Community-Building Workshop on Programmable System Security in a Software-Defined World

软件定义世界中的可编程系统安全社区建设研讨会

• 批准号: 1841099
• 负责人: Guofei Gu
• 金额: $ 0.15万
• 依托单位: Texas A&M Engineering Experiment Station
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-01 至 2020-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1841099&HistoricalAwards=false
• 关键词: Community; Building; Workshop; Programmable; System

This workshop brings together networking, systems, and security researchers to discuss and establish a vision for programmable security in modern software-defined infrastructures (e.g., cloud, Internet-of-Things, or edge computing environments). The output of the workshop will be a public report documenting the discussions and a set of recommendations on research directions and frontiers. The workshop and the report will stimulate research collaboration and the creation of a common research vision between disparate communities.We increasingly live in a software-defined world where systems that were once implemented as rigid control systems or fixed-function hardware systems are now highly programmable through software interfaces that decouple underlying hardware details and offer remote control and centralized management. Early examples of software-defined systems (SD-X) include multi-tenant clouds, software-defined networking (SDN), network functions virtualization (NFV), software-defined infrastructure (SDI), and software-defined radios (SDR). While SD-X technologies have rapidly proliferated within industry and received considerable systems research attention, the paradigm has not been fully exploited in approaching a wide array of important security challenges. The objective of this workshop is to identify those research challenges and opportunities to exploit SD-X approaches in making system security more programmable, agile, orchestrated, and intelligent. This workshop creates a much-needed opportunity for a cross-cutting group of researchers to fill out the vision of what programmable security based on SD-X could be, including research challenges, long-term visions, and key issues. In the process, this workshop will promote a more focused community and vision where traditionally disparate communities previously worked in isolation and without a more ambitious system security vision within the context of complex software-defined infrastructures. The workshop report will be made available to the public via the workshop website. Broad directions to be considered by the workshop attendees include, but are not limited to: (1) new abstractions for data/control planes aimed specifically at security, (2) new architectures that integrate diverse SD-X domains (networking, processing, storage, etc.) for a more powerful and comprehensive security framework, (3) new programming and language paradigms for programmable security, (4) a better understanding of attack surfaces and adversarial methods within modern software-defined infrastructures, (5) new formal and experimental methodologies for reasoning about software-defined security, (6) the integration of emerging Artificial Intelligence/Machine Learning and data-driven capabilities into programmable system security, (7) new applications paradigms that exploit programmable paradigms in innovative ways, and (8) the application of programmable security approaches to emerging platforms and infrastructure domains. Overall, workshop participants will help to build community and define the vision of a new generation of security technologies in the rapidly expanding world of software-defined infrastructures and devices.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该研讨会将网络、系统和安全研究人员聚集在一起，讨论并建立现代软件定义的基础设施(例如，云、物联网或边缘计算环境)中的可编程安全愿景。讲习班的成果将是一份公开报告，记录讨论情况，并就研究方向和前沿提出一系列建议。研讨会和报告将促进不同社区之间的研究协作和创建共同的研究愿景。我们越来越多地生活在软件定义的世界中，曾经作为僵化控制系统或固定功能硬件系统实施的系统现在通过软件接口高度可编程，这些接口分离底层硬件细节并提供远程控制和集中管理。软件定义系统(SD-X)的早期示例包括多租户云、软件定义网络(SDN)、网络功能虚拟化(NFV)、软件定义基础设施(SDI)和软件定义无线电(SDR)。虽然SD-X技术在工业中迅速扩散，并受到相当大的系统研究关注，但在应对一系列重要的安全挑战方面，该范例尚未得到充分利用。本次研讨会的目标是确定这些研究挑战和机会，以利用SD-X方法使系统安全更具可编程性、灵活性、协调性和智能性。此次研讨会为交叉研究人员小组提供了一个亟需的机会，以完善基于SD-X的可编程安全的愿景，包括研究挑战、长期愿景和关键问题。在这一过程中，该讲习班将促进一个更有重点的社区和愿景，在这些社区中，传统上截然不同的社区以前在复杂的软件定义的基础设施的背景下孤立地工作，没有更雄心勃勃的系统安全愿景。研讨会报告将通过研讨会网站向公众提供。研讨会与会者要考虑的主要方向包括但不限于：(1)专门针对安全的数据/控制平面的新抽象，(2)集成不同SD-X域(网络、处理、存储等)的新架构。(4)更好地理解现代软件定义的基础设施内的攻击面和对抗方法，(5)关于软件定义的安全的推理的新的正式和实验方法，(6)将新兴的人工智能/机器学习和数据驱动的能力整合到可编程系统安全中，(7)以创新方式利用可编程安全模式的新的应用程序范式，以及(8)将可编程安全方法应用于新兴平台和基础设施领域。总体而言，研讨会参与者将帮助在快速扩张的软件定义基础设施和设备的世界中建立社区并定义新一代安全技术的愿景。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。