August 14, 2018

NSF CISE Community-Building Workshop on Programmable System Security in a Software Defined World (SPS, or Software-defined Programmable Security)

We increasingly live in a software defined world where systems that were once implemented as rigid control systems or fixed function hardware systems are now highly programmable. This trend has opened up an exciting new space for research on novel approaches to system control, management, applications, and services. Today's early examples include multi-tenant clouds, software-defined networking (SDN), network functions virtualization (NFV), software-defined infrastructure (SDI), and software defined radios (SDR). Individually, these SD-X systems present large research challenges, and these problems are compounded when they are interconnected into a software defined world. Our interest is in identifying research challenges and opportunities in the area of programmable security within this context, or SPS (Software-defined Programmable Security).


In essence, “software defined” realizes programmability through an architectural approach in which hardware resources are virtualized; that is, abstractions of physical capabilities are made available to applications or higher-level services in a way that is decoupled from the underlying physical device or infrastructure. To date, software defined approaches have been realized mostly in the context of datacenters which may simultaneously deploy software-defined network (SDN), software-defined storage, and compute stacks (Virtualization). But it can broadly be viewed as a programmable framework for any device or compute context (e.g., IoT, edge computing).


The goal of this workshop is to explore new research avenues and identify challenges in programmable securityfor software defined devices and compute environments. Software defined capabilities, for example, may offer sophisticated building blocks for defining and enforcing security policy, detecting and isolating threats, responding to intruders, preventing data exfiltration attacks, detecting and containing malware, or securing a service framework.  Programmable security may leverage inherent features and capabilities of software defined frameworks like isolation, flexibility and agility, programmable intelligence, dynamic control, and global orchestration.