Hot SoS is a research event centered on the Science of Security.

The key motivation behind developing a Science of Security is to address in a principled manner the fundamental problems of security.

Security has been intensively studied, but a lot of previous research emphasizes the engineering of specific solutions without first developing the scientific understanding of the problem domain. All too often, security research conveys the flavor of identifying specific threats and removing them in an apparently ad hoc manner.

The motivation behind the nascent Science of Security is to understand how computing systems are architected, built, used, and maintained with a view to understanding and addressing security challenges systematically across their life cycle. In particular, two features distinguish the Science of Security from previous research programs on security.

Following a successful invitational SoS Community Meeting in December 2012, Hot SoS 2014 will be the first open research event in what is expected to be a continuing series of such events.

Symposium proceedings will be indexed in the IEEE digital library.


We welcome submissions on all topics relevant to the theme of Science of Security including, but not limited to, the following (each from the perspective of the Science of Security):

Additional information about the Science of Security can be found at the Science of Security Virtual Organization.

If you have any questions about the topics or submission instructions, please feel free to contact the Program Chairs, Professors David M. Nicol and Munindar P. Singh, at

Organizing Committee

General Chair: Laurie A. Williams, North Carolina State University
Program Co-Chair: David M. Nicol, University of Illinois, Urbana-Champaign
Program Co-Chair: Munindar P. Singh, North Carolina State University
Web Chair: William Enck, North Carolina State University
Publicity Chair: Travis Breaux, Carnegie Mellon
Finance Chair: Lucas Layman, Fraunhofer Institute
Proceedings Chair: Nirav Ajmeri, North Carolina State University
Local Arrangements: David Wright, North Carolina State University
NSA Liaison: Heather Lucas

See the Call for Papers for complete organizing committee details.


Monday, April 7, 2014

5:00 - 9:00 Registration - Esplanade Gallery
6:00 - 9:00pm Welcome Reception
Hannover I
(hors d'oeuvre available 6:30 - 7:30)

Tuesday, April 8, 2014

7:30 - 5:00 Registration - Esplanade Gallery
8:00 - 9:00 Breakfast
Esplande (sit in Oak Forest Ballroom to eat)
9:00 - 10:30 Welcome, Announcements
Laurie Williams, North Carolina State University
Gilbert (Gil) C. Nolte, NSA, Chief Trusted Systems Research
Location: Oak Forest Ballroom
Keynote: The Science of Computer Security Perspectives and Prospects
John McLean, Naval Research Laboratory
10:30 - 11:00 Break
Hannover I Prefunction
11:00 - 12:30 Research Paper Session: Architecture and Analysis
Session Chair: Ehab Al-Shaer, UNC Charlotte
Location: Hannover I
Tutorial: Engineering Privacy: Example Challenges of Transitioning Science to Practice
Travis Breaux, CMU
Location: Hannover II
In-Nimbo Sandboxing
Michael Maass, Jonathan Aldrich and William Scherlis
Architecture-Based Self-Protection: Composing and Reasoning about Denial-of-Service Mitigations
Bradley Schmerl, Javier Cámara Moreno, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel Moreno, Thomas Glazier and Jeffrey Barnes
A Rewriting-based Forwards Semantics for Maude-NPA
Santiago Escobar, Catherine Meadows, Jose Meseguer and Sonia Santiago
12:30 - 1:30 Lunch
Esplande (sit in Oak Forest Ballroom to eat)
1:30 - 3:00 Industry Panel: Our Perspective on the Science of Security
Steve Lipner, Director of Program Management, Trustworthy Computing Security, Microsoft
Ed Paradise, Vice President of Engineering for Threat Response, Intelligence and Development Group, Cisco.
Neal Ziring, NSA Technical Director for the Information Assurance Directorate
David Hoffman, Director of Security Policy and Global Privacy Officer, Intel
Moderator: Bill Scherlis, CMU
Location: Oak Forest Ballroom
3:00 - 3:30 Break
Hannover I Prefunction
3:30 - 5:00 Research Paper Session: Sociotechnical Systems
Session Chair: Travis Breaux, CMU
Location: Hannover I
Research Work in Progress
Session Chair: Huaiyu Dai, NCSU
Location: Hannover III
International Research Network for the Science of Security (IRN-SoS) -- Kick-off Meeting
Jeff Carver, University of Alabama
Location: Hannover II
Open vs. Closed Systems for Accountability
Joan Feigenbaum, Aaron D. Jaggard and Rebecca Wright
Log Your CRUD: Design Principles for Software Logging Mechanisms
Jason King and Laurie Williams
A New Approach to Modeling and Analyzing Security of Networked Systems
Gaofeng Da, Maochao Xu and Shouhuai Xu
6:00 - 9:00 Poster Session and Reception
Conference Dinner
North Carolina Museum of Natural Sciences
11 W. Jones St. Raleigh, NC 27602 (Transportation)

