Hot Topics in the Science of Security Symposium (HotSoS)

The Importance of Measurement and Decision Making to a Science of Security

April 22, 10:30 a.m.
Speaker: Patrick McDaniel, Professor of Computer Science and Director of the Systems and Internet Infrastructure Security Laboratory, Penn State University

Abstract: Adaptive defenses alter the environment in response to adversarial action and perceived threats. Such defenses are a specific example of a broader class of management techniques called system agility. In its fullest generality, a science of agility is based on a reasoned modification to a system or environment in response to a functional, performance, or security needs.  This talk highlights the activities surrounding the investigation of this science within the recently launched Cyber-Security Collaborative Research Alliance.  In this context, the talk identifies questions of when, what, and how to employ changes to improve the security of an environment, as well as consider how to measure and weigh the effectiveness of different approaches to agility.

Bio: Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, and IEEE Fellow. Dr. McDaniel is also the program manager and lead scientist for the newly created Cyber-Security Collaborative Research Alliance. Patrick's research efforts centrally focus on network, telecommunications, systems security, language-based security, and technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.