Systems Security Engineering Roadmap


Principal Investigator: Dr. Jennifer Bayuk, Stevens Institute of Technology (Jennifer.Bayuk@stevens.edu)

Timeframe:  November 2009 to September 2010

Category:  Trusted Systems


Description

Objectives: Security Methods, Processes, and Tools (MPTs) have emerged over time in response to new threats and risks to enterprise assets. Physical security MPTs have evolved over time to protect facilities and installations as well as to detect or deter physical harm. Computer and communications security MPTs have similarly evolved. Protection and detection measures have been systematically applied to electronic information, both network and locally accessed. The ever-increasing level of the cyber dimension to physical systems, including physical security systems, has made cybersecurity the main focus of systems security research. As the number and complexity of different types of security threats and risks have grown, systems security MPTs have grown correspondingly complex. Since 1997, the lack of a coordinated systems strategy has been repeatedly identified as a subject requiring a national research agenda. Published research strategies tend to concentrate on hard problems in systems security. The challenge is meant to mirror the gauntlet of canonical hard math problems presented by Hilbert to the International Congress of Mathematicians in Paris in 1900. None of the problems are expected to be immediately solved, but rather to be studied by everyone as the path to advancing the profession. The current hard problems in systems security are: scalable trustworthy systems, enterprise-level metrics, system evaluation life cycle, combating insider threats, combating malware and botnets, global-scale identity management, survivability of time-critical systems, situational understanding and attack attribution, provenance of information, systems, and hardware, privacy-aware security, and usable security

Approach: Prepare a series of White Papers that address: Security Definition, Security Metrics, Security Framework, and Human Capital. These White Papers will form the basis for an invitation-only Workshop to flush out the research agenda along the 6 thrust areas, expanding the initial 4 to Methods and Tools, and Special/Advanced Research topics. A cross section of approximately 30 experts will be invited from SERC institutions, key government and industry stakeholders and thought leaders to vet the White Papers and to develop a research roadmap, which will likely spawn multiple, coordinated research projects.

Application: Department of Defense (DoD) and Intelligence Community (IC) senior management may use the roadmap as an investment guide to address Security SE research gaps.

Significant Research Findings & Products: The roadmap articulates where additional investment can be made to address the hard problems.

Deliverables

Publications

Publications:  

  • Bayuk, J., Horowitz, B. “An Architectural Systems Engineering Methodology for Addressing Cyber Security”, INCOSE Systems Engineering Journal, 2011.
  • Bayuk, J. “The utility of security standards”, Proceedings of the 44th Annual IEEE International Carnahan Conference on Security Technology, October 15, 2010.

Research Team

Researchers:

  • Jennifer Bayuk, Stevens Institute of Technology
  • Dennis Barnabe, NSA/ESEA
  • Jonathan Goodnight, OUSD(AT&L)/DDRE/SE
  • Drew Hamilton, Auburn University
  • Barry Horowitz, University of Virginia
  • Clifford Neuman, University of Southern California
  • Stas’ Tarchalski, Stevens Institute of Technology

Collaborating Institutions

Project Researchers