Wednesday, April 9, 2014

8:00 - 10:30 Registration - Esplanade Gallery
8:00 - 9:00 Breakfast
Esplande (sit in Oak Forest Ballroom to eat)
9:00 - 10:30 Announcements
Location: Oak Forest Ballroom
Keynote: What the Science of Security might learn from the Evolution of the Discipline of Empirical Software Engineering
Vic Basili, Professor Emeritus, University of Maryland
10:30 - 11:00 Break
Hannover I Prefunction
11:00 - 12:30 Research Paper Session: Human Aspects
Session Chair: Robert Proctor, Purdue
Location: Hannover I
Tutorial: Let's Play Poker: Effort and Software Security Risk Estimation in Software Engineering
Laurie Williams, NCSU
Location: Hannover II
Less is More? Investigating the Role of Examples in Security Studies using Analogical Transfer
Ashwini Rao, Hanan Hibshi, Travis Breaux, Jean-Michel Lehker and Jianwei Niu
Phishing in International Waters: Exploring Cross-Cultural Differences in Phishing Conceptualizations between Chinese, Indian, and American Samples
Rucha Tembe, Olga Zielinska, Yuqi Liu, Kyung Wha Hong, Emerson Murphy-Hill, Chris Mayhorn and Xi Ge
Human Factors in Webserver Log File Analysis: A Controlled Experiment on Investigating Malicious Activity
Lucas Layman, Sylvain David Diffo and Nico Zazworka
12:30 - 1:30 Lunch
Esplande (sit in Oak Forest Ballroom to eat)
1:30 - 2:45 Invited Talks
  • 2012 NSA Honorable Mention Paper: "Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World" Leyla Yumer and Tudor Dumitras
  • A Building Code for Building Code. Carl Landwehr
Location: Oak Forest Ballroom
2:45 - 3:15 Break
Hannover I Prefunction
3:15 - 4:45 Research Paper Session: Adaptivity and Dynamics
Session Chair: Kevin Sullivan, University of Virginia
Location: Hannover I
Tutorial: Authentication and Access-Control in Distributed Systems
Mike Reiter, UNC
Location: Hannover III
Tutorial: Understanding the 'H' in Science of Security HCI Research: Methods and Lessons Learned from Investigations of Phishing
Chris Mayhorn, NCSU
Location: Hannover II
Characterizing the Power of Moving Target Defense via Cyber Epidemic Dynamics
Yujuan Han, Wenlian Lu and Shouhuai Xu
Analyzing an Adaptive Reputation Metric for Anonymity Systems
Anupam Das, Nikita Borisov and Matthew Caesar
Proving Abstractions of Dynamical Systems through Numerical Simulations
Sayan Mitra

Keynote: John McLean

Title: The Science of Computer Security Perspectives and Prospects

Abstract: Within the last few years there has been a steadily increasing interest in establishing the Science of Computer Security, starting, at least, as far back as the joint NSF/ IARPA/NSA workshop on the topic in the Fall of 2008. However, from a certain perspective there is actually a much longer history of advances in Computer Security that would qualify as being scientific. This talk will take a look at some of the criteria of what constitutes science and uses those criteria to demonstrate that Computer Security actually possesses a solid history of scientific progress. That said, there are certain areas where a more scientific approach to computer security could be beneficial. This talk will also examine some of those areas and the difficulties they present.

