Community-Building Workshop on Programmable System Security in a Software-Defined World

软件定义世界中的可编程系统安全社区建设研讨会

• 批准号: 1841099
• 负责人: Guofei Gu
• 金额: $ 0.15万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-01 至 2020-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1841099&HistoricalAwards=false
• 关键词: Community; Building; Workshop; Programmable; System

This workshop brings together networking, systems, and security researchers to discuss and establish a vision for programmable security in modern software-defined infrastructures (e.g., cloud, Internet-of-Things, or edge computing environments). The output of the workshop will be a public report documenting the discussions and a set of recommendations on research directions and frontiers. The workshop and the report will stimulate research collaboration and the creation of a common research vision between disparate communities.We increasingly live in a software-defined world where systems that were once implemented as rigid control systems or fixed-function hardware systems are now highly programmable through software interfaces that decouple underlying hardware details and offer remote control and centralized management. Early examples of software-defined systems (SD-X) include multi-tenant clouds, software-defined networking (SDN), network functions virtualization (NFV), software-defined infrastructure (SDI), and software-defined radios (SDR). While SD-X technologies have rapidly proliferated within industry and received considerable systems research attention, the paradigm has not been fully exploited in approaching a wide array of important security challenges. The objective of this workshop is to identify those research challenges and opportunities to exploit SD-X approaches in making system security more programmable, agile, orchestrated, and intelligent. This workshop creates a much-needed opportunity for a cross-cutting group of researchers to fill out the vision of what programmable security based on SD-X could be, including research challenges, long-term visions, and key issues. In the process, this workshop will promote a more focused community and vision where traditionally disparate communities previously worked in isolation and without a more ambitious system security vision within the context of complex software-defined infrastructures. The workshop report will be made available to the public via the workshop website. Broad directions to be considered by the workshop attendees include, but are not limited to: (1) new abstractions for data/control planes aimed specifically at security, (2) new architectures that integrate diverse SD-X domains (networking, processing, storage, etc.) for a more powerful and comprehensive security framework, (3) new programming and language paradigms for programmable security, (4) a better understanding of attack surfaces and adversarial methods within modern software-defined infrastructures, (5) new formal and experimental methodologies for reasoning about software-defined security, (6) the integration of emerging Artificial Intelligence/Machine Learning and data-driven capabilities into programmable system security, (7) new applications paradigms that exploit programmable paradigms in innovative ways, and (8) the application of programmable security approaches to emerging platforms and infrastructure domains. Overall, workshop participants will help to build community and define the vision of a new generation of security technologies in the rapidly expanding world of software-defined infrastructures and devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该研讨会汇集了网络，系统和安全研究人员，讨论并建立现代软件定义基础设施中可编程安全的愿景（例如，云、物联网或边缘计算环境）。研讨会的成果将是一份公开报告，记录讨论情况和一套关于研究方向和前沿的建议。研讨会和报告将促进研究合作，并在不同的社区之间建立共同的研究愿景。我们越来越多地生活在一个软件定义的世界里，曾经作为刚性控制系统或固定功能硬件系统实现的系统现在通过软件接口高度可编程，将底层硬件细节解耦，并提供远程控制和集中管理。软件定义系统（SD-X）的早期示例包括多租户云、软件定义网络（SDN）、网络功能虚拟化（NFV）、软件定义基础设施（SDI）和软件定义无线电（SDR）。虽然SD-X技术在行业内迅速扩散，并得到了相当多的系统研究关注，但在应对各种重要的安全挑战时，该范式尚未得到充分利用。本次研讨会的目的是确定这些研究挑战和机会，利用SD-X方法使系统安全性更加可编程，敏捷，协调和智能。 本次研讨会为跨领域的研究人员创造了一个急需的机会，以填补基于SD-X的可编程安全的愿景，包括研究挑战，长期愿景和关键问题。在此过程中，本次研讨会将促进一个更有针对性的社区和愿景，传统上不同的社区以前孤立地工作，在复杂的软件定义基础设施的背景下没有更雄心勃勃的系统安全愿景。 研讨会报告将通过研讨会网站向公众提供。研讨会与会者将考虑的广泛方向包括但不限于：（1）专门针对安全性的数据/控制平面的新抽象，（2）集成不同SD-X域（网络，处理，存储等）的新架构。更强大和全面的安全框架，（3）新的编程和语言范式，可编程安全，（4）更好地理解现代软件定义基础设施中的攻击面和对抗方法，（5）新的正式和实验方法，用于推理软件定义安全，（6）将新兴的人工智能/机器学习和数据驱动能力整合到可编程系统安全中，（7）以创新方式利用可编程范例的新应用范例，以及（8）将可编程安全方法应用于新兴平台和基础设施领域。总体而言，研讨会的参与者将帮助建立社区，并在软件定义的基础设施和设备的快速发展的世界中定义新一代安全技术的愿景。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。