NSF Workshop on Programmable System Security in a Software Defined World

(SPS, or Software-defined Programmable Security)

August 13-14, 2018

Fairfax, VA

Workshop Chairs: Guofei Gu (TAMU), David Ott (VMware), Vyas Sekar (CMU), Kun Sun (GMU)

This invitation-only workshop brings together networking, systems, and security researchers to discuss and establish a vision for programmable security in modern software-defined infrastructures (e.g., cloud, IoT, or edge computing environments). The output of the workshop will be a public report documenting the discussions and a set of recommendations on research directions and frontiers. The workshop and the report will stimulate research collaboration and the creation of a common research vision between disparate communities.

We increasingly live in a software-defined world where systems that were once implemented as rigid control systems or fixed function hardware systems are now highly programmable through software interfaces that decouple underlying hardware details and offer remote control and centralized management. Early examples of software-defined systems (SD-X) include multi-tenant clouds, software-defined networking (SDN), network functions virtualization (NFV), software-defined infrastructure (SDI), and software-defined radios (SDR).

While SD-X technologies have rapidly proliferated within industry and received considerable systems research attention, the paradigm has not been fully exploited in approaching a wide array of important security challenges. The objective of this workshop is to identify those research challenges and opportunities to exploit SD-X approaches in making system security more programmable, agile, orchestrated, and intelligent. This workshop creates a much-needed opportunity for a cross-cutting group of researchers to fill out the vision of what programmable security based on SD-X could be, including research challenges, long-term visions, and key issues. In the process, this workshop will promote a more focused community and vision where traditionally disparate communities previously worked in isolation and without a more ambitious system security vision within the context of complex software-defined infrastructures. The workshop report will be made available to the public via the workshop website.

Broad directions to be considered by the workshop attendees include, but are not limited to:

  • new abstractions for data/control planes aimed specifically at security,
  • new architectures that integrate diverse SD-X domains (networking, processing, storage, etc.) for a more powerful and comprehensive security framework, (
  • new programming and language paradigms for programmable security,
  • a better understanding of attack surfaces and adversarial methods within modern software-defined infrastructures,
  • new formal and experimental methodologies for reasoning about software-defined security,
  • the integration of emerging AI/ML and data-driven capabilities into programmable system security,
  • new applications paradigms that exploit programmable paradigms in innovative ways,
  • the application of programmable security approaches to emerging platforms and infrastructure domains such as edge computing, IoT, cyber-physical infrastructures.

Overall, workshop participants will help to build community and define the vision of a new generation of security technologies in the rapidly expanding world of software-defined infrastructures and devices.

Workshop Report

The workshop report ("Programmable System Security in a Software-Defined World: Research Challenges and Opportunities") is now available here or here!


Workshop location: Dean's Conference Room 5117, Long and Kimmy Nguyen Engineering Building, George Mason University

  • Building address: 4511 Patriot Cir, Fairfax, VA 22030

Hotel: Residence Inn Fairfax City, 3565 Chain Bridge Road Fairfax VA 22030