[Federal Register Volume 76, Number 162 (Monday, August 22, 2011)] [Notices] [Pages 52353-52354] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 2011-21350] ======================================================================= ----------------------------------------------------------------------- NATIONAL SCIENCE FOUNDATION Assumption Buster Workshop: ``Current Implementations of Cloud Computing Indicate a New Approach to Security'' AGENCY: The National Coordination Office (NCO) for the Networking and Information Technology Research and Development (NITRD) Program, National Science Foundation. ACTION: Call for participation. ----------------------------------------------------------------------- FOR FURTHER INFORMATION CONTACT: [email protected]. DATES: Workshop: October 21, 2011; Deadline: September 21, 2011. Apply via e-mail to [email protected]. Travel expenses will be paid for selected participants who live more than 50 miles from Washington, DC, up to the limits established by Federal Government travel regulations and restrictions. SUMMARY: The NCO, on behalf of the Special Cyber Operations Research and Engineering (SCORE) Committee, an interagency working group that coordinates cyber security research activities in support of national security systems, is seeking expert participants in a day-long workshop on the pros and cons of the Security of Distributed Data Schemes. The workshop will be held October 21, 2011 in Gaithersburg, MD. Applications will be accepted until 5 p.m. EST September 21, 2011. Accepted participants will be notified by October 1, 2011. SUPPLEMENTARY INFORMATION: Overview: This notice is issued by the National Coordination Office for the Networking and Information Technology Research and Development (NITRD) Program on behalf of the SCORE Committee. Background: There is a strong and often repeated call for research to provide novel cyber security solutions. The rhetoric of this call is to elicit new solutions that are radically different from existing solutions. Continuing research that achieves only incremental improvements is a losing proposition. We are lagging behind and need technological leaps to get, and keep, ahead of adversaries who are themselves rapidly improving attack technology. To answer this call, we must examine the key assumptions that underlie current security architectures. Challenging those assumptions both opens up the possibilities for novel solutions and provides an even stronger basis for moving forward on those assumptions that are well-founded. The SCORE Committee is conducting a series of four workshops to begin the assumption buster process. The assumptions that underlie this series are as follows: Cyber space is an adversarial domain; the adversary is tenacious, clever, and capable; and re- examining cyber security solutions in the context of these assumptions will result in key insights that will lead to the novel solutions we desperately need. To ensure that our discussion has the requisite adversarial flavor, we are inviting researchers who develop solutions of the type under discussion, and researchers who exploit these solutions. The goal is to engage in robust debate of topics generally believed to be true to determine to what extent that claim is warranted. The adversarial nature of these debates is meant to ensure the threat environment is reflected in the discussion in order to elicit innovative research concepts that will have a greater chance of having a sustained positive impact on our cyber security posture. The fourth topic to be explored in this series is cloud computing. The workshop on this topic will be held in Gaithersburg, MD on October 21, 2011. Assertion: ``Current implementations of cloud computing indicate a new approach to security'' Implementations of cloud computing have provided new ways of thinking about how to secure data and computation. Cloud is a platform upon which we leverage various opportunities to improve the way in which we think about and implement the practices and technology needed to secure the things that matter most to us. Current implementations of cloud computing security take advantage of the unique capabilities and architectures of cloud computing (e.g. scale). Working from this assertion, we want researchers and cloud implementers to submit, as part of your application to participate in the October 21st Assumption Buster Workshop, a one-page paper stating your opinion of the assertion and outlining your key thoughts on the topic. Below are some additional areas to explore stated specifically in strong language supportive of the assertion. --Controls on provider side, controls on the subscribe-side, and controls of the shared space in cloud implementations can be defined in ways that allow for a comprehensive view of the cloud security landscape to displayed and managed. --A common security risk model can be leveraged when assessing cloud computing services and products, and use of this model provides a consistent baseline for Cloud based technologies. --Cloud computing security is a natural fit when examined against the Federal cybersecurity research themes focused on designed-in-security, tailored trustworthy spaces, moving target, and cyber economic incentives. These themes will be best demonstrated using Cloud Computing. --Opportunities exist to create existence proofs for specific security improvements such as minimal kernels that can be formally verified which could provide a stronger basis for virtual machines. --We can establish a trust boundary remote-control that allows a cloud customer to directly control system boundaries. --Credible explications of security priorities are possible thus enabling customers to obtain a complete picture and insight into the security offered by their cloud implementation. --Cloud customers are able to measure the strength of the logical separation [[Page 52354]] of their cloud data from the other customers. In this workshop, we will explore whether, or in what circumstances, this confidence is warranted. How To Apply If you would like to participate in this workshop, please submit (1) a resume or curriculum vita of no more than two pages which highlights your expertise in this area and (2) a one-page paper stating your opinion of the assertion and outlining your key thoughts on the topic. The workshop will accommodate no more than 60 participants, so these brief documents need to make a compelling case for your participation. Applications should be submitted electronically via e-mail to [email protected] no later than 5 p.m. EST on September 21, 2011. Selection and Notification: The SCORE committee will select an expert group that reflects a broad range of opinions on the assertion. Accepted participants will be notified by e-mail no later than October 1, 2011. We cannot guarantee that we will contact individuals who are not selected, though we will attempt to do so unless the volume of responses is overwhelming. Dated: August 17, 2011. Suzanne H. Plimpton, Reports Clearance Officer, National Science Foundation. [FR Doc. 2011-21350 Filed 8-19-11; 8:45 am] BILLING CODE 7555-01-P