The National Academies Press

Currently Skimming:

Research Topics and Funding
Pages 206-215

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 206... ... But with the establishment of the National Computer Security Center (NCSC) in the early 1980s, the DOD shifted its emphasis from basic research to the development and application of evaluation criteria and the development of applications that meet mission needs The specific focus of most DOD funding for basic research has been related to nondisclosure of information. Read the entire page →
From page 207... ... Although many of the topics proposed below are relevant to industrial research conducted independently or in collaboration with universities, the committee focused on the need to stimulate academic research. University-based research in computer security is at a dangerously low level.3 Whereas considerable research is being done on theoretical issues related to security for example, number theory, cryptology, and zero-knowledge proofs few research projects directly address the problem of achieving system security. Read the entire page →
From page 208... ... A PROPOSED AGENDA FOR RESEARCH TO ENHANCE COMPUTER SECURITY The committee identified several specific technical issues currently ripe for research. It is expected that the issues described will have aspects that are best addressed variously by universities, contractors, nonprofit research laboratories, government laboratories, and vendor laboratories. Read the entire page →
From page 209... ... , privacy assurance, and limitations on access in networks, to permit interconnection of mutually suspicious organizations. � Assurance techniques: The assurance techniques that can be applied to secure systems range from the impractical extremes of exhaustive testing to proofs of all functions and properties at all levels of a system. Read the entire page →
From page 210... ... For example, poor choice of passwords or failure to change default passwords is a common failure documented by Stoll (1989~. Research is needed in automating critical aspects of system operation' to assist system managers in avoiding security faults in this area. Read the entire page →
From page 211... ... NIST may be particularly effective, under its current regime, at organizing workshops that bring together researchers and practitioners and then widely disseminating the resulting workshop reports. Although federal agencies have traditionally been viewed as the primary source of funding for computer science research, many states, such as Texas, Virginia, and California, have substantial funding programs geared toward regional industry and academic needs. Read the entire page →
From page 212... ... A key role for NSF (and for DARPA, as well) , beyond specific funding of relevant projects, is to facilitate increased interaction between security specialists and specialists in related fields (such as distributed computing, safety, and fault-tolerant computing) Read the entire page →
From page 213... ... � Security interfaces: People experienced at writing careful specifications of interfaces and verifying high-level properties from these specifications should be encouraged to specify standardized interfaces to security services and to apply their techniques to the specification and analysis of high-level security properties. � Theoretical research: Theoretical work needs to be properly integrated in actual systems. Read the entire page →
From page 214... ... Although business schools have in the past shown little interest in security research, obvious study topics include: � Value of security: A current research topic in business schools is assessing information technology's actual value to an organization. As a part of these studies, it might be possible to develop models for the value of the security aspects of information technology from a business perspective, for example, drawing on the value of a corporate information base to be protected. Read the entire page →
From page 215... ... , a result of basic research oriented toward language design, compiler systems, and so on, appropriate for safetycritical systems; Software Certification On Programs in Europe (SCOPE) , which will define, experiment with, and validate an economic European software certification procedure applicable to all types of software and acceptable and legally recognized throughout Europe; and Demonstration of Advanced Reliability Techniques for Safetyrelated computer systems (DARTS) Read the entire page →

From page 206...

... But with the establishment of the National Computer Security Center (NCSC) in the early 1980s, the DOD shifted its emphasis from basic research to the development and application of evaluation criteria and the development of applications that meet mission needs The specific focus of most DOD funding for basic research has been related to nondisclosure of information.

Read the entire page →

From page 207...

... Although many of the topics proposed below are relevant to industrial research conducted independently or in collaboration with universities, the committee focused on the need to stimulate academic research. University-based research in computer security is at a dangerously low level.3 Whereas considerable research is being done on theoretical issues related to security for example, number theory, cryptology, and zero-knowledge proofs few research projects directly address the problem of achieving system security.

Read the entire page →

From page 208...

... A PROPOSED AGENDA FOR RESEARCH TO ENHANCE COMPUTER SECURITY The committee identified several specific technical issues currently ripe for research. It is expected that the issues described will have aspects that are best addressed variously by universities, contractors, nonprofit research laboratories, government laboratories, and vendor laboratories.

Read the entire page →

From page 209...

... , privacy assurance, and limitations on access in networks, to permit interconnection of mutually suspicious organizations. � Assurance techniques: The assurance techniques that can be applied to secure systems range from the impractical extremes of exhaustive testing to proofs of all functions and properties at all levels of a system.

Read the entire page →

From page 210...

... For example, poor choice of passwords or failure to change default passwords is a common failure documented by Stoll (1989~. Research is needed in automating critical aspects of system operation' to assist system managers in avoiding security faults in this area.

Read the entire page →

From page 211...

... NIST may be particularly effective, under its current regime, at organizing workshops that bring together researchers and practitioners and then widely disseminating the resulting workshop reports. Although federal agencies have traditionally been viewed as the primary source of funding for computer science research, many states, such as Texas, Virginia, and California, have substantial funding programs geared toward regional industry and academic needs.

Read the entire page →

From page 212...

... A key role for NSF (and for DARPA, as well) , beyond specific funding of relevant projects, is to facilitate increased interaction between security specialists and specialists in related fields (such as distributed computing, safety, and fault-tolerant computing)

Read the entire page →

From page 213...

... � Security interfaces: People experienced at writing careful specifications of interfaces and verifying high-level properties from these specifications should be encouraged to specify standardized interfaces to security services and to apply their techniques to the specification and analysis of high-level security properties. � Theoretical research: Theoretical work needs to be properly integrated in actual systems.

Read the entire page →

From page 214...

... Although business schools have in the past shown little interest in security research, obvious study topics include: � Value of security: A current research topic in business schools is assessing information technology's actual value to an organization. As a part of these studies, it might be possible to develop models for the value of the security aspects of information technology from a business perspective, for example, drawing on the value of a corporate information base to be protected.

Read the entire page →

From page 215...

... , a result of basic research oriented toward language design, compiler systems, and so on, appropriate for safetycritical systems; Software Certification On Programs in Europe (SCOPE) , which will define, experiment with, and validate an economic European software certification procedure applicable to all types of software and acceptable and legally recognized throughout Europe; and Demonstration of Advanced Reliability Techniques for Safetyrelated computer systems (DARTS)

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Research Topics and Funding Pages 206-215

Research Topics and Funding
Pages 206-215