The Principal Investigators (PIs) of the Science of Security Lablets in collaboration with NSA Research, developed the 5 Hard Problems as a measure to establish the beginnings of a common language and gauge progress. These 5 were selected for their level of technical challenge, their potential operational significance, and their likelihood of benefiting from emphasis on scientific research methods and improved measurement capabilities. The five are not intended to be all inclusive of everything that needs to be done in cybersecurity but rather five specific areas that need scientific progress. The five problems are: Scalability and Composability; Policy-Governed Secure Collaboration; Security Metrics Driven Evaluation, Design, Development, and Deployment; Resilient Architectures; and Understanding and Accounting for Human Behavior.
Scalability and Composability: Develop methods to enable the construction of secure systems with known security properties from components with known security properties, without a requirement to fully re-analyze the constituent components.
Policy-Governed Secure Collaboration: Develop methods to express and enforce normative requirements and policies for handling data with differing usage needs and among users in different authority domains.
Security Metrics Driven Evaluation, Design, Development, and Deployment: Develop security metrics and models capable of predicting whether or confirming that a given cyber system preserves a given set of security properties (deterministically or probabilistically), in a given context.
Resilient Architectures: Develop means to design and analyze system architectures that deliver required service in the face of compromised components.
Understanding and Accounting for Human Behavior: Develop models of human behavior (of both users and adversaries) that enable the design, modeling, and analysis of systems with specified security properties.
Documents:
Science of Security Lablet Progress on the Hard Problems (August 2015)
This document highlights major contributions that that SoS Lablets have made towards each of the 5 hard problems.
Science of Security Hard Problems: A Lablet Perspective (November 2012)
This document introduces, defines, explains the rationale of the five hard problems and the research needed.