SoS Musings #4 - Really?
SoS Musings #4
Really?
The previous Musings (#3) asked what additional knowledge and techniques might be useful in building security science. At the time of this writing there has been no responses to the survey. REALLY?
It was hoped that this Musings would present and discuss the results. Instead it will highlight a range of some of the on-going research that is interesting and potentially useful to those who design and use software:
Some of the research at CMU has focused on highlighting and providing tools which incorporate discoveries made on the “hard problem” of scalability and composability. As an example, research has led to PoliDroid – a tool suite focused on identifying inconsistencies between Android applications and their corresponding privacy policies.
The NCSU lablet consists of a strong team of researchers. Research at the NCSU aimed at helping software teams prioritize security efforts by approximating the attack surface of a software system via stack track analysis was highlighted at the doctoral symposium at the 38th International Conference on Software Engineering and published (15% acceptance rate) in ICSE '16 Proceedings of the 38th International Conference on Software Engineering Companion.
The lablet at UIUC sponsored a workshop to identify opportunities and challenges in software-defined networking SoSSDN 2016. The goal of the workshop was to identify opportunities and challenges in using Software-defined Networking to advance the “science of security”.
A new area of research from the lablet at UMD is seeking to understand how users process security advice. “I Think They’re Trying To Tell Me Something: Advice Sources and Selection for Digital Security” in the Proceedings of the IEEE Symposium on Security and Privacy is a start to finding some possible answers.