SoS Musings #3 - Progress of Security Science on Hard Problems
SoS Musings #3
Progress of Security Science on Hard Problems
The Science of Security and Privacy Annual Report (2016) provides a good account of its sponsored research and how it has moved the science which underpins security in five broad areas - with supporting papers. What additional knowledge and techniques from disciplines might be useful in building this science? The tendency of researchers is to continue to pursue ideas with familiar techniques. New views/ideas have the ability to push Security Science forward faster. Please share your thoughts and help advance security.
What follows is a short caricature of the progress on the five research areas. For a richer description review the report cited above.
The science underpinning Scalability and Composability has gained knowledge of the foundation and factors needed for a range of components to operate securely.
Policy-Governed Secure Collaboration has developed some key components and methods for understanding and enforcing policies and requirements for secure collaboration. Scientific foundations which reduce complexity are aiding in understanding the basis for privacy.
Security Metrics and Models is a daunting task because of its overarching goals of measuring and quantifying security properties of a system given the nascent broad security science. Fixed and controlled models yielded good measures. Work has opened up the boundaries of the unknown with progress in understanding sources of metrics.
Resilient Architectures has made progress modeling and understanding what components are necessary for resiliency. It has also developed the ability to quantify the resilience.
Understanding Human Behavior through empirical studies continues progression but privacy concerns make large scale data collection difficult. Progress has been made on empirical studies from collected data sets whose population is inherently biased.
Building a science is a long never ending endeavor of theory, hypotheses, and repeatable experiments. Insights that hasten its progress are required.