Science of Security
The Claremont Resort, Berkeley CA
Monday, 17 November - Tuesday, 18 November 2008
Workshop Report [PDF]
Over the past 30 years, tremendous effort in computer security research has lead to significant progress on many specific issues as well as point engineering solutions, but remarkably little progress in developing a scientific understanding of underlying principles and core quantifiable aspects of computer security. As one stark illustration of this, the most frequently cited principles in computer security go back to Saltzer and Schroeder's 1973 paper but we still have very little scientific evidence or quantifiable metrics supporting any of these principles, and it is surprising that more viable and precise principles have not been established since then.
The goal of this workshop is to identify scientific questions regarding computer security, and to stimulate new work toward defining and answering those questions. We hope to encourage work that goes beyond ad hoc point solutions and informal security arguments to discover foundational scientific laws for reasoning about and designing secure computing systems.
One of the outcomes of the workshop will be a refined list of questions, identifying important scientific questions about computer security and what form a satisfactory answer might take, as well as preliminary ideas for approaches for addressing each question. A working list of starting questions is here.
OrganizersDavid Evans, University of Virginia (firstname.lastname@example.org)
Karl Levitt, National Science Foundation
Brad Martin, National Security Agency
James Silk, Institute for Defense Analyses