A Science of Cyber – Security?

Cyber-security today is focused largely on defending against known attacks. We learn about the latest attack and find a patch to defend against it. Our defenses thus improve only after they have been successfully penetrated. This is a recipe to ensure some attackers succeed—not a recipe for achieving system trustworthiness. We must move beyond reacting to yesterday’s attacks and instead start building systems whose trustworthiness derives from first principles. Yet, today we lack such a science base for cybersecurity. That science of security would have to include attacks, defense mechanisms, and security properties; its laws would characterize how these relate. This talk will discuss examples of such laws and suggest avenues for future exploration.

Speaker Details

Fred B. Schneider is Samuel B. Eckert Professor of Computer Science at Cornell University and chair of the department. He joined Cornell’s faculty in Fall 1978, having completed a Ph.D. at Stony Brook University and a B.S. in Engineering at Cornell in 1975.

Schneider’s research has focused on various aspects of trustworthy systems — systems that will perform as expected, despite failures and attacks. His early work concerned formal methods to aid in the design and implementation of concurrent and distributed systems that satisfy their specifications. He is author of two texts on that subject: On Concurrent Programming and (co-authored with D. Gries) A Logical Approach to Discrete Mathematics. He is also known for his research in theory and algorithms for building fault-tolerant distributed systems.

His paper on the “state machine approach” for managing replication received (in 2007) an SOSP “Hall of Fame” award for seminal research.

More recently, his interests have turned to system security. His work characterizing what policies can be enforced with various classes of defenses is widely cited, and it is seen as advancing the nascent science base for security. He is also engaged in research concerning legal and economic measures for improving system trustworthiness.

Schneider was elected Fellow of the American Association for the Advancement of Science (1992), the Association of Computing Machinery (1995), and the Institute of Electrical and Electronics Engineers (2008). He was named Professor-at-Large at the University of Tromso (Norway) in 1996 and was awarded a Doctor of Science honoris causa by the University of Newcastle-upon-Tyne in 2003 for his work in computer dependability and security. He received the 2012 IEEE Emanuel R. Piore Award for “contributions to trustworthy computing through novel approaches to security, fault-tolerance and formal methods for concurrent and distributed systems”. The U.S. National Academy of Engineering elected Schneider to membership in 2011, and the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010.

Schneider is a frequent consultant to industry, believing this to be an efficient method of technology transfer and a good way to learn about the real problems. He provides technical expertise in fault-tolerance and computer security to a variety of other firms, including Intel, Lincoln Laboratories, and Riskive. In addition, Schneider has testified about cybersecurity research at hearings of the US House of Representatives Armed Services Committee (subcommittee on Terrorism, Unconventional Threats, and Capabilities), as well as the Committee on Science and Technology (subcommittee on Technology and Innovation and subcommittee on Research and Science Education).

Watch Next