NSA Science of Security program seeks paper nominations, reports progress
The National Security Agency (NSA) now seeks nominations for its 5th Annual Best Scientific Cybersecurity Paper Competition, the agency announced February 17. To be eligible for nomination, a paper must have been published in a peer-reviewed journal or as part of a scientific conference during calendar year 2016. Nominations are open through March 31, 2017. Anyone may submit a nomination, but self-nominations are prohibited.
“By identifying recent publications of particular scientific merit, we provide researchers, new to the field, models to emulate,” said Dr. Deborah Frincke, NSA director of research. “High-caliber science helps the nation tackle the cybersecurity challenges that effect so many parts of our daily lives. Our Science of Security Initiative supports our work to help build solid foundations for trustworthy computing.”
Distinguished experts — Drs. L. Jean Camp, Robert Cunningham, Whitfield Diffie, Dan Geer, John McLean, Angela Sasse, Stefan Savage, Paul Van Oorshot, David Wagner and Jeannette Wing; and Mr. Phil Venables; – will provide individual views on the merits of the nominated papers to NSA’s Director of Research, who will select the paper (or papers) that made the strongest contribution to advancing a science of cybersecurity in 2016. More information about the eligibility criteria, nomination procedures, and criteria for judging is available online at the competition website.
Last year’s winning paper was “Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration” by Soo-Jin Moon, Vyas Sekar, and Michael Reiter from Carnegie Mellon University and the University of North Carolina. Two papers were awarded honorable mentions: “Quantum-Secure Covert Communication on Bosonic Channels,” by researchers from the University of Massachusetts and Raytheon, and “Increasing Cybersecurity Investments in Private Sector Firms,” by researchers from the University of Maryland, College Park. The selected authors from last year’s competition visited NSA in November. They were recognized for their contributions at a special ceremony, where they also presented their research and answered questions. Details on the awarded papers, authors, and earlier competitions are available on the competition website.
This competition is just one of several activities under way as part of NSA’s open Science of Security (SoS) Initiative, which has the ambitious goal of raising the scientific level of cybersecurity research throughout the world. SoS funds research at four U. S. university “Lablets,” which collaborate with more than 106 U.S. and international institutions. By raising the scientific level of this research, the program aims to establish a stronger foundation for future cybersecurity infrastructure.
Under NSA direction, the Lablets have formulated a set of five “hard problems” as a means to organize research activities and help make progress and gaps more evident. In brief, the problems are scalability and composability, secure policy-governed collaboration, metrics, resilient architectures, and human interaction.
For the first time, SoS hosted a meeting of its research teams on the NSA campus this past November as a means to improve communication between NSA in-house research staff and SoS researchers at universities. NSA research leaders provided perspectives on their missions and associated research needs, while academic researchers reported progress on research activities in relation to the identified hard problems. Highlights included:
- Carnegie Mellon University, in collaboration with the University of Texas at San Antonio, advanced efforts in detecting and alerting developers when an application repurposes personal data in violation of a privacy policy.
- North Carolina State University moved forward in identifying vulnerabilities in code, as the code is written, by developing a metric to predict where vulnerabilities are likely to appear in programs.
- University of Maryland increased its understanding of how computer users decide what security advice to follow in comparison to physical-world decision making. They found that unlike the physical world, where people follow advice that makes sense to them, in cybersecurity people look for trusted sources and ignore what appear to be “marketing” materials.
- University of Illinois made progress in measuring the resiliency of network architectures in software-defined networking and proving that these designs meet requirements.
SoS is also increasing understanding of the cybersecurity aspects of Cyber-Physical Systems through its Science of SecUre and REsilient Cyber-Physical Systems project, led by Vanderbilt University. A review of SURE research was held in conjunction with the SoS research meeting in November. Key accomplishments include building a simulation environment and hardware test-bed to simulate cyber-attacks and defenses on cyber physical systems such as a network of traffic lights.
To help grow the SoS research community, SoS initiated a peer-reviewed conference on Hot Topics in Science of Security (HotSoS). The fourth HotSoS will convene April 4 – 5 in Hanover, MD.
Source: NSA