A Building Code for Building Code

pdf

Presented as part of the 2014 HCSS conference.

Abstract:

Cyberspace, though it has a physical reality of computers and communication channels, sensors and actuators, is in fact made real mostly by the programs that control those things. Today, systems of programs control most of our critical infrastructures. Metaphors are frequently used as a way to communicate to people what these programs are intended to do. Workers in cybersecurity have adopted many rich metaphors: Trojan Horse, virus, worm, firewall, and more. Difficulties arise when the metaphor blinds us to the underlying reality. The talk examines critically several common cybersecurity metaphors and proposes the adoption of a new (or at least underutilized) one, that of a building code for critical infrastructure software, as a means of putting what we have learned in forty years of system development experience into practice.

Presenter Bio:

Carl E. Landwehr is an American computer scientist whose research focus is cybersecurity and trustworthy computing. His work includes identification of software vulnerabilities toward high assurance software development, architectures for intrusion-tolerant and multilevel security systems, token-based authentication, and system evaluation and certification methods. Among other activities, he is currently a Lead Research Scientist at the Cyber Security Policy and Research Institute (CSPRI) at George Washington University.

Carl Landwehr has developed and led cybersecurity research programs at the National Science Foundation (2001-2004, 2009-2011), IARPA (2005-2009), Mitretek Systems and the Naval Research Laboratory (1982-1999). From 2007 to 2010, he served as Editor-in-Chief of IEEE Security & Privacy Magazine as well as Associate Editor of several IEEE journals. He was a member of DARPA's Information Science and Technology (ISAT) Study Group and has served on several studies for the National Academy of Sciences.

Carl Landwehr holds degrees from Yale University (BS) and the University of Michigan (MS,PhD). While at Michigan, he worked for the MERIT Network, currently the longest running regional computer network in the United States. He has taught and lectured widely, including at Purdue University, Georgetown University, Virginia Tech University, and the University of Maryland. Research begun while visiting at the Isaac Newton Institute at Cambridge eventually led to the development of a patent for a secure identification system held by Dr. Landwehr and Daniel Latham. His many publications are highly cited.

Carl Landwehr was interviewed by Gary McGraw of Cigital for the Silver Bullet podcasts on Security for IEEE discussing changing threats in cybersecurity. For the 30th Anniversary IEEE Symposium on Security and Privacy, he provided a history of U.S. Government investments in cyber security research.

Dr. Landwehr is an IEEE Fellow (2013) and has received various awards, including the ACM SIGSAC's Outstanding Contribution Award (2009) and the National Science Foundation Director's Award for Meritorious Service (2012). He was a member of the founding class (2012) inducted into the National Cyber Security Hall of Fame.

Tags:
License: CC-2.5
Submitted by Carl Landwehr on