özgür Kafali, NCSU, offered a two part presentation on human behavior and policy titled “Policy Governance via Social Norms.”    CMU’s Michael Maass discussed sandboxing as a major focus area for research and focus.  [Synopses of all of the presentations are provided in a companion article.]

Yule Williams, NSA’s NTOC Technical Director, provided an unclassified overview from the operational cybersecurity perspective.  Describing his organization as “retail” cyber knowledge he defined “success” in the cyber domain as maintaining one’s mission in the face of threats.  The goal, he says, is to end up in a space where the threat can be dealt with. Since forensics is too late, the goal should be to predict the threat instead of being reactive and trying to learn what the signs are in various domains to indicate an emerging threat. 

The next quarterly meeting will be held February 2 and 3, 2016 at North Carolina State University.