Bio: John D. McLean is Superintendent of the Naval Research Laboratory's Information Technology Division. He became Acting Superintendent in 2002 and was confirmed as Superintendent and appointed to the Government's Senior Executive Service in 2003. As Superintendent, he supervises over 325 government scientists, support personnel, and contractors, and he is responsible for formulating, selling, and executing ITD's $125M program in basic research, exploratory development, and advanced technology demonstrations in the areas of Artificial Intelligence and Autonomous Systems, High Assurance Systems and Cyber Security, Human/Computer Interaction, Network Technology and Communication Systems, and High Performance Computing. Prior to becoming Superintendent, Dr. McLean was a member of the Government's Senior Science and Technology Service and NRL's Senior Scientist for Information Assurance.

Dr. McLean came to NRL in 1980. As a Research Computer Scientist, he has published approximately 100 technical articles and reviews, including several seminal papers, in the areas of software specification and formal models for computer security. In 1988 he helped create the Navy's Center for High Assurance Computer Systems within ITD, establishing and heading the Center's Formal Methods Section. In 1994 he became Director of the Center, which during his tenure transitioned technological advances into several successful products, including early implementations of IPSec and IPv6, devices that support a variety of MSL architectures, and the world's first Type 1 programmable cryptographic device. While at NRL, he has also served as a Senior Research Fellow of the University of Cambridge's Centre for Communications Systems and has held positions as an Adjunct Professor of Computer Science for the University of Maryland, the National Cryptologic School, and Troisieme Cycle Romand d'Informatique.

Dr. McLean has served as an Associate Editor for Distributed Computing, Journal of Computer Security, ACM Transactions on Information and System Security, and International Journal of Information and Computer Security. He is the Chair of the NATO Science and Technology Organization Information Systems Technology Panel and the US Navy Representative to the Technical Cooperation Program (TTCP) C3I Group. He has been Conference Chair for the IEEE Symposium on Research in Security and Privacy and Program Chair for that conference, the IEEE Computer Security Foundations Workshop, and COMPASS. He is the recipient of an Outstanding Paper Award from the IEEE Computer Society (1990), the Presidential Rank Award of Meritorious Executive (2008), an NRL Distinguished Contribution Award (2000), and four NRL Alan Berman Research Publication Awards.

Dr. McLean holds Ph.D., M.S., and M.A. degrees from the University of North Carolina at Chapel Hill and a B.A. degree from Oberlin College.

Keynote: Victor Basili

Title: What the Science of Security might learn from the Evolution of the Discipline of Empirical Software Engineering

Abstract: This talk offers a four decade overview of the evolution of empirical software engineering from a personal perspective. It represents what I saw as major milestones in terms of the kind of thinking that affected the nature of the work. I use examples come from my own work as I feel that work represents, to some extent, the evolution of the field and is representative of the thinking and kind of work that was being done at various points in time. I try to point out where we fell short, what we learned about the discipline, where we are today, and where we need to go. I will discuss the barriers that limit us from further evolution and what we need to do to address them.

Bio: Dr. Victor R. Basili is Professor Emeritus at the University of Maryland, College Park. He holds a PH.D. in Computer Science from the University of Texas and is a recipient of two honorary degrees from the University of Sannio, Italy (2004) and the University of Kaiserslautern, Germany (2005). He was Founding Director of the Fraunhofer Center for Experimental Software Engineering -- Maryland and a director of the Software Engineering Laboratory (SEL) at NASA/GSFC. He works on measuring, evaluating, and improving the software development process and product using methods that include the Goal Question Metric Approach (GQM), the Quality Improvement Paradigm (QIP), and the Experience Factory (EF).

Dr. Basili is a recipient of several awards including a 1989 NASA Group Achievement Awards, the 2000 Outstanding Research Award from ACM SIGSOFT, the IEEE Computer Society 2003 Harlan Mills Awardy, and the Fraunhofer Medal. He has authored over 250 journal and refereed conference papers, has served as Editor-in-Chief of the IEEE TSE and the Springer Journal of Empirical Software Engineering. He is an IEEE and ACM Fellow.

