NSF Trustworthy Computing Program and Economic Incentives Presentation for WEIS 2010 15 June 2011 Carl Landwehr Director, Trustworthy Computing Program Computer and Information Science and Engineering (CISE) Directorate National Science Foundation
Cyber Threats: 2011 and Beyond Visible escalation of the security and privacy threats Proliferation of attacks spurred by financial gains (Sony Playstation hack/outage, Citigroup, …) Focused value (e.g. cloud) draws attacks Stuxnet Confusion about privacy (e.g. iPhone, Android location reporting) Still to come: as automation pervades new platforms, vulnerabilities will be found in them (e.g. in automotive systems this past year) Distributed attacks (botnets) increasing in size and sophistication, targeting specific applications. Proliferation of wireless devices and social media platforms open new avenues for hackers and bring evolving security challenges.
Developing Scientific Foundations Maximizing Research Impact Accelerating Transition to Practice Tailored Trustworthy Spaces Moving Target Cyber Economic Incentives NCO-NITRD* Game-Change Strategy Inducing Change: 3 themes * NCO/NITRD = National Coordination Office for Networking and Information Technology Research and Development Four thrusts
6 What is Trustworthy Computing? (from FY11 solicitation) “Envisions a future pervasive cyber infrastructure that supports a wide range of requirements for trustworthy operation, despite known and future threats and an increasingly complex operating environment. Trustworthy operation requires security, reliability, privacy, and usability. ” Supports approaches from theoretical to experimental to human centric Theories, models, cryptography, algorithms, methods, architectures, languages, tools, systems, and evaluation frameworks Studies of tradeoffs among security, privacy, usability Methods to assess, reason about, and predict system trustworthiness Methods to increase attacker cost, enable tailored security environments, and incentivize security deployment, socially responsible behavior, and deter cyber crimes Multi-disciplinary work incorporating legal, social, and ethical implications strongly encouraged Small / Medium / Large (to $500K / $1.2M / $3M) awards totaling $55M expected in FY11 NITRD themes
NSF Cyber Security Investments Active Research Grants Broad range of awards addressing cyber security foundations and technologies; – –over 500 active awards – –Trustworthy Computing, Future Internet Architecture, Networking Technology and Systems, Cyber Physical Systems, Smart Health and Well-Being, Office of Cyberinfrastructure (OCI) and a wide range of disciplinary programs contributing – –Trustworthy Computing cuts across CISE divisions and addresses a broad spectrum of topics Hardware, software, networking, applications Human-centric security, privacy, usability Theoretical models, algorithms, cryptography Security in complex control systems
NSF Trustworthy Computing Investments 4 Sample TC Awards with Economics/Incentives components NSF #0831138 Collaborative Research: CT-M: Understanding and Exploiting Economic Incentives in Internet-based Scams. UCSD, ICSI, PIs: S. Savage, G. Voelker, V. Paxson – –“Spamalytics” work recently revealed choke points in underground economy for spam distribution NSF #0954234 CAREER: Control of Information Security Risk Using Economic Incentives, UCSD, PI: Terrence August – –paper in this workshop on comparative analysis of liability policies NSF #0831338 CT-ISG: Collaborative Research: Incentives, Insurance and Audited Reputation: An Economic Approach to Controlling Spam. UT-Austin, PI Andrew Whinston – –applying economic theory, game theory to model/modify organizational structure of the Internet to combat spam NSF #1017907 TC: Small: Deployment Incentives for Secure Internet Routing. Boston U, PI S. Goldberg. – –Treat deployment of secure Internet routing protocols as a problem of incentives. Upcoming SIGCOMM paper: "Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security."
New: WATCH Monthly Seminar at NSF WATCH = Washington Area Trustworthy Computing Hour WATCH = Washington Area Trustworthy Computing Hour Scope: Trustworthy Computing, embracing CISE, SBE, OCI perspectives Scope: Trustworthy Computing, embracing CISE, SBE, OCI perspectives When: First Thursday of each month, 12 - 1pm When: First Thursday of each month, 12 - 1pm Where: NSF Room 110 (no badge needed) Where: NSF Room 110 (no badge needed) Start: 2 June, 2011: Start: 2 June, 2011: – Prof. Fred Schneider, Cornell University : “Cybersecurity Doctrine: Towards Public Cybersecurity” see paper: http://www.cs.cornell.edu/fbs/publications/publicCybersecDaed.pdf – Next: 7 July, 2011, Prof. Paul Harris, Harvard U.: “Selective Credulity” Talks to be recorded, captioned, posted, see: Talks to be recorded, captioned, posted, see: –http://www.acpt.nsf.gov/cise/cns/watch/http://www.acpt.nsf.gov/cise/cns/watch/ 9
For more information… About the Trustworthy Computing program history and directions: About the Trustworthy Computing program history and directions: NSF Workshop on the Future of Trustworthy Computing (full video and slides): NSF Workshop on the Future of Trustworthy Computing (full video and slides): – http://tc2010.cse.psu.edu/ http://tc2010.cse.psu.edu/ To receive announcements, send an e-mail from the address where you wish to receive messages to: To receive announcements, send an e-mail from the address where you wish to receive messages to: firstname.lastname@example.org email@example.com About active awards : About active awards : www.nsf.gov/awardsearch Many search options available Trustworthy Computing = Prog. Element 7795 Results include abstract of award and PI-email Can be downloaded to spreadsheet 10