CRA Conference on Grand Research Challenges in Information Security and Assurance

Visionaries Needed

Airlie House, Warrenton, Virginia
November 16-19, 2003

Computing and IT technologies have become pervasive. This same infrastructure is growing more complex as the underlying computational and communication resources grow in speed and capacity. Every vision of future technology includes predictions of ubiquitous computing and networking, including embedded, portable, and distributed systems in every aspect of our infrastructure. Computing will continue to change the way we do business, interact with government, entertain ourselves, communicate, keep records, control our infrastructures and services, execute law enforcement and national defense, and conduct research and education.

Coupled with these changes, we face threats of massive disruption and denial, loss of privacy, alteration of critical information, and new forms of undesirable IT-based activity. Threats from criminals, anarchists and extremists, random hackers, and cyberterrorists (among others) continue to grow even as we put more reliance on our computing infrastructure. Yet most of the money, attention, and energy in information security and information assurance has been focused on incremental patches and updates to existing systems rather than on seeking fundamental advances.

In 2002, the Computing Research Association sponsored its first "Grand Research Challenges in Computer Science and Engineering." This was the first in a series of highly non-traditional conferences where the goal is to define important questions rather than expose current research. Grand Challenges meetings seek "out-of-the-box" thinking to expose some of the exciting, deep challenges yet to be met in computing research. Because of the clear importance and pressing needs in information security and assurance, the Computing Research Association's second "Grand Research Challenges Conference" will be devoted to defining technical and social challenges in information security and assurance.

We are seeking scientists, educators, business people, futurists, and others who have some vision and understanding of the big challenges (and accompanying advances) that should shape the research agenda in this field over the next few decades. These meetings are not structured as traditional conferences with scheduled presentations, but rather as highly participatory meetings exposing important themes and ideas. As such, this is not a conference for security specialists alone: We seek to convene a diverse group from a variety of fields and at all career stages; we seek insight and vision wherever it may reside.

Attendance is limited to 50 people and is by invitation only. If you are interested in attending, please submit a two-page (or less) statement of two or three examples of a "grand research challenge" problem in the IS/IA area to by September 17, 2003. The organizing committee will invite prospective attendees based on these submissions. Note that individuals invited must commit to attending for the entire three-day conference (beginning Sunday at 6 pm, ending after lunch on Wednesday.)

Please submit your paper as an attachment in plain text (no PDF or Word documents!) Include a brief biographical statement sketching your background at the end (maximum one page).

At the top of the first page, please provide the following information:

Street Address
Room No.
City, State, Zip Code
Telephone No.

The conference will be held in the executive retreat environment of Airlie House in Warrenton, Virginia (30 miles from Washington-Dulles airport). In addition to the formal sessions, two afternoons will be set aside for free time so that participants may continue discussion in small, informal groups.

CRA has applied to the National Science Foundation for travel and lodging support to cover expenses of some participants, where necessary. When you submit your paper, please indicate whether you need to be considered for travel and/or lodging support. We have explicitly budgeted for some participants from outside the United States, and we encourage submissions from around the world.

More information on the CRA Grand Challenges Conferences may be found on the WWW at

Organizing Committee:
Eugene H. Spafford, Purdue University and Computing Research Association
(Organizing Committee Chair)
Richard A. DeMillo, Georgia Institute of Technology
(Organizing Committee Co-Chair)
David Aucsmith, Microsoft Corporation
Andrew Bernat, Computing Research Association
Steve Crocker, Shinkuro, Inc.
David Farber, Carnegie Mellon University
Virgil Gligor, University of Maryland
Sy Goodman, Georgia Institute of Technology
Anita Jones, University of Virginia
Susan Landau, Sun Laboratories
Peter Neumann, SRI
David Patterson, University of California, Berkeley
Fred Schneider, Cornell University
Douglas Tygar, University of California, Berkeley
William Wulf, National Academy of Engineering and University of Virginia