Invited Talk: A Building Code for Building Code

by Carl Landwehr, George Washington University

Abstract: Cyberspace, though it has a physical reality of computers and communication channels, sensors and actuators, is in fact made real mostly by the programs that control those things. Today, systems of programs control most of our critical infrastructures. Metaphors are frequently used as a way to communicate to people what these programs are intended to do. Workers in cybersecurity have adopted many rich metaphors: Trojan Horse, virus, worm, firewall, and more. Difficulties arise when the metaphor blinds us to the underlying reality. The talk examines critically several common cybersecurity metaphors and proposes the adoption of a new (or at least underutilized) one, that of a building code for critical infrastructure software, as a means of putting what we have learned in forty years of system development experience into practice.

Bio: Carl Landwehr is an independent consultant in cybersecurity research and development and a Lead Research Scientist at the Cyber Security policy and Research Institute at George Washington University. He is an IEEE Fellow and a member of the National Cybersecurity Hall of Fame. His career in cybersecurity research began at the Naval Research Laboratory in the late 1970s. More recently, he led the National Science Foundation’s efforts to establish national research programs in Trusted Computing, Cyber Trust, Trustworthy Computing and Secure and Trustworthy Cyberspace. He helped DARPA establish programs on Information Assurance and developed the first programs in cybersecurity at IARPA. Professionally, he served four years as editor-in-chief of IEEE Security and Privacy Magazine. His current interests include trying to improve both the scientific foundations of cybersecurity and security posture of the national cyberinfrastructure.

Industry Panel: Our Perspective on the Science of Security

Steven B. Lipner is Partner Director of Program Management in Trustworthy Computing Security at Microsoft. Lipner is the creator and long-time leader of Microsoft's Security Development Lifecycle (SDL) team that defines the SDL, develops associated tools and processes, and executes Microsoft's internal SDL process company-wide. Lipner also leads Microsoft's initiatives to make the SDL available to organizations beyond Microsoft. Lipner's responsibilities also include Microsoft's corporate strategies related to government security evaluation of Microsoft products, product integrity, and supply chain security. He is a director and board chair of SAFECode, a non-profit industry association dedicated to improving the security and integrity of software. Lipner holds S.B. and S.M. degrees in Civil Engineering from the Massachusetts Institute of Technology and attended the Harvard Business School's Program for Management Development.

Ed Paradise is Vice President of Engineering for Cisco's Threat Response, Intelligence and Development Group. He is also the Site Executive for Cisco's Research Triangle Park Site. As Vice President of Engineering for the Threat Response, Intelligence and Development (TRIAD) Group, Mr. Paradise leads the engineering and product marketing teams that focus on developing trustworthy systems by developing new tools, processes and technologies that further enhance the security of Cisco product portfolios. This includes work with all engineering groups to ensure secure development processes, compliance to security standards and implementing security modules and technologies to minimize threat within Cisco's products. As the Research Triangle Park Site Executive, Mr. Paradise is the lead Executive for engagements related to Cisco's presence in the region. He works to ensure Cisco is the local employer of choice and a key corporate partner in quality of life issues in the local community. Mr. Paradise joined Cisco in April 1993 as an Engineering Manager for CIP technology. He has held various leadership positions in Cisco's engineering oranization including Vice President/ General Manager of the Mobile Wireless Group and Vice President/General Manager of the IP Communication Business Unit. In July 2008, he was appointed Vice President for Quality and Site Executive for Cisco's North American Connected Sites. In September, 2009 he also assumed the position of VP of Development for GGSG. In July 2011, he took on the role of RTP Site Executive, a position he held previously from 2002 to 2009. Prior to joining Cisco, Mr. Paradise worked at IBM as a senior manager at the Thomas Watson Research Center, Yorktown Heights, New York. Mr. Paradise is a Trustee, appointed by NC Governor Beverly Perdue, of the Wake Technical Community College. Mr. Paradise serves on Board of Directors of the Greater Raleigh Chamber of Commerce and the Advisory Boards of the Habitat for Humanity of Orange County, Triangle Family Services, Bull City Ventures Partners and the Duke University Masters of Engineering Management Industry Board. He chairs the Regional Transportation Alliance and the FIRST Robotics North Carolina Board of Directors. Mr. Paradise holds a Master's of Science degree in Electrical Engineering from Syracuse University and a Bachelor's of Science degree in Electrical Engineering from the University of Hartford.

