This proposal, planning a workshop to examine questions regarding the security of the cyber infrastructure, aims at gathering the main infrastructure security stakeholders with interdisciplinary expertise on data access, information security, computer network security, data and database security, privacy, and data confidentiality to provide insights and directions toward future strategies for protecting the infrastructure. With the goal of strengthening the security of the infrastructure at all levels, the workshop seeks to determine what questions have to be answered for short and long-term strategies to be successful. Looking at both technical and policy issues and the interaction between the two, the work addresses fundamental questions of infrastructure protection.
Computer security has three main thrusts: Confidentiality, Integrity, and Availability (CIA). Security of Infrastructure involves the dynamic interaction of many components and at different levels: Authentication, Authorization, Access control, Auditing, and Assurance (AAAAA). Many questions illustrating the need for security in the infrastructure remain open. Hence, highlights include: * How security in the infrastructure should be defined and measured * How security policies should be defined, whose security policies should apply to various infrastructure components, and how policies should be reconciled when necessary * How trust should be assigned to messages that control routing throughout the network, etc. Additionally, the workshop may also look into: * The role that academic infrastructure can play in providing a secure infrastructure, * Partnerships between agencies and managers of infrastructure systems that may facilitate the creation of a secure world-wide infrastructure, and * Partnerships required ensuring that the technological and computer and information science research challenges can be met.
Broader Impact: Since the infrastructure of the Internet, albeit fragile, underlies the fabric of most people's lives, economy of many organizations, companies, and nations, the workshop expects to present a set of strategies for strengthening security of infrastructure and a set of questions to guide their implementation. The workshop is expected to contribute in attaining sufficient assurance to lead to a desired level of confidence in the infrastructure and the tools and technologies that support it.
