Keynote I (Monday, 9/28/2015, 9:00am-10:00am)

Speaker: Adrian Perrig, ETH & CMU

Title: Towards a Next-generation Secure Internet Architecture

The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the current state of safety and availability of the Internet is far from commensurate given its importance.                       

Although we cannot conclusively determine what the impact of a 1-minute, 1-hour, 1-day, or 1-week outage of Internet connectivity on our society would be, anecdotal evidence indicates that even short outages have a profound negative impact on governmental, economic, and societal operations. To make matters worse, the Internet has not been designed for high availability in the face of malicious actions by adversaries. Recent patches to improve Internet security and availability have been constrained by the current Internet architecture, business models, and legal aspects. Moreover, there are fundamental design decisions of the current Internet that inherently complicate secure operation.                     
Given the diverse nature of constituents in today's Internet, another important challenge is how to scale authentication of entities (e.g., AS ownership for routing, name servers for DNS, or domains for TLS) to a global environment. Currently prevalent PKI models (monopoly and oligarchy) do not scale globally because mutually distrusting entities cannot agree on a single trust root, and because everyday users cannot evaluate the trustworthiness of each of the many root CAs in their browsers.    
To address these issues, we study the design of a next-generation Internet architecture that is secure, available, and offers privacy by design; that provides incentives for a transition to the new architecture; and that considers economic and policy issues at the design stage. Such a research environment offers a bonanza for security researchers: a critically important problem space with a medley of challenges to address, and unfettered freedom to think creatively in the absence of limiting constraints. Once we know how good a network could be, we can then engage in incorporating these ideas into the current Internet or study strategies for transition to a next-generation network.                               

Adrian Perrig is a Professor at the Department of Computer Science at the Swiss Federal Institute of Technology (ETH) in Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University; From 2007 to 2012, he also served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his Ph.D. degree in Computer Science from Carnegie Mellon University under the guidance of J. D. Tygar, and spent three years during his Ph.D. degree at the University of California at Berkeley. He received his B.Sc. degree in Computer Engineering from the Swiss Federal Institute of Technology in Lausanne (EPFL). He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, and the ACM SIGSAC Outstanding Innovation Award in 2013. Adrian's research revolves around building secure systems -- in particular secure future Internet architectures.

Keynote II (Tuesday, 9/29/2015, 11:00am-12:00pm)

Speaker: Patrick Drew McDaniel
Pennsylvania State University

Title: The Importance of Measurement and Decision Making to a Science of Security


The financial and human costs of insecure systems continues to grow unabated.  Such costs are driven by a massive growth of new features and technologies, market pressures, increased complexity and system inter-dependencies, and the limits of human behavior.  Underlying these pressures is a fundamental--and oft unspoken--truth: the overwhelming majority of security practiced in current computing environments is an informal mix of heuristics and lore.  After nearly 40 years of effort, the engineering and scientific community has failed to produce a comprehensive and actionable science of security. 

This talk poses the question of why a science of security is so illusive, and considers what efforts are needed make progress in the future.   Historical efforts at safety and security are explored and lessons learned.  Alternate definitions of security are given and explored within the context of modern computer security research.  The talk concludes with a discussion of necessary elements of future research to reach the lofty and important goal of developing a coherent science for securing computation and the processes it supports.

Patrick McDaniel is a Professor in the Computer Science and Engineering Department at the Pennsylvania State University, co-director of the Systems and Internet Infrastructure Security Laboratory, and IEEE Fellow. Dr. McDaniel is also the program manager and lead scientist for the newly created Cyber-Security Collaborative Research Alliance. Patrick's research efforts centrally focus on network, telecommunications, systems security, language-based security, and technical public policy. Patrick was the editor-in-chief of the ACM Journal Transactions on Internet Technology (TOIT), and served as associate editor of the journals ACM Transactions on Information, IEEE Transactions on Computers, and IEEE Transactions on Software Engineering. Patrick was awarded the National Science Foundation CAREER Award and has chaired several top conferences in security including, among others, the 2007 and 2008 IEEE Symposium on Security and Privacy and the 2005 USENIX Security Symposium. Prior to pursuing his Ph.D. in 1996 at the University of Michigan, Patrick was a software architect and project manager in the telecommunications industry.