[Federal Register Volume 76, Number 59 (Monday, March 28, 2011)]
[Notices]
[Pages 17158-17159]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-7173]


=======================================================================
-----------------------------------------------------------------------

NATIONAL SCIENCE FOUNDATION


Assumption Buster Workshop: Distributed Data Schemes Provide 
Security

AGENCY: The National Coordination Office (NCO) for the Networking and 
Information Technology Research and Development (NITRD) Program.

ACTION: Call for participation.

-----------------------------------------------------------------------

FOR FURTHER INFORMATION CONTACT: [email protected].

DATES: Workshop: May 17, 2011; Deadline: April 15, 2011. Apply via e-
mail to [email protected]. Travel expenses will be paid for 
selected participants who live more than 50 miles from Washington, DC, 
up to the limits established by Federal Government travel regulations 
and restrictions.
SUMMARY: The NCO, on behalf of the Special Cyber Operations Research 
and Engineering (SCORE) Committee, an interagency working group that 
coordinates cyber security research activities in support of national 
security systems, is seeking expert participants in a day-long workshop 
on the pros and cons of the Security of Distributed Data Schemes. The 
workshop will be held May 17, 2011 in Gaithersburg, MD. Applications 
will be accepted until 5 p.m. EST April 15, 2011. Accepted participants 
will be notified by April 27, 2011.

SUPPLEMENTARY INFORMATION:
    Overview: This notice is issued by the National Coordination Office 
for the Networking and Information Technology Research and Development 
(NITRD) Program on behalf of the SCORE Committee.
    Background: There is a strong and often repeated call for research 
to provide novel cyber security solutions. The rhetoric of this call is 
to elicit new solutions that are radically different from existing 
solutions. Continuing research that achieves only incremental 
improvements is a losing proposition.
    We are lagging behind and need technological leaps to get, and 
keep, ahead of adversaries who are themselves rapidly improving attack 
technology. To answer this call, we must examine the key assumptions 
that underlie current security architectures. Challenging those 
assumptions both opens up the possibilities for novel solutions that 
are rooted in a fundamentally different understanding of the problem 
and provides an even stronger basis for moving forward on those 
assumptions that are well-founded. The SCORE Committee is conducting a 
series of four workshops to begin the assumption buster process. The 
assumptions that underlie this series are that cyber space is an 
adversarial domain, that the adversary is tenacious, clever, and 
capable, and that re-examining cyber security solutions in the context 
of these assumptions will result in key insights that will lead to the 
novel solutions we desperately need. To ensure that our discussion has 
the requisite adversarial flavor, we are inviting researchers who

[[Page 17159]]

develop solutions of the type under discussion, and researchers who 
exploit these solutions. The goal is to engage in robust debate of 
topics generally believed to be true to determine to what extent that 
claim is warranted. The adversarial nature of these debates is meant to 
ensure the threat environment is reflected in the discussion in order 
to elicit innovative research concepts that will have a greater chance 
of having a sustained positive impact on our cyber security posture.
    The third topic to be explored in this series is ``Distributed Data 
Schemes Provide Security.'' The workshop on this topic will be held in 
Gaitherburg, MD on May 17, 2011.
    Assertion: ``Distributed Data Schemes Provide Security''.
    Distributed data architectures, such as cloud computing, offer very 
attractive cost savings and provide new means of large scale analysis 
and information sharing. There has been much discussion about securing 
such architectures, and it is generally felt that distribution, and the 
replication that is usually associated with it, provides some inherent 
protection; adversaries will have difficulty locating your data in the 
cloud, and by breaking it up and replicating different segments 
throughout the platform we send the adversary on a wild goose chase to 
find and reassemble all the relevant bits. It is also felt that 
cryptographic mechanisms like bound tags, encryption, and keyed access 
control can be used to develop distributed platforms with a high level 
of assurance. There are several applications of distributed 
architectures that offer non-sensitive peer to peer TV services. 
Applications are also offered for potentially sensitive uses like 
document collaboration. Yet it is unclear whether these applications 
can safely be extended to highly sensitive uses. Could we readily 
support a distributed electronic health care system that securely 
supports ad hoc consultations or remote surgery with full access to 
patient history while protecting patient privacy, for example?
    To answer this question we need to take a closer look at the 
protection provided inherently and cryptographically. With respect to 
the former, we must think about how the architecture can be designed to 
provide secure availability to friend and not foe. We must examine the 
impact of the design for security, resilience, and availability and 
understand the trades we are implicitly making among these attributes. 
We must consider whether the data about data that is required by these 
architectures introduces a new data risk. We must think about the 
multiplicity of paths provide by these architectures. We must figure 
how to do risk analysis on a system when key information like data 
location is unavailable by design. With respect to the latter, we must 
consider whether the key management strategy is robust enough to 
operate in a distributed architecture. We have to think about the 
assurance of tag binding and access update and revocation. We must 
consider the vulnerabilities of the platforms that host the 
cryptographic mechanisms and the distribution of those functions in the 
architecture.
    In this workshop, we will explore the implications of distributed 
data on security. We will consider what effect the introduction of the 
notion of a determined adversary has on our analysis of data security 
requirements. In the first session, we will discuss the properties of 
distributed platforms that are thought to make such architectures 
inherently more secure. In the second, we will discuss the issue of 
cryptography and distributed platforms.

How To Apply

    If you would like to participate in this workshop, please submit 
(1) a resume or curriculum vita of no more than two pages which 
highlights your expertise in this area and (2) a one-page paper stating 
your opinion of the assertion and outlining your key thoughts on the 
topic. The workshop will accommodate no more than 60 participants, so 
these brief documents need to make a compelling case for your 
participation.
    Applications should be submitted to [email protected] no 
later than 5 p.m. EST on April 15, 2011.
    Selection and Notification: The SCORE committee will select an 
expert group that reflects a broad range of opinions on the assertion. 
Accepted participants will be notified by e-mail no later than April 
27, 2011. We cannot guarantee that we will contact individuals who are 
not selected, though we will attempt to do so unless the volume of 
responses is overwhelming.

    Submitted by the National Science Foundation for the National 
Coordination Office (NCO) for Networking and Information Technology 
Research and Development (NITRD) on March 18, 2011.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2011-7173 Filed 3-25-11; 8:45 am]
BILLING CODE 7555-01-P