Barriers to the Science of Security
To register for this meeting: https://mmancusa.webex.com/mmancusa/j.php?ED=178680707&RG=1&UID=0&RT=MiMxMQ%3D%3D
In the past few years, there has been significant interest in promoting the idea of applying scientific principles to information security. The main point made by information security professionals who brief at workshops and conferences seems to be that our field of information security is finally mature enough to begin making significant strides towards applying the scientific approach. Reports such as the Jasonís report on the Science of Security point to examples and approaches we should take to achieve success in applying science to security. Audiences everywhere enthusiastically agree and thrash themselves for bypassing science all along, bemoaning the fact that we could be "so much further along" if we only did science. Of course, after the presentation is over, everyone goes back to the methods that have been used throughout our generation to create prototypes and tools with no regard for the scientific principles involved. Why? In this presentation, I explore the barriers to adopting a scientific approach to experimental information security projects, including:
- time to publish as a primary driver
- standard of peer reviews in conferences and journals
- expectation of a breakthrough in every publication
Based on overcoming these issues, I will explore a more practical way by focusing on changes in attitudes and processes necessary for science of security to become more the rule than the exception.
Dr. Tom Longstaff is currently on a two-year assignment as the Technical Director of the Systems Behavior group within the DoD National Security Agency. Prior to coming to NSA in 2012, Tom was the Chief Scientist for the Cyber Missions Branch of the Applied Physics Laboratory (APL). Tom is also the chair of the Computer Science, Information Assurance, and Information Systems Engineering Programs within the Whiting School at The Johns Hopkins University.