News Archives

Exploring Grand Challenges in Trustworthy Computing

November 15, 2004

Date: Monday November 15, 2004
Time: 11am-12:15 pm
Location: FEC 141


Eugene H. Spafford (email)

Abstract: We are presented with numerous challenges to make our information systems more secure, increase our confidence in our stored data, and protect the privacy of our personal information. However, under the steady barrage of attacks and flaws, it is sometimes difficult to think in terms of "big" challenges that can inspire us to make revolutionary, rather than evolutionary, strides. In this presentation I will discuss a few of the trends and problems that have been occupying researchers and industry over the last few years. I will explain why advances against these challenges are unlikely to provide long-term improvements in the security of our infrastructure. >From this, I will then discuss the results of the recent CRA Grand Challenges conference on information security, including some discussion of how we might proceed to make progress on each of these four grand challenges.

Bio: Eugene H. Spafford is a professor of Computer Sciences at Purdue University, a professor of Philosophy (courtesy appointment), a professor of Communication (courtesy), a professor of Electrical and Computer Engineering (courtesy), and is Executive Director of the Center for Education and Research in Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources. Spaf has written extensively about information security, cybercrime, software engineering, and professional ethics. He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of most major infosec-related journals. In his career to date, Professor Spafford and his students are credited with a number of security "firsts," including the first open security scanner, the first widely-available intrusion detection tool, the first integrity-based control tool, the first multistage firewall, the first formal bounds on intrusion detection, the first reference model of firewalls, and some of the first work in vulnerability classification databases. Much of the current security product industry can therefore be viewed as based, in part, on his past research. His current research is directed towards issues of public policy and information security, architecture and construction of highly-secure systems, and cyberforensic technologies. Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the IEEE, and is a charter recipient of the Computer Society's Golden Core award. In 2000, he was named as a CISSP, honoris causa. He was the year 2000 recipient of the NIST/NCSC National Computer Systems Security Award, generally regarded as the field's most significant honor in information security research. In 2001, he was named as one of the recipients of the "Charles B. Murphy" awards and named as a Fellow of the Purdue Teaching Academy, and in 2003 was named to the "Book of Great Teachers" -- thus receiving all three of the University's highest awards for outstanding teaching. In 2001, he was elected to the ISSA Hall of Fame, and he was awarded the William Hugh Murray medal of the NCISSE for his contributions to research and education in infosec. He is a 2003 recipient of the Air Force medal for Meritorious Civilian Service. In 2004, Spaf was named as the recipient of the IEEE Computer Society's Taylor Booth medal, and of the ACM SIGCAS's "Making a Difference" award. Among his many activities, Spaf is co-chair of the ACM's U.S. Public Policy Committee, is a member of the Board of Directors of the Computing Research Association, and is a member of the President's Information Technology Advisory Committee (PITAC). He is a member of the FBI's Regional Computer Forensic Laboratory program, and of several corporate boards of advisors.