Neal Ziring is the Technical Director for the National Security Agency's Information Assurance Directorate (IAD), serving as a technical advisor to the IAD Director, Deputy Director, and other senior leadership. Mr. Ziring is responsible for setting the technical direction across the Information Assurance mission space. Mr. Ziring tracks technical activities, promotes technical health of the staff, and acts as liaison to various industry, intelligence, academic, and government partners. As part of his role, he guides IAD's academic outreach program, acting as a technical liaison to several universities that are participants in the National Centers for Academic Excellence - Research (CAE-R) program. His personal expertise areas include router security, IPv6, VM-based secure systems, cloud computing, cross-domain information exchange, and mobile code security.

David A. Hoffman Director of Security Policy and Global Privacy Officer at Intel Corporation, in which capacity he heads the organization that oversees Intel's privacy compliance activities, legal support for privacy and security, and all external privacy/ security engagements. Mr. Hoffman joined Intel in 1998 as Intel's eBusiness attorney to manage the team providing legal support for Intel's Chief Information Officer. In 2005, Mr. Hoffman moved to Munich, Germany, as Group Counsel in the Intel European Legal Department, while leading Intel's Worldwide Privacy and Security Policy Team. Mr. Hoffman served on the TRUSTe Board of Directors from 2000-2006. From 2005 - 2009, Mr. Hoffman served on the Board of Directors for the International Association of Privacy Professionals, and he is currently a member of the Advisory Board for the Future of Privacy Forum and the Board of the Information Accountability Foundation. Mr. Hoffman is the co-chair of the International Chamber of Commerce's Task Force on Data Protection and Privacy and is a Senior Lecturing Fellow at the Duke University School of Law. Mr. Hoffman has a JD from The Duke University School of Law, where he was a Member of the Duke Law Review. Mr. Hoffman also received an AB from Hamilton College.

International Research Network for the Science of Security (IRN-SoS) -- Kick-off Meeting

The International Research Network for the Science of Security (IRN-SoS) is a newly forming community of security researchers that will encourage and support each other to follow scientifically-defensible methodologies. The goal of IRN-SoS is to build a community of security researchers to share knowledge and standardize practice among its members. IRN-SoS will seek to evolve the culture of the security research community so that researchers begin to expect and require higher standards of scientific rigor than is common today. We plan to hold annual meetings during the HotSoS conference. The annual IRN-SoS meeting will be a venue to discuss topics regarding methodology as well as an opportunity for members to present and receive feedback on current and future projects. This workshop serves as the kick-off for the IRN-SoS organization. During this session we will describe the goals of IRN-SoS in more detail and give interested researchers and opportunity to provide feedback on how to make the community useful to them.

Tutorial: Engineering Privacy: Example Challenges of Transitioning Science to Practice

by Travis Breaux, CMU

Abstract: Emerging technologies that deliver automation increasingly rely on sharing sensitive personal information, which can introduce new threats to personal privacy. To address these new risks, regulators and privacy advocates have called for "Privacy By Design" to build privacy into systems early in the software development lifecycle. There are several challenges to this call: first, the established definitions of privacy describe factors outside the traditional system boundaries that software developers typically consider; second, in contrast to security, the risk model that underpins privacy is exogenous, contextual and anthropic, which is profoundly different from traditionally views of system risk; and third, maximizing privacy in systems will necessarily reduce information utility, which either safely constrains design or dangerously precludes some systems by destabilizing their desired operating principles. In this session, we will discuss these challenges in the context of Walter Vincenti's design instrumentalities with examples drawn from surveillance technologies that cover a range of threat categories, including social networking, recommender systems and mobile applications. Proposals for addressing these challenges will be discussed in the context of emerging research in privacy and software engineering.

