Cyber Security Research Needs for Open Science

       Exploring the Science of Cyber Security

July 23-24, 2007 · Marriott Bethesda North Conference Center

Charges to Breakout Sessions

Breakout Charges

We ask each breakout session to identify what crosscutting computer science, theory, mathematical algorithms and information technologies are needed to advance the science of cyber security. Among the topics for discussion are:

  1. Paths forward for hardware and algorithm development
  2. New data, knowledge and human behavior management tools for secure open science
  3. Potential uses of advanced scientific visualization and biometrics

We also ask that each breakout session identify some of the "grand challenges" presented by conducting open science in a secure cyber environment.

Breakout Process


Day 1
Morning & Early Afternoon:
Capture Priority Research Direction (PRD) suggestions as quad charts

Late Afternoon:
Report PRD findings to plenary session and get feedback

Evening:
PRD writing time

Day 2
Morning & Early Afternoon:
Refine PRDs and elaborate them into a few pages of text

Late Afternoon:
Report PRD findings to plenary session and get feedback

Evening:
PRD writing time

Day 3
Morning:
Writing group begins integration of PRDs into the core of a workshop report

Session 1: Securing Hardware, Software and Data - Frank Siebenlist

Securing hardware, software and data to provide data and communication integrity is a fundamental Mathematics and Computer Science research and development problem. While today many believe that the network is to “blame” for security problems, it is a far more basic problem that needs to be examined from an end-to-end systems perspective. Each component of a system in an open science environment, including the hardware, software or the data itself, may allow a possible security breech point. Each component and indeed, the entire architecture must be protected in order to provide a fully secure and trusted system in an Open Science environment.

The charge to the members of this breakout session is to identify Priority Research Directions in this area related to:

  1. TPM chip and embedded hardware identity technologies
  2. Theft reporting and discovery technologies
  3. Tripwire technologies
  4. Secure operating systems and applications
  5. Virtualized technologies
  6. Domain name service integration, registering special services and machines
  7. Encryption and decryption technologies
  8. Special challenges in mobile devices
  9. Securing software
  10. Securing data, data integrity
  11. Systemic, end-to-end approaches

Session 2: Monitoring and Detection - Troy Thompson & John McHugh

Monitoring and detecting IT security threats and intrusions is a daunting endeavor. Attacks upon the IT infrastructure may derive from single or distributed sources, be initiated at high-speed (for example, single-source or distributed-source Denial of Service attacks) or at low speed in “stealth” mode (“low and slow” attacks), and/or have their origin masked (IP masking and spoofing).

The charge to this breakout session is to identify Priority Research Directions in this area related to:

  1. The design, construction and refinement of distributed decision support systems (sensor grids, algorithms, databases, architectures and human factors)
  2. Data assimilation and mining techniques
  3. Epidemiology of security (how abnormal behavior is recognized and categorized)
  4. Forensics and systemic approaches
  5. Development efforts that are and will be ongoing, primarily concerning feasibility in accordance with the most advanced state of the art

Session 3: Future Security Architectures and Information Assurance Technologies - Tom Harper

Future security and information assurance technologies for computing and networking, continue to define opportunities and challenges to deploy and defend the nation’s computing, networking and control systems. As the complexity of our systems increases, it is ever more important to bring the latest technologies to enhance the adaptability, resilience and security of our critical infrastructures.

The charge to this panel is to identify Priority Research Directions in this area related, but not limited to:

  1. High definition digital video surveillance
  2. Feature recognition systems
  3. Biometric devices
  4. GPS integration
  5. Distributed sensors/detectors
  6. Photonic devices and optical networking
  7. Multi threaded and multi-core computing systems
  8. Field programmable gate arrays (FPGA)
  9. Intrinsically secure control systems including trusted architectures
  10. Authentication (without encryption)
  11. Self-healing, adaptive technology
  12. End-to-end architectural considerations, i.e. a systems approach

Session 4: Human Factors Analysis – Joe St. Sauver & Anne Schur

The understanding gained from human factors analysis will help characterize the motivations and intents of potential threat vectors. New systems architectures of the future will include need to address a variety of solutions for vulnerability to exploitation behavior.

The charge to this panel is to identify Priority Research Directions in this area related, but not limited to:

  1. Profiles of a young unsophisticated hacker as well as experienced, sophisticated attacker
  2. Usability issues: “deployability,” supportability, accessibility, complexity, etc. vs. security
  3. Cyber warfare and cyber terrorism by individuals and groups
  4. Legal issues, privacy, CALEA, beyond CALEA, Infraguard, RTP (Research and Technology Protection) SIG…
  5. Malware issues including: Anti-spam, anti-virus, anti-spyware; history and projection – how will we be protected from these 5 to 10 years hence?
  6. Real-time systems behavioral analytics
  7. Intellectual Property (IP) issues (ownership and rights of developers)
  8. Training IT security specialists to detect, isolate and deal with cyber security threats

Session 5: Protecting our Utility Infrastructure – Aaron Turner & Bill Young

Protecting our utility infrastructure and critical national systems is a primary mission for energy security for the DOE. There must be a long term strategy to define the science needs and investments that will enable the nation to maintain a safe, secure energy infrastructure.

The charge to this panel is to identify Priority Research Directions in this area related, but not limited to:

  1. Metrics for assessing and benchmarking security posture
  2. Development of self-assessment security tools (including compliance audits)
  3. Protecting legacy control systems
  4. Training and awareness programs and initiatives
  5. Secure connectivity between control systems and enterprise networks
  6. Managing security in environment where implicit trust is assumed
  7. Incident management, response, reporting, and forensics
  8. Public-private partnerships (making the business case for security, trusted environment for sharing vulnerabilities and threat information)