| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | July 6, 2010 |
| Latest Amendment Date: | July 6, 2010 |
| Award Number: | 1040356 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Jeremy Epstein
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | July 1, 2010 |
| End Date: | June 30, 2013 (Estimated) |
| Total Intended Award Amount: | $90,907.00 |
| Total Awarded Amount to Date: | $90,907.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
3 RUTGERS PLZ NEW BRUNSWICK NJ US 08901-8559 (848)932-0150 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
3 RUTGERS PLZ NEW BRUNSWICK NJ US 08901-8559 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | TRUSTWORTHY COMPUTING |
| Primary Program Source: |
|
| Program Reference Code(s): | |
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
The goal of the workshop is to foster long-lasting international
scientific collaborations to investigate the scientific foundations, design, and feasibility of a future
international cyber architecture. Such an architecture must allow for transnational data repositories
and be capable of enforcing both today's and future diverse security and privacy policies. Topics to
be addressed may include, among others, how to determine whether a set of privacy or access
control policies is consistent, whether it can be efficiently enforced, and if so what techniques are
most effective. Different data exchange applications will require tailored mechanisms that allow for
security, privacy, anonymity, and provenance to be maintained. Of particular interest are (1) data
concerning malware detection (attack signatures, number/pattern of compromised systems, botnet
membership, vulnerability pricing data, etc.), (2) network management data (traffic patterns,
headers, routing updates, etc.), (3) social network data (usage patterns within social networking
applications, status of data posted within these applications, etc.), as well as data from other
domains such as (4) healthcare data (electronic health records, including images, diagnostic notes,
laboratory reports, etc.), and (5) financial data (individual transactions, interbank transfers, credit
reporting, etc.).The workshop will consist of several keynote talks, panels, and breakout sessions.
In addition, information will be presented about funding opportunities to support international
research collaborations.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The primary activity of this project was the Second INCO-TRUST Workshop on International Cooperation in Security and Privacy, with a specific topic of International Data Exchange with Security and Privacy: Applications, Policy, Technology, and Use, held at the New York Academy of Science in New York City, May 3-5, 2010. The workshop was held in collaboration with the European INCO-TRUST project, to foster long-lasting international scientific collaborations to investigate the scientific foundations, design, and feasibility of a future international cyber architecture. (INCO refers to “International Collaboration” and TRUST refers to “trustworthy information and communication technology”.) Because the scope of cyberspace is global, it is critically important to have international communication and collaboration. The INCO-TRUST workshops were noted in the United States Strategic Plan for the Federal Cybersecurity Research and Development Program (http://www.whitehouse.gov/sites/default/files/microsites/ostp/fed_cybersecurity_rd_strategic_plan_2011.pdf) as an example mechanism for promoting and advancing the U.S. cybersecurity research and development plan.
The Second INCO-TRUST workshop had 45 participants from academia, industry, and research funding agencies from the United States, Europe, and other countries, and addressed issues of privacy, anonymity, provenance, transnational storage and dissemination, and ownership of data. The workshop addressed both technology challenges for trustworthy data exchange as well as the complexities resulting from diverse transnational policies, legal aspects, and cultural and societal considerations of use of information and data. The key recommendations and conclusions of the workshop were the following:
- There is a continuing need for research and development of the technical components of secure and private data repositories. These include a number of steps related to representing and structuring data; representing and understanding policies; architectures and policy enforcement; and developing specific testbeds.
- International collaboration is critical to ensure that solutions can operate across national and cultural boundaries.
- A potential cooperation could take the form of working together on a framework for an International Cyber Data Exchange System. This would not only benefit the U.S. and the European Union, but could also expand to support broad transnational data exchange, for example among all OECD countries.
- There is a need for expressing national and local policies in order to enable automated comparison, negotiation, and merging across international borders.
- The international research community must work together on mechanisms that enable policy enforcement or assurance of compliance, enabling accountability.
- Identification and establishment of collaborative, context-specific, automated and non-automated common trust models (“virtual organization”) in concrete scenarios are needed in order to provide better understanding of challenges of international data exchange in general and to support current and future collaborative research efforts in computer security (malware, attack data, etc.).
- It is necessary to develop models and mechanisms for information and knowledge exchange, not just data exchange. Among other benefits, this would facilitate reasoning about and compliance with legal and policy requirements.
The workshop web site, including a complete workshop report, can be found at Please report errors in award information by writing to: awardsearch@nsf.gov.
