File preview
Secure and Trustworthy Cyberspace (SaTC) and Federal Cybersecurity Strategic Plan
Keith Marzullo Division Director, Computer and Network Systems CISE Directorate National Science Foundation
SaTC PI Meeting November 27-29, 2012
SaTC
• Established in FY 2012 with CISE, MPS, OCI and SBE
– Three perspectives (which can be combined):
• Trustworthy Computing • Social, Behavioral and Economic Sciences • Transition to Practice
– Transition to practice phase
• Added EHR and ENG in FY 2013
– Added standalone perspective on Cybersecurity Education
FY 13 Participating Directories
• • CISE
– – Technical approaches to security and privacy Includes theoretical, systems and human-oriented computing Supports later stage activities in the research and development lifecycle such as prototyping and experimental deployment Emphasis on activities that lead to potential impact on science and education environments – NSF cyberinfrastructure Cyber-economic incentives Cyber-insurance research (economics) Research on international norms and rules of engagement with respect to cyber-attacks
• Fields: Political Science, Game Theory
OCI
– –
•
SBE
– – –
•
Engineering
– Characteristics of Cyber-Security in Cyber-Physical Systems
• • • Physical systems are involved Security strategies that protect the computer and data systems alone would be insufficient integrative security and reliability measures from both cyber and physical aspects
• •
Education
– – – – Supporting educational efforts Theory of cryptographic systems (creating and attacking) Statistical vulnerabilities of cyber security Quantum information Science
Mathematics and Physical Sciences
SaTC FY 2012
• Category
Fron%ers
CAREER
Medium
Small
EAGER
Number
2
7
28
34
13
Frontiers
– Projects are multi-disciplinary – Co-funded by multiple directorates
•
Also co-funded proposals with
– – – – Cyberphysical Systems program Computer Systems Research program Algorithmic Foundations program Software and Hardware Foundations program – Information Integration and Informatics program
SaTC FY 2012
(83 proposals / 56 projects total)
– – – – – – – – – – – – – – – – Medical device security Browser security Anonymity Mobile device security & privacy Cloud security Hardware security Smart grid security Data privacy Network security (BGP, IDS) Software security Cybereconomics Censorship evasion Security data collection & analysis Social network security Biometrics Security usability
SaTC FY 2012 by NITRD Theme
45
40
35
30
25
20
15
10
5
0
Designed-‐in
Security
Tailored
Trustworthy
Spaces
Moving
Target
Cyber
Economic
Incen?ves
Scien?fic
Founda?ons
Maximizing
Research
Transi?on
to
Prac?ce
Impact
New Mediums
Sherwood,
Timothy
Kapadia,
Apu
Goodrich,
Michael
T.
Boneh,
Dan
Kifer,
Daniel
Kagal,
Lalana
Lee,
Adam
McDaniel,
Patrick
D.
Tinelli,
Cesare
Jha,
Somesh
UC
Santa
Barbara
Indiana
U
UC
Irvine
Stanford
U
Penn
State
U
University
Park
MIT
U
of
PiYsburgh
Penn
State
U
University
Park
U
of
Iowa
U
of
Wisconsin
Madison
SHF:
Medium:
Building
Cri%cal
Systems
with
Verifiable
Proper%es
Using
Gate
Level
Analysis
TWC
SBES:
Medium:
Crowdsourcing
Security
TWC:
Medium:
Privacy-‐Preserving
Distributed
Storage
and
Computa%on
TWC:
Medium:
Compu%ng
on
Cryptographic
Data
TWC
SBES:
Medium:
U%lity
for
Private
Data
Sharing
in
Social
Science
TWC:
Medium:
Policy
Compliant
Integra%on
of
Linked
Data
TWC:
Medium:
Founda%ons
of
Applica%on-‐Sensi%ve
Access
Control
Evalua%on
TWC:
Medium:
Extending
Smart-‐Phone
Applica%on
Analysis
TWC:
Medium:
Breaking
the
SMT
boYleneck
in
symbolic
security
analysis
TWC:
Phase:
Medium:
Understanding
and
Exploi%ng
Parallelism
in
Deep
Packet
Inspec%on
on
Concurrent
Architectures
New Mediums
Hong,
Jason
Rogaway,
Phillip
Memon,
Nasir
Witchel,
EmmeY
Acquis%,
Alessandro
Yang,
Yaling
Naumann,
David
A.
