Skip to Content

Notice

Assumption Buster Workshop: Distributed Data Schemes Provide Security

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

The National Coordination Office (NCO) for the Networking and Information Technology Research and Development (NITRD) Program.

ACTION:

Call for participation.

Start Further Info

FOR FURTHER INFORMATION CONTACT:

assumptionbusters@nitrd.gov.

End Further Info

DATES:

Workshop: May 17, 2011; Deadline: April 15, 2011. Apply via e-mail to assumptionbusters@nitrd.gov. Travel expenses will be paid for selected participants who live more than 50 miles from Washington, DC, up to the limits established by Federal Government travel regulations and restrictions.

SUMMARY:

The NCO, on behalf of the Special Cyber Operations Research and Engineering (SCORE) Committee, an interagency working group that coordinates cyber security research activities in support of national security systems, is seeking expert participants in a day-long workshop on the pros and cons of the Security of Distributed Data Schemes. The workshop will be held May 17, 2011 in Gaithersburg, MD. Applications will be accepted until 5 p.m. EST April 15, 2011. Accepted participants will be notified by April 27, 2011.

End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

Overview: This notice is issued by the National Coordination Office for the Networking and Information Technology Research and Development (NITRD) Program on behalf of the SCORE Committee.

Background: There is a strong and often repeated call for research to provide novel cyber security solutions. The rhetoric of this call is to elicit new solutions that are radically different from existing solutions. Continuing research that achieves only incremental improvements is a losing proposition.

We are lagging behind and need technological leaps to get, and keep, ahead of adversaries who are themselves rapidly improving attack technology. To answer this call, we must examine the key assumptions that underlie current security architectures. Challenging those assumptions both opens up the possibilities for novel solutions that are rooted in a fundamentally different understanding of the problem and provides an even stronger basis for moving forward on those assumptions that are well-founded. The SCORE Committee is conducting a series of four workshops to begin the assumption buster process. The assumptions that underlie this series are that cyber space is an adversarial domain, that the adversary is tenacious, clever, and capable, and that re-examining cyber security solutions in the context of these assumptions will result in key insights that will lead to the novel solutions we desperately need. To ensure that our discussion has the requisite adversarial flavor, we are inviting researchers who Start Printed Page 17159develop solutions of the type under discussion, and researchers who exploit these solutions. The goal is to engage in robust debate of topics generally believed to be true to determine to what extent that claim is warranted. The adversarial nature of these debates is meant to ensure the threat environment is reflected in the discussion in order to elicit innovative research concepts that will have a greater chance of having a sustained positive impact on our cyber security posture.

The third topic to be explored in this series is “Distributed Data Schemes Provide Security.” The workshop on this topic will be held in Gaitherburg, MD on May 17, 2011.

Assertion: “Distributed Data Schemes Provide Security”.

Distributed data architectures, such as cloud computing, offer very attractive cost savings and provide new means of large scale analysis and information sharing. There has been much discussion about securing such architectures, and it is generally felt that distribution, and the replication that is usually associated with it, provides some inherent protection; adversaries will have difficulty locating your data in the cloud, and by breaking it up and replicating different segments throughout the platform we send the adversary on a wild goose chase to find and reassemble all the relevant bits. It is also felt that cryptographic mechanisms like bound tags, encryption, and keyed access control can be used to develop distributed platforms with a high level of assurance. There are several applications of distributed architectures that offer non-sensitive peer to peer TV services. Applications are also offered for potentially sensitive uses like document collaboration. Yet it is unclear whether these applications can safely be extended to highly sensitive uses. Could we readily support a distributed electronic health care system that securely supports ad hoc consultations or remote surgery with full access to patient history while protecting patient privacy, for example?

To answer this question we need to take a closer look at the protection provided inherently and cryptographically. With respect to the former, we must think about how the architecture can be designed to provide secure availability to friend and not foe. We must examine the impact of the design for security, resilience, and availability and understand the trades we are implicitly making among these attributes. We must consider whether the data about data that is required by these architectures introduces a new data risk. We must think about the multiplicity of paths provide by these architectures. We must figure how to do risk analysis on a system when key information like data location is unavailable by design. With respect to the latter, we must consider whether the key management strategy is robust enough to operate in a distributed architecture. We have to think about the assurance of tag binding and access update and revocation. We must consider the vulnerabilities of the platforms that host the cryptographic mechanisms and the distribution of those functions in the architecture.

In this workshop, we will explore the implications of distributed data on security. We will consider what effect the introduction of the notion of a determined adversary has on our analysis of data security requirements. In the first session, we will discuss the properties of distributed platforms that are thought to make such architectures inherently more secure. In the second, we will discuss the issue of cryptography and distributed platforms.

How To Apply

If you would like to participate in this workshop, please submit (1) a resume or curriculum vita of no more than two pages which highlights your expertise in this area and (2) a one-page paper stating your opinion of the assertion and outlining your key thoughts on the topic. The workshop will accommodate no more than 60 participants, so these brief documents need to make a compelling case for your participation.

Applications should be submitted to assumptionbusters@nitrd.gov no later than 5 p.m. EST on April 15, 2011.

Selection and Notification: The SCORE committee will select an expert group that reflects a broad range of opinions on the assertion. Accepted participants will be notified by e-mail no later than April 27, 2011. We cannot guarantee that we will contact individuals who are not selected, though we will attempt to do so unless the volume of responses is overwhelming.

Start Signature

Submitted by the National Science Foundation for the National Coordination Office (NCO) for Networking and Information Technology Research and Development (NITRD) on March 18, 2011.

Suzanne H. Plimpton,

Reports Clearance Officer, National Science Foundation.

End Signature End Supplemental Information

[FR Doc. 2011-7173 Filed 3-25-11; 8:45 am]

BILLING CODE 7555-01-P