Tutorial: Let's Play Poker: Effort and Software Security Risk Estimation in Software Engineering

by Laurie Williams, NCSU

Abstract: Effort and risk estimation are both important and problematic in software engineering. Inaccurate effort estimates can lead a team to making unrealistic commitments for completing a software project. Effort estimation models can be complex and require a significant amount of historical data to be collected and analyzed. As a result, effort estimates are often done in an ad hoc manner by management and/or team leaders. Likewise, software teams often estimate and rank their risks in a subjective manner due to problems quantifying the probability of a risk occurring and the impact of the risk.

In recent years, some software development teams have begun to estimate the effort needed to implement product requirements via a Wideband Delphi practice commonly called Planning Poker. With the Wideband Delphi practice, team members gather in a room and are asked to make estimates individually and anonymously by choosing a card in their hands. All the estimates are then simultaneously shown to the team (by flipping cards over) and differences of opinion are discussed. Additional estimation and discussion rounds take place until the team converges on what they jointly feel is a reasonable estimate. The diversity of participant opinions about the effort required to implement a requirement drives discovery of important product information in the Planning Poker discussion.

We have developed a Wideband Delphi, Planning-Poker type practice called Protection Poker that leverages a diversity of ideas, experience, and knowledge related to software security. The dual purpose of a Protection Poker session is (1) to structure a collaborative, interactive, and informal practice for misuse case development and threat modeling leading to a software security risk estimate; and (2) to spread software security knowledge throughout a team. A pilot of the use of Protection Poker with an industrial partner has indicated its value for achieving these purposes.

Tutorial: Authentication and Access-Control in Distributed Systems

by Mike Reiter, UNC

Abstract: This tutorial will introduce a small set of rules that can be used to reason about authentication and access control in distributed systems, and then will use these rules to reason about several modern authentication technologies (e.g., web authentication, DNSSEC, and trusted platform modules). The utility of this type of reasoning is that it permits seemingly disparate authentication techniques to be distilled into a few simple concepts represented by the rules. Moreover, in my experience, casting technologies into this framework often reveals hidden assumptions and surprises. The form of reasoning in the tutorial is closely based on the logic put forth in Lampson et al., "Authentication in distributed systems: Theory and practice" (ACM TOCS 1992), but with a substantially simpler set of rules and a treatment of more modern technologies. The tutorial is suitable for students with no formal exposure to computer security (e.g., I use this material in an upper-level undergraduate class at UNC) and to those who simply want to consider a principled but still accessible approach to reasoning about authentication technologies.

Tutorial: Understanding the 'H' in Science of Security HCI Research: Methods and Lessons Learned from Investigations of Phishing

by Chris Mayhorn, NCSU

Abstract: Multidisciplinary science of security work in the area of cybersecurity ideally draws on the talents and abilities of both computer scientists, behavioral scientists, and other professionals to create an enhanced understanding for how humans interact with computerized systems. Thus, this type of science of security research represents a special case of human-computer interaction (HCI). The purpose of this tutorial/workshop is to focus on behavioral research issues and methods that can be used to assess human security-related behavior. While non-behavioral scientists have expertise in conducting the exploration of the 'C' within HCI, direct observation of behavior via human studies is needed to conceptualize the 'H' component to fully understand how the two interact as 'I' in the security system. The use of human studies is essential and useful but also presents a number of methodological challenges. For instance, successful navigation of Institutional Review Boards (IRBs) must be completed before any data is collected. Likewise, appropriate selection of research methods depends on an understanding of the costs and benefits to employing particular procedures such as interviews, surveys, or experimental manipulation. Moreover, these choices regarding adoption of research methodology drive how data analysis will be conducted. This tutorial/workshop will use a line of NSA lablet-funded research at North Carolina State University that explores phishing as an exemplar project to illustrate how decisions were made regarding methodology adoption and qualitative as well as quantitative data analysis to inform attendees of lessons learned in the domain of human studies.

Research Work in Progress

Alain Forget, Saranga Komanduri, Alessandro Acquisti, Nicolas Christin, Lorrie Cranor and Rahul Telang Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines

Sponsors and Cooperation