Goals of the Science of Security Virtual Organization
The President’s plan for Federal cybersecurity research and development includes as one of only four thrusts the research to develop a “science of security” that would provide first principles and the fundamental building blocks for security and trustworthiness. It further recognizes that the multi-dimensional nature of the problem will require contributions from biology, economics and other social and behavioral sciences in addition to the traditional disciplines of mathematics, computer science, and electrical engineering. Numerous activities have been initiated across government, academia, and industry to advance the development of such a science. This Science of Security Virtual Organization is established through the collaboration of Federal Agencies to provide a focal point for security science related work and to facilitate the creation of a collaborative community to advance security science.
About Science
Security science is taken to mean a body of knowledge containing laws, axioms and provable theories relating to some aspect of system security. Security science should provide an understanding of the limits of what is possible in some security domain, by providing objective and qualitative or quantifiable descriptions of security properties and behaviors. The notions embodied in security science should have broad applicability - transcending specific systems, attacks, and defensive mechanisms. The individual elements contained within security science should contribute to a general framework that supports the principled design of systems that are trustworthy, they do what people expect it to do – and not something else – despite environmental disruption, human user, and operator errors, and attacks by hostile parties. Trustworthy system design may include contributions from a diverse set of disciplines including computer science, systems science, behavioral science, economics, biology, physics, and others. The definition of security science itself is not considered settled.
National Security Agency Science of Security Initiative
The National Security Agency Research Directorate sponsors the Science of Security Initiative to promote foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. The SoS initiative works in several ways. 1. Engage the academic community for foundational research, 2. Promote rigorous scientific principles, and 3. grow the SoS community. The SoS Virtual Organization is the SoS's initiative online home. More information about the NSA SoS Initiative Efforts.
SoS Background Material
Recommendations for Science of Security background reading
- Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program
- Final Report: 2008 Berkeley SoS Workshop
- The Next Wave: Developing a Blueprint for a Science of Cybersecurity Spring 2012
- Blueprint for a Science of Cybersecurity, Fred B. Schneider
- The Science of Security, Security & Privacy May/June 2011
- "Measuring Security", IEEE Security & Privacy, May/June 2011, Stolfo, Bellovin, Evans
- Science of Cyber-Security Study, Kickoff Meeting
- Science of Cyber-Security, JASON report, 2010
- The Next Wave: Building a National Program for Cybersecurity Science Winter 2012
Other Science Related reading
- Strong Inference, John R. Platt
- The Sciences of the Artificial excerpt (2nd Ed. 1981, pp 129-159), Herbert A. Simon
- DHS Roadmap for Cybersecurity Research