Shi,
Zhijie
Lerner,
Sorin
Boneh,
Dan
CMU
UC
Davis
Polytechnic
U
of
NY
U
of
Texas
Aus%n
CMU
VA
Tech
Stevens
I
of
T
U
of
Connec%cut
UC
San
Diego
Stanford
U
TWC:
Medium:
Capturing
People's
Expecta%ons
of
Privacy
with
Mobile
Apps
by
Combining
Automated
Scanning
and
Crowdsourcing
Techniques
TWC:
Medium:
Deconstruc%ng
Encryp%on
TWC:
Medium:
Towards
Secure,
Robust,
and
Usable
Gesture-‐Based
Authen%ca%on
TWC:
Medium:
Trustworthy
Programs
Without
A
Trustworthy
Opera%ng
System
TWC
SBES:
Medium:
Evolu%onary
Approaches
to
Privacy
and
Informa%on
Security
TWC:
Medium:
SDR
Shield:
A
Hardware-‐based
Security
Solu%on
for
Soaware
Defined
Radio
TWC:
Medium:
Flexible
and
Prac%cal
Informa%on
Flow
Assurance
for
Mobile
Apps
TWC:
Medium:
DoS
AYacks
and
Countermeasures
in
Underwater
Wireless
Networks
TWC:
Medium:
Towards
a
Formally
Verified
Web
Browser
TWC:
Medium:
Neuroscience
Meets
Computer
Security:
Designing
Systems
Secure
Against
Coercion
AYack
New Mediums
Pytlik-‐Zillig
Hayes
Samal
Soh
Tomkins
McCabe
Eil
Sahai,
Amit
Whinston,
Andrew
B.
Demsky,
Brian
C.
LeviY,
Karl
N.
Claffy,
Kim
Weber,
Steven
U.
Nebraska
at
Lincoln
George
Mason
U.
UC
Los
Angeles
U
of
Texas
Aus%n
UC
Irvine
UC
Davis
UC
San
Diego
Drexel
University
SBES:
Medium:
Inves%ga%ng
the
Role
of
Distrust
in
Unauthorized
Online
Ac%vi%es
Using
an
Integrated
Sociotechnical
Approach
SBES:
Medium:
Economic
Incen%ves
and
Organiza%ons
for
a
Trustworthy
Cyberspace
TWC:
Medium:
Transforma%ve
New
Approaches
to
Efficient
Secure
Computa%on
TWC:
Medium:
Reputa%on
as
Public
Policy
for
Internet
Security
TWC:
Medium:
Safety
in
Numbers:
Crowdsourcing
for
Global
Soaware
Integrity
TWC:
Medium:
Towards
Securing
Coupled
Financial
and
Power
Systems
in
the
Next
Genera%on
Smart
Grid
TTP:
Medium:
Detec%on
&
Analysis
of
Large-‐Scale
Internet
Infrastructure
Outages
TTP:
Medium:
Securing
the
Wireless
Philadelphia
Network
Frontiers
• Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives
– UC San Diego, ICSI, George Mason University.
• Privacy Tools for Sharing Research Data
– Harvard University.
Thanks!
Keith Marzullo Division Director, Computer and Network Systems CISE Directorate National Science Foundation
SaTC PI Meeting November 27-29, 2012
SaTC
• Established in FY 2012 with CISE, MPS, OCI and SBE
– Three perspectives (which can be combined):
• Trustworthy Computing • Social, Behavioral and Economic Sciences • Transition to Practice
– Transition to practice phase
• Added EHR and ENG in FY 2013
– Added standalone perspective on Cybersecurity Education
FY 13 Participating Directories
• • CISE
– – Technical approaches to security and privacy Includes theoretical, systems and human-oriented computing Supports later stage activities in the research and development lifecycle such as prototyping and experimental deployment Emphasis on activities that lead to potential impact on science and education environments – NSF cyberinfrastructure Cyber-economic incentives Cyber-insurance research (economics) Research on international norms and rules of engagement with respect to cyber-attacks
• Fields: Political Science, Game Theory
OCI
– –
•
SBE
– – –
•
Engineering
– Characteristics of Cyber-Security in Cyber-Physical Systems
• • • Physical systems are involved Security strategies that protect the computer and data systems alone would be insufficient integrative security and reliability measures from both cyber and physical aspects
• •
Education
– – – – Supporting educational efforts Theory of cryptographic systems (creating and attacking) Statistical vulnerabilities of cyber security Quantum information Science
Mathematics and Physical Sciences
SaTC FY 2012
• Category
Fron%ers
CAREER
Medium
Small
EAGER
Number
2
7
28
34
13
Frontiers
– Projects are multi-disciplinary – Co-funded by multiple directorates
•
Also co-funded proposals with
– – – – Cyberphysical Systems program Computer Systems Research program Algorithmic Foundations program Software and Hardware Foundations program – Information Integration and Informatics program
SaTC FY 2012
(83 proposals / 56 projects total)
– – – – – – – – – – – – – – – – Medical device security Browser security Anonymity Mobile device security & privacy Cloud security Hardware security Smart grid security Data privacy Network security (BGP, IDS) Software security Cybereconomics Censorship evasion Security data collection & analysis Social network security Biometrics Security usability
SaTC FY 2012 by NITRD Theme
45
40
35
30
25
20
15
10
5
0
Designed-‐in
Security
Tailored
Trustworthy
Spaces
Moving
Target
Cyber
Economic
Incen?ves
Scien?fic
Founda?ons
Maximizing
Research
Transi?on
to
Prac?ce
Impact
New Mediums
Sherwood,
Timothy
Kapadia,
Apu
Goodrich,
Michael
T.
