[Federal Register Volume 76, Number 162 (Monday, August 22, 2011)]
[Pages 52353-52354]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2011-21350]



Assumption Buster Workshop: ``Current Implementations of Cloud 
Computing Indicate a New Approach to Security''

AGENCY: The National Coordination Office (NCO) for the Networking and 
Information Technology Research and Development (NITRD) Program, 
National Science Foundation.

ACTION: Call for participation.



DATES: Workshop: October 21, 2011; Deadline: September 21, 2011. Apply 
via e-mail to [email protected]. Travel expenses will be paid 
for selected participants who live more than 50 miles from Washington, 
DC, up to the limits established by Federal Government travel 
regulations and restrictions.
SUMMARY: The NCO, on behalf of the Special Cyber Operations Research 
and Engineering (SCORE) Committee, an interagency working group that 
coordinates cyber security research activities in support of national 
security systems, is seeking expert participants in a day-long workshop 
on the pros and cons of the Security of Distributed Data Schemes. The 
workshop will be held October 21, 2011 in Gaithersburg, MD. 
Applications will be accepted until 5 p.m. EST September 21, 2011. 
Accepted participants will be notified by October 1, 2011.

    Overview: This notice is issued by the National Coordination Office 
for the Networking and Information Technology Research and Development 
(NITRD) Program on behalf of the SCORE Committee.
    Background: There is a strong and often repeated call for research 
to provide novel cyber security solutions. The rhetoric of this call is 
to elicit new solutions that are radically different from existing 
solutions. Continuing research that achieves only incremental 
improvements is a losing proposition.
    We are lagging behind and need technological leaps to get, and 
keep, ahead of adversaries who are themselves rapidly improving attack 
technology. To answer this call, we must examine the key assumptions 
that underlie current security architectures. Challenging those 
assumptions both opens up the possibilities for novel solutions and 
provides an even stronger basis for moving forward on those assumptions 
that are well-founded. The SCORE Committee is conducting a series of 
four workshops to begin the assumption buster process. The assumptions 
that underlie this series are as follows: Cyber space is an adversarial 
domain; the adversary is tenacious, clever, and capable; and re-
examining cyber security solutions in the context of these assumptions 
will result in key insights that will lead to the novel solutions we 
desperately need. To ensure that our discussion has the requisite 
adversarial flavor, we are inviting researchers who develop solutions 
of the type under discussion, and researchers who exploit these 
solutions. The goal is to engage in robust debate of topics generally 
believed to be true to determine to what extent that claim is 
warranted. The adversarial nature of these debates is meant to ensure 
the threat environment is reflected in the discussion in order to 
elicit innovative research concepts that will have a greater chance of 
having a sustained positive impact on our cyber security posture.
    The fourth topic to be explored in this series is cloud computing. 
The workshop on this topic will be held in Gaithersburg, MD on October 
21, 2011.
    Assertion: ``Current implementations of cloud computing indicate a 
new approach to security''
    Implementations of cloud computing have provided new ways of 
thinking about how to secure data and computation. Cloud is a platform 
upon which we leverage various opportunities to improve the way in 
which we think about and implement the practices and technology needed 
to secure the things that matter most to us. Current implementations of 
cloud computing security take advantage of the unique capabilities and 
architectures of cloud computing (e.g. scale).
    Working from this assertion, we want researchers and cloud 
implementers to submit, as part of your application to participate in 
the October 21st Assumption Buster Workshop, a one-page paper stating 
your opinion of the assertion and outlining your key thoughts on the 
topic. Below are some additional areas to explore stated specifically 
in strong language supportive of the assertion.

--Controls on provider side, controls on the subscribe-side, and 
controls of the shared space in cloud implementations can be defined in 
ways that allow for a comprehensive view of the cloud security 
landscape to displayed and managed.
--A common security risk model can be leveraged when assessing cloud 
computing services and products, and use of this model provides a 
consistent baseline for Cloud based technologies.
--Cloud computing security is a natural fit when examined against the 
Federal cybersecurity research themes focused on designed-in-security, 
tailored trustworthy spaces, moving target, and cyber economic 
incentives. These themes will be best demonstrated using Cloud 
--Opportunities exist to create existence proofs for specific security 
improvements such as minimal kernels that can be formally verified 
which could provide a stronger basis for virtual machines.
--We can establish a trust boundary remote-control that allows a cloud 
customer to directly control system boundaries.
--Credible explications of security priorities are possible thus 
enabling customers to obtain a complete picture and insight into the 
security offered by their cloud implementation.
--Cloud customers are able to measure the strength of the logical 

[[Page 52354]]

of their cloud data from the other customers.

    In this workshop, we will explore whether, or in what 
circumstances, this confidence is warranted.

How To Apply

    If you would like to participate in this workshop, please submit 
(1) a resume or curriculum vita of no more than two pages which 
highlights your expertise in this area and (2) a one-page paper stating 
your opinion of the assertion and outlining your key thoughts on the 
topic. The workshop will accommodate no more than 60 participants, so 
these brief documents need to make a compelling case for your 
    Applications should be submitted electronically via e-mail to 
[email protected] no later than 5 p.m. EST on September 21, 
    Selection and Notification: The SCORE committee will select an 
expert group that reflects a broad range of opinions on the assertion. 
Accepted participants will be notified by e-mail no later than October 
1, 2011. We cannot guarantee that we will contact individuals who are 
not selected, though we will attempt to do so unless the volume of 
responses is overwhelming.

    Dated: August 17, 2011.
Suzanne H. Plimpton,
Reports Clearance Officer, National Science Foundation.
[FR Doc. 2011-21350 Filed 8-19-11; 8:45 am]