Goals of the Science of Security Virtual Organization
The President's plan for Federal cybersecurity research and development includes as one of only four thrusts the research to develop a "science of security" that would provide first principles and the fundamental building blocks for security and trustworthiness. It further recognizes that the multi-dimensional nature of the problem will require contributions from biology, economics and other social and behavioral sciences in addition to the traditional disciplines of mathematics, computer science, and electrical engineering. Numerous activities have been initiated across government, academia, and industry to advance the development of such a science. This Science of Security Virtual Organization is established through the collaboration of Federal Agencies to provide a focal point for security science related work and to facilitate the creation of a collaborative community to advance security science.
Security science is taken to mean a body of knowledge containing laws, axioms and provable theories relating to some aspect of system security. Security science should provide an understanding of the limits of what is possible in some security domain, by providing objective and qualitative or quantifiable descriptions of security properties and behaviors. The notions embodied in security science should have broad applicability - transcending specific systems, attacks, and defensive mechanisms. The individual elements contained within security science should contribute to a general framework that supports the principled design of systems that are trustworthy, they do what people expect it to do - and not something else - despite environmental disruption, human user, and operator errors, and attacks by hostile parties. Trustworthy system design may include contributions from a diverse set of disciplines including computer science, systems science, behavioral science, economics, biology, physics, and others. The definition of security science itself is not considered settled - discussion is invited under this Forum Topic.
National Security Agency Science of Security Initiative
The National Security Agency Research Directorate sponsors the Science of Security Initiative to promote foundational cybersecurity science that is needed to mature the cybersecurity discipline and to underpin advances in cyberdefense. The SoS initiative works in serveral ways. 1. Engage the academic community for foundational research, 2. Promote rigorous scientific principles, and 3. grow the SoS community. The SoS Virtual Organization is the SoS's initiative online home.
Features of the SoS Virtual Organization
A background article on the SoS VO can be found here.
The SoS VO provides a wide range of information, networking, and collaboration capabilities:
(Click the links below to view video demos of each topic)
Survey Current Research - track research projects in ongoing SoS and related security research programs
Review Important Announcements - get news on significant SoS-related activities
Find Out What's Happening - watch for events of interest in the community Calendar
Connect to Others - use chat, video conferencing, forums, and online networking
Share your Work - build wikis, set up special interest groups, upload files & tools, reports, multi-media
Discover Resources - search for people, papers, events, and other items of interest
Learn More - take advantage of educational resources contributed by SoS members and sponsors
SoS Background Material
Recommendations for Science of Security background reading
- Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program
- Final Report: 2008 Berkeley SoS Workshop
- The Next Wave: Developing a Blueprint for a Science of Cybersecurity Spring 2012
- Blueprint for a Science of Cybersecurity, Fred B. Schneider
- The Science of Security, Security & Privacy May/June 2011
- "Measuring Security", IEEE Security & Privacy, May/June 2011, Stolfo, Bellovin, Evans
- Science of Cyber-Security Study, Kickoff Meeting
- Science of Cyber-Security, JASON report, 2010
- The Next Wave: Building a National Program for Cybersecurity Science Winter 2012
Other Science Related reading