Cybersecurity and Software Assurance Minitrack

Modern society is irreversibly dependent on software systems of astonishing scope and complexity. Yet despite best efforts, errors, vulnerabilities, failures, and compromises continue to persist. Networked systems with complex hardware and software components embody many pathways that adversaries can exploit. Experience shows that contemporary cybersecurity and software assurance methods are insufficient to meet this challenge. Each day, cybersecurity demands our attention. From working on laptops to loading apps on phones to evaluating the safety of software-enabled devices, we must decide how best to protect information and services in an enlightened approach that balances practical issues of cost and functionality. There is increasing recognition of the need for rigorous foundations for cybersecurity and software assurance. This minitrack focuses on how to enable development and application of these foundations. We ask: How should research and development move us toward a solid basis in understanding and principle? The goal is to develop science foundations, technologies, and practices that can improve the security and dependability of complex systems. This minitrack will bring together researchers in cybersecurity assurance in a multidisciplinary approach to these problems. Our minitrack invites work embracing multiple perspectives, levels of abstraction, and evaluation of best practices and policies that help us to understand and assure the security of complex systems. We welcome papers about tools and techniques in that apply scientific and rigorous approaches or reveal underlying commonalities and constructs.

The following topics will be included in the minitrack:

  • Security ecosystem
  • Designed-in security
  • Tailored trustworthy spaces
  • Moving target
  • Cyber economics
  • Science of security
  • Multivariate detection and response
  • Co-evolution of defense and offense
  • Biologically-inspired security models
  • Holistic risk analysis
  • Hardware-enabled trust
  • Layered adaptable defense
  • Real-time coordinated response
  • Automated system interoperability
  • Authentication in ecosystem
  • Practical use of continuous monitoring
  • Confidence in activity prediction
  • Security visualization and prediction
  • Theories of vulnerability classification and control
  • Security measurement
  • Advances in information assurance theory and practice
  • Advances in specification, design, and implementation of assured systems
  • Advances in verification, testing, and certification of assured systems
  • Advances in software security analysis
  • Assurance for embedded systems and hardware components
  • Assurance for large-scale infrastructure systems
  • Information and software assurance in cloud computing environments
  • Assurance in system maintenance and evolution
  • Automated methods for information and software assurance
  • Assurance through computation of software behavior
  • Management of assurance operations
  • Processes and metrics for information and software assurance
  • Business case and ROI development for information and software assurance
  • Supply chain and standards issues in information and software assurance
  • Case studies of system assurance successes
  • Software testing

Minitrack Co-Chairs:

Luanne Goldrich (Primary Contact)
Johns Hopkins University Applied Physics Lab

Richard George
Johns Hopkins University Applied Physics Lab

Thomas Llanso
Johns Hopkins APL

Browse the Collection