Cyber-security today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe for ensuring that some attackers succeed—not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday’s attacks and instead start building systems whose trustworthiness derives from first principles. Yet today we lack such a scientific base for cyber-security. That science of security would have to include attacks, defense mechanisms, and security properties; its laws would characterize how these relate. This talk will discuss examples of such laws and suggest avenues for future exploration.
Reception to follow in room 301 CSL.
Fred B. Schneider is Samuel B. Eckert Professor of Computer Science at Cornell and also serves as the Chief Scientist for the NSF-funded TRUST Science and Technology Center, which brings together researchers at UC Berkeley, Carnegie Mellon, Cornell, Stanford, and Vanderbilt. He is a fellow of the AAAS, ACM, and IEEE, was awarded a Doctor of Science honoris causa by the University of Newcastle upon Tyne, and received the 2012 IEEE Emanuel R. Piore Award for “contributions to trustworthy computing through novel approaches to security, fault-tolerance and formal methods for concurrent and distributed systems.” The U.S. National Academy of Engineering elected Schneider to membership in 2011, and the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010. Schneider has testified about cyber-security research at hearings of the U.S. House of Representatives and co-chairs Microsoft’s Trustworthy Computing Academic Advisory Board.