Boneh,
Dan
Kifer,
Daniel
Kagal,
Lalana
Lee,
Adam
McDaniel,
Patrick
D.
Tinelli,
Cesare
Jha,
Somesh
UC
Santa
Barbara
Indiana
U
UC
Irvine
Stanford
U
Penn
State
U
University
Park
MIT
U
of
PiYsburgh
Penn
State
U
University
Park
U
of
Iowa
U
of
Wisconsin
Madison
SHF:
Medium:
Building
Cri%cal
Systems
with
Verifiable
Proper%es
Using
Gate
Level
Analysis
TWC
SBES:
Medium:
Crowdsourcing
Security
TWC:
Medium:
Privacy-‐Preserving
Distributed
Storage
and
Computa%on
TWC:
Medium:
Compu%ng
on
Cryptographic
Data
TWC
SBES:
Medium:
U%lity
for
Private
Data
Sharing
in
Social
Science
TWC:
Medium:
Policy
Compliant
Integra%on
of
Linked
Data
TWC:
Medium:
Founda%ons
of
Applica%on-‐Sensi%ve
Access
Control
Evalua%on
TWC:
Medium:
Extending
Smart-‐Phone
Applica%on
Analysis
TWC:
Medium:
Breaking
the
SMT
boYleneck
in
symbolic
security
analysis
TWC:
Phase:
Medium:
Understanding
and
Exploi%ng
Parallelism
in
Deep
Packet
Inspec%on
on
Concurrent
Architectures
New Mediums
Hong,
Jason
Rogaway,
Phillip
Memon,
Nasir
Witchel,
EmmeY
Acquis%,
Alessandro
Yang,
Yaling
Naumann,
David
A.
Shi,
Zhijie
Lerner,
Sorin
Boneh,
Dan
CMU
UC
Davis
Polytechnic
U
of
NY
U
of
Texas
Aus%n
CMU
VA
Tech
Stevens
I
of
T
U
of
Connec%cut
UC
San
Diego
Stanford
U
TWC:
Medium:
Capturing
People's
Expecta%ons
of
Privacy
with
Mobile
Apps
by
Combining
Automated
Scanning
and
Crowdsourcing
Techniques
TWC:
Medium:
Deconstruc%ng
Encryp%on
TWC:
Medium:
Towards
Secure,
Robust,
and
Usable
Gesture-‐Based
Authen%ca%on
TWC:
Medium:
Trustworthy
Programs
Without
A
Trustworthy
Opera%ng
System
TWC
SBES:
Medium:
Evolu%onary
Approaches
to
Privacy
and
Informa%on
Security
TWC:
Medium:
SDR
Shield:
A
Hardware-‐based
Security
Solu%on
for
Soaware
Defined
Radio
TWC:
Medium:
Flexible
and
Prac%cal
Informa%on
Flow
Assurance
for
Mobile
Apps
TWC:
Medium:
DoS
AYacks
and
Countermeasures
in
Underwater
Wireless
Networks
TWC:
Medium:
Towards
a
Formally
Verified
Web
Browser
TWC:
Medium:
Neuroscience
Meets
Computer
Security:
Designing
Systems
Secure
Against
Coercion
AYack
New Mediums
Pytlik-‐Zillig
Hayes
Samal
Soh
Tomkins
McCabe
Eil
Sahai,
Amit
Whinston,
Andrew
B.
Demsky,
Brian
C.
LeviY,
Karl
N.
Claffy,
Kim
Weber,
Steven
U.
Nebraska
at
Lincoln
George
Mason
U.
UC
Los
Angeles
U
of
Texas
Aus%n
UC
Irvine
UC
Davis
UC
San
Diego
Drexel
University
SBES:
Medium:
Inves%ga%ng
the
Role
of
Distrust
in
Unauthorized
Online
Ac%vi%es
Using
an
Integrated
Sociotechnical
Approach
SBES:
Medium:
Economic
Incen%ves
and
Organiza%ons
for
a
Trustworthy
Cyberspace
TWC:
Medium:
Transforma%ve
New
Approaches
to
Efficient
Secure
Computa%on
TWC:
Medium:
Reputa%on
as
Public
Policy
for
Internet
Security
TWC:
Medium:
Safety
in
Numbers:
Crowdsourcing
for
Global
Soaware
Integrity
TWC:
Medium:
Towards
Securing
Coupled
Financial
and
Power
Systems
in
the
Next
Genera%on
Smart
Grid
TTP:
Medium:
Detec%on
&
Analysis
of
Large-‐Scale
Internet
Infrastructure
Outages
TTP:
Medium:
Securing
the
Wireless
Philadelphia
Network
Frontiers
• Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives
– UC San Diego, ICSI, George Mason University.
• Privacy Tools for Sharing Research Data
– Harvard University.
Thanks!