Blueprint for a Science of Security
Samuel B. Eckert Professor of Computer Science, Computer Science
Cyber-security today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe to ensure some attackers succeed---not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday's attacks and instead start building systems whose trustworthiness derives from first principles. Yet, today we lack such a science base for cybersecurity. That science of security would have to include attacks, defense mechanisms, and security properties; its laws would characterize how these relate. This talk will discuss examples of such laws and suggest avenues for future exploration.
Fred Schneider is Samuel B. Eckert Professor of Computer Science at Cornell and also serves as the Chief Scientist for the NSF-funded TRUST Science and Technology Center, which brings together researchers at U.C. Berkeley, Carnegie-Mellon, Cornell, Stanford, and Vanderbilt. He is a fellow of AAAS, ACM, and IEEE, was awarded a Doctor of Science honoris causa by the University of NewCastle-upon-Tyne, and received the 2012 IEEE Emanuel R. Piore Award for "contributions to trustworthy computing through novel approaches to security, fault-tolerance and formal methods for concurrent and distributed systems". The U.S. National Academy of Engineering elected Schneider to membership in 2011, and the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010. Schneider has testified about cybersecurity research at hearings of the U.S. House of Representatives and co-chairs Microsoft's Trustworthy Computing Academic Advisory Board.