text-only page produced automatically by LIFT Text
Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation HomeNational Science Foundation - Directorate for Computer & Information Science & Engineering (CISE)
Computer & Network Systems (CNS)
design element
CNS Home
About CNS
Funding Opportunities
Career Opportunities
View CNS Staff
CISE Organizations
Advanced Cyberinfrastructure (ACI)
Computing and Communication Foundations (CCF)
Computer and Network Systems (CNS)
Information & Intelligent Systems (IIS)
Proposals and Awards
Proposal and Award Policies and Procedures Guide
Proposal Preparation and Submission
bullet Grant Proposal Guide
  bullet Grants.gov Application Guide
Award and Administration
bullet Award and Administration Guide
Award Conditions
Other Types of Proposals
Merit Review
NSF Outreach
Policy Office

Barriers to the Science of Security

Longstaff Photo

Tom Longstaff
National Security Agency
John Hopkins University

Thursday, March 15, 2012
NSF Stafford I, Room 110

To register for this meeting: https://mmancusa.webex.com/mmancusa/j.php?ED=178680707&RG=1&UID=0&RT=MiMxMQ%3D%3D


In the past few years, there has been significant interest in promoting the idea of applying scientific principles to information security. The main point made by information security professionals who brief at workshops and conferences seems to be that our field of information security is finally mature enough to begin making significant strides towards applying the scientific approach. Reports such as the Jasonís report on the Science of Security point to examples and approaches we should take to achieve success in applying science to security. Audiences everywhere enthusiastically agree and thrash themselves for bypassing science all along, bemoaning the fact that we could be "so much further along" if we only did science. Of course, after the presentation is over, everyone goes back to the methods that have been used throughout our generation to create prototypes and tools with no regard for the scientific principles involved. Why? In this presentation, I explore the barriers to adopting a scientific approach to experimental information security projects, including:

  • time to publish as a primary driver
  • standard of peer reviews in conferences and journals
  • expectation of a breakthrough in every publication

Based on overcoming these issues, I will explore a more practical way by focusing on changes in attitudes and processes necessary for science of security to become more the rule than the exception.


Dr. Tom Longstaff is currently on a two-year assignment as the Technical Director of the Systems Behavior group within the DoD National Security Agency. Prior to coming to NSA in 2012, Tom was the Chief Scientist for the Cyber Missions Branch of the Applied Physics Laboratory (APL). Tom is also the chair of the Computer Science, Information Assurance, and Information Systems Engineering Programs within the Whiting School at The Johns Hopkins University.



Email this pagePrint this page
Back to Top of page