Visible to the public Highlights of the SoS Lablets Quarterly Meeting at CMU

The Science of Security (SoS) quarterly Lablet meeting, sponsored by NSA, was hosted by the Carnegie Mellon University Lablet on July 14 and 15, 2015.  Quarterly meetings are held to share research, coordinate, present interim findings, and stimulate thought and discussion about the Science of Security.  Two panel sessions produced lively discussions about the nature of the Science of Security and the developing Science of Privacy.


Bill Scherlis, Principal Investigator at CMU, coordinated the talks on cybersecurity research and the updates from the four lablets. He described the purpose of the meeting as “to showcase technical activity and progress through Lablet and federal agency technical talks, research poster displays and the sharing of plans and project information.”  The focus of lablet research is on 5 Hard Problems picked for their high level of technical challenge, significant operational value, likelihood of benefitting from scientific research methods and improved measurement capabilities.


Stephanie Yannacci, Science of Security program manager, described the fundamental challenge to move cybersecurity from art to science and make it rigorous, repeatable, predictable, and have lasting impact. She attributed the growth of the Science of Security community to the first two years of Lablet efforts, noting the “cascading effect” as new PhD graduates from the lablets move to new universities and continue to contribute to the Science of Security.


A pair of speakers from the Department of Energy Office of Advanced Scientific Computing Research (ASCR) presented the keynote.  Steve Binkley and Dr. Robinson Pino outlined issues and goals for cybersecurity R&D.   Binkley indicated DOE is increasing its attention to cybersecurity due to its large footprint and sensitive systems. Specific technology issues in high performance computing (HPC) include increased use of simulations across science, national security, the drive from petascale to exascale computing; the nexus of big data, and Moore’s Law—shift to Quantum, neomorphic, and probabilistic computing.  He described, for example, the idea of a petaflop in a 19” rack.  Pino noted that DOE has no basic cybersecurity research program in place yet, but that DOE sponsored two workshops on cybersecurity in high performance computing.  He defined “Scientific Computing Integrity” as the ability to have a high confidence in the scientific data that is collected and stored.


The first panel session discussed various views on the definition of Science of Security. A lively discussion ensued. 


"What is Science of Security?" Panel Discussion


PIs or their representatives summarized the activities that took place at their Lablets over the last year, including projects against the hard problems, research papers published, cooperation with other departments and institutions, and outreach efforts.   Jonathan Katz noted that the UMD Lablet was working on 10 projects dealing with the hard problems, and that the Lablet strengths were in Human Behavior and Security Metrics. David Nicoli of UIUC reported on 5 projects associated with the hard problems and identified outreach efforts including HotSoS 2015, an SoS graduate seminar, and SoS summer interns.   Travis Breaux reported on CMU activities, noting that Composability and Human Behavior are their hard problems focus, and that their work involves 15 senior researchers and partner universities that have formed teams comprised of diverse disciplines. Laurie Williams reported that the NCSU Lablet has 4 problems in Resiliency, 2 in Policy, 3 in Human Behavior, and 2 in Metrics, and that their 20 publications involved 55 authors from 13 institutions. 


Individual researchers from each Lablet and their teams presented materials from work addressing the five Hard Problems in cybersecurity.  Host Carnegie-Mellon’s Lablet gave an update on their Security Behavior Observatory and presented current research about human factors, insider threats, and logic programming for social networking sites.  User behavior in predictive models, passwords and cybersecurity circumvention were the topics presented by the University of Illinois. Maryland contributed presentations on certificate management and PKI.  NC State presented an update on its bibliometric studies of Science of Security publications and developers’ adoption and use of security tools. 


At the end of the second day, another panel discussed the Science of Privacy. 


"Is there a Science of Privacy?"



In addition, almost a dozen research posters were presented.   Each of the Lablets’ PIs reported on the projects underway at their Lablet, the number of papers published and how many other institutions contributed to the papers, and SoS community outreach activities. 

The CMU Meeting Agenda:

The next quarterly meeting will be held at the University of Maryland College Park.

Snippets from the Poster Session

The poster session highlighted various Lablet research topics.