Fundamental Laws and Limits of Cyber Security
Abstract
(U) Based on advances from the Foundational Computer Science program, the Fundamental Laws and Limits of Cyber Security program seeks to establish a framework of fundamental laws and limits governing cyber security, which enables pro-active approaches to the complex task of making cyber systems secure. Research in this area focuses on creating a fundamental theory of security-oriented system complexity and a methodology for applying the theory to practical challenges of system security for systems ranging from simple programs on a single computer to large-scale distributed applications. Currently there is little understood on how to measure the efficiency of the huge variety of ad-hoc methods for improving system security and on how to know which of these methods should be used in each particular case. Therefore, the design, development, and integration of secure cyber systems are a continuous, evolving process. U.S. military computing systems are continuously vulnerable to malicious cyber attacks. This program’s framework provides military planners the guidance on pro-active decision-making in system design, implementation, and deployment. The key steps in this effort include: 1) development of complexity-based metrics that would directly measure how hard it would be for system developers/integrators to create a system that would be free of security holes; 2) development of a security-oriented complexity hierarchy; 3) development of the requisite theory that would help explain how the system design and implementation affects the metrics; and 4) creation of a methodology for applying the theory to practical systems.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2011
- Source ID
- a55365a768b92466f11cfc15627e180b