Designed-In Security in Context 2012 HCSS Conference

Four Thrusts: Inducing Change, Developing Scientific Foundations, Maximizing Research Impact, Accelerating Transition to Practice. Inducing Change by disrupting the status quo with different approaches. Developing Scientific Foundations in cybersecurity through a disciplined scientific approach. Maximizing Research Impact by integrating R&D themes. Accelerating Transition to Practice to ensure adoption of new technologies. Tailored Trustworthy Spaces and Moving Target are key research themes.

• Security
• Conference
• Cybersecurity
• Research
• Technology

quinlivan_l Follow

Uploaded on Feb 24, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Designed-In Security in Context 2012 HCSS Conference Carl Landwehr Independent Consultant Carl.Landwehr@gmail.com www.landwehr.org

2. Context: DECEMBER 2011

3. Four Thrusts: O Inducing Change (4 research themes here) O Developing Scientific Foundations O Maximizing Research Impact (research coordination) O Accelerating Transition to Practice

4. Inducing Change O Utilizing game-changing themes to direct efforts towards understanding the underlying root causes of known current threats with the goal of disrupting the status quo with radically different approaches to improve the security of the critical cyber systems and infrastructure that serve society

5. Developing Scientific Foundations O "Developing an organized, cohesive scientific foundation to the body of knowledge that informs the field of cybersecurity through adoption of a systematic, rigorous, and disciplined scientific approach. Promotes the discovery of laws, hypothesis testing, repeatable experimental designs, standardized data- gathering methods, metrics, common terminology, and critical analysis that engenders reproducible results and rationally-based conclusions."

6. Maximizing Research Impact O Catalyzing integration across the game- changing R&D themes, cooperation between governmental and private-sector communities, collaboration across international borders, and strengthened linkages to other national priorities, such as health IT and Smart Grid."

7. Accelerating Transition to Practice O "Focusing efforts to ensure adoption and implementation of the powerful new technologies and strategies that emerge from the research themes, and the activities to build a scientific foundation so as to create measurable improvements in the cybersecurity landscape"

8. Four Research Themes O Tailored Trustworthy Spaces OBe able to configure cyber subspaces in accordance with different kinds of trust requirements O Moving Target OAcknowledge that systems have vulnerabilities; raise cost to attacker by moving them around O Cyber Economic Incentives OLearn how to structure incentives so we get the security we want to have in deployed systems O And . . .

9. Designed-In Security O "Builds the capability to design, develop, and evolve high-assurance, software-intensive systems predictably and reliably while effectively managing risk, cost, schedule, quality, and complexity. O Promotes tools and environments that enable the simultaneous development of cyber-secure systems and the associated assurance evidence necessary to prove the system's resistance to vulnerabilities, flaws, and attacks. O Secure, best practices are built inside the system. O Consequently, it becomes possible to evolve software-intensive systems more rapidly in response to changing requirements and environments."

10. How does this theme relate to the others? OTailored Trustworthy Spaces: O addresses mission needs, requires trustworthy mechanisms O Moving Target O Acknowledges weaknesses, focuses on agility, reaction. Still needs sound mechanisms for system control O Cyber Economic Incentives O Focuses on incentivizing deployment, not providing the tools to deploy

11. How new is this theme? Programming Methodology Hoare CSP 78 - 85 Raise 85 Balzac 91 Sufrin Z 84 Parnas Info. Hiding 72 Gries Sci. of Prog 81 Dijkstra Disc. of Prog -76 Knuth Literate Prog. 86 Dijkstra T.H.E. 68 Struct. Pgming - DD&H - 72 SRI: SPECIAL- HDM 76/ EHDM 83 / PVS 90? Program Verification IPV- PARC 73 UT / CLINC: GVE 74 / ROSE 88 IP Sharp ORA-Canada: mEVES-mVerdi 83 EVES -Verdi 87 ORA-US: Romulus (Ulysses)84? Penelope86/CLIO HOL 85 Hoare 69 Floyd 67 SDC/Burroughs/Unisys: Ina-Jo / FDM ISI, GE, RPI: XIVUS / AFFIRM 76 London Automated Theorem Proving Bledsoe Larch 80 SDVS 77 LCF 77 Boyer- Moore 71 1970 Clark Wilson 1980 1990 McCullough Restrictiveness Walter et al Goguen.- Meseguer Non- Interference HWM- ADEPT-50 Feiertag B-L / KSOS Ware Rept Bell- LaPadula McCullough Hook-up Security Modeling & Theory Gray Probabilistic N-I Sutherland McLean System Z Anderson Rept - Ref Monitor Denning Lattice

12. How important is this theme? O Recent comments on pending cybersecurity legislation from Northrup Grumman CEO reveal how weak our position is O Current political wrangling over privacy and information sharing: at root a system vulnerability problem O Arguments in favor of stronger measures need strong evidence to back them up O Effective, Efficient, Scalable, Repeatable O This theme should support research to generate the technology and the evidence

13. What do we need to tip the balance? O Good ideas from YOU! Unreasonably vulnerable Reasonably Invulnerable

14. Thank You! Carl Landwehr Carl.Landwehr@gmail.com