In 2002, CRA sponsored its first "Grand Research Challenges in Computer Science and Engineering." This was the first in a series of highly non-traditional conferences where the goal is to define important questions rather than expose current research. Grand Challenges meetings seek "out-of-the-box" thinking to expose some of the exciting, deep challenges yet to be met in computing research. Because of the clear importance and pressing needs in information security and assurance, CRA's second "Grand Research Challenges Conference" was devoted to defining technical and social challenges in information security and assurance.

Attendance was limited to 50 people and was by invitation only. We sought scientists, educators, business people, futurists, and others who have some vision and understanding of the big challenges (and accompanying advances) that should shape the research agenda in this field over the next few decades. These meetings are not structured as traditional conferences with scheduled presentations, but rather as highly participatory meetings exposing important themes and ideas. As such, this was not a conference for security specialists alone: We sought to convene a diverse group from a variety of fields and at all career stages—we sought insight and vision wherever it may reside. 

Final report: Four Grand Challenges in Trustworthy Computing (215 KB PDF).

• At the conclusion of the conference, the participants identified four challenges worthy of sustained commitments of resources and effort:
  1. Eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years;
  2. Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
  3. Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade;
  4. Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.

• Video files of the panel discussion held after the conference, Nov. 20, 2003:
  • .wvx, Windows Media (83.5 MB)
  • .ram, Real (166 MB)
     
• Slides:
  • 961 KB PDF (color)
  • 937 KB PDF (grayscale)

• Post-conference Press Release.
   
• List of participants.
   
• The original Call for Papers.

Organizing Committee: 

• Eugene H. Spafford, Purdue University and Computing Research Association (Organizing Committee Chair) 
• Richard A. DeMillo, Georgia Institute of Technology (Organizing Committee Co-Chair) 
• Andrew Bernat, Computing Research Association 
• Steve Crocker, Shinkuro, Inc.
• David Farber, Carnegie Mellon University 
• Virgil Gligor, University of Maryland 
• Sy Goodman, Georgia Institute of Technology 
• Anita Jones, University of Virginia 
• Susan Landau, Sun Laboratories 
• Peter Neumann, SRI 
• David Patterson, University of California, Berkeley 
• Fred Schneider, Cornell University 
• Douglas Tygar, University of California, Berkeley 
• William Wulf, National Academy of Engineering and University of Virginia

Made possible with support from