|
Items in cart [0] |
Questions? Call 888-624-8373 |
PAPERBACK + PDF PAPERBACK PDF BOOK PDF CHAPTERS Free Resources |
||||||||||||||||
|
||||||||||||||||
|
|
|||||||||||||||
| ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| Copyright © 2009. National Academy of Sciences. All rights reserved. Terms of Use and Privacy Statement |
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 195
APPENDIXES
OCR for page 196
OCR for page 197
Appendix A
Biographies of Committee
Members and Staff
COMMITTEE MEMBERS
STEPHEN T. KENT, Chair, is chief scientist in information security at
BEN Technologies, a part of Verizon Communications. During the past
two decades, Dr. Kent's research and development activities have in-
cluded the design and development of user authentication and access
control systems, network layer encryption and access control systems,
secure transport layer protocols, secure e-mail technology, multilevel se-
cure (X.500) directory systems, and public key certification authority sys-
tems. His most recent work focuses on security for Internet routing, very
high speed Internet Protocol (IP) encryption, and high-assurance crypto-
graphic modules. Dr. Kent served as a member of the Internet Architec-
ture Board (1983-1994), and he chaired the Privacy and Security Research
Group of the Internet Research Task Force (1985-1998~. He chaired the
Privacy Enhanced Mail working group of the Internet Engineering Task
Force from 1990 to 1995 and has co-chaired the Public Key Infrastructure
Working Group since 1995. He is the primary author of the core IPsec
standards: RFCs 2401, 2402, and 2406. He is a member of the editorial
board of the Journal of Computer Security (1995 to the present), serves on
the board of the Security Research Alliance, and served on the board of
directors of the International Association for Cryptologic Research (1982-
1989~. Dr. Kent was a member of the National Research Council's (NRC's)
Information Systems Trustworthiness Committee (1996-1998), which pro-
duced Trust in Cyberspace. His other NRC service includes membership
197
OCR for page 198
198
APPENDIX A
on the Committee on Rights and Responsibilities of Participants in Net-
worked Communities (1993-1994), the Technical Assessment Panel for the
NIST Computer Systems Laboratory (1990-1992), and the Secure Systems
Study Committee (1988-1990~. The U.S. Secretary of Commerce appointed
Dr. Kent as chair of the Federal Advisory Committee to Develop a Federal
Information Processing Standard for Federal Key Management Infrastruc-
ture (1996-1998~. The author of two book chapters and numerous techni-
cal papers on network security, Dr. Kent has served as a referee, panelist,
and session chair for a number of conferences. Since 1977 he has lectured
on network security on behalf of government agencies, universities, and
private companies throughout the United States, Europe, Australia, and
the Far East. Dr. Kent received the B.S. degree in mathematics, summa
cum laude, from Loyola University of New Orleans and the S.M., E.E.,
and Ph.D. degrees in computer science from the Massachusetts Institute
of Technology. He is a fellow of the Association for Computing Machin-
ery and a member of the Internet Society and Sigma Xi.
MICHAEL ANGELO is currently a staff fellow at Compaq Computer
Corporation and runs a laboratory at Compaq that assesses biometrics
and other security-enhancing technologies, such as smart cards. He is
considered a subject-matter expert for security and its associated tech-
nologies. His job is to provide technical guidance and input into strategic
planning and development of secure solutions. In addition, he is respon-
sible for providing technical assistance to the corporate security team. Dr.
Angelo possesses expertise in both biometric and token access authentica-
tion technology, including technical threat model and implementation
analysis, as well as risk reduction enhancement methodology, applied
computer system security, computer forensics, advanced data-protection
methodologies, and practical encryption techniques. His experience com-
prises 15 years in designing, implementing, managing, and supporting
secure intra- and internets, including gateways, firewalls, and sentinels,
and 20 years working at the kernel level of numerous operating systems,
including a wide variety of hardware platforms (from personal comput-
ers to supercomputers) and software platforms (including UNIX [several
flavors], MS-DOS/Windows/NT, and VMS). He holds several patents.
Dr. Angelo has been active in a number of trade standards organizations:
the Trusted Computing Platform Association, Americans for Computer
Privacy, the Bureau of Export Administration Technical Advisory Com-
mittee, the Information Security Exploratory Committee, the Key Recov-
ery Alliance, the Computer Systems Policy Project, the Cross-Industry
Working Team Security Working Group, and the National Institute of
Standards and Technology's Industry Key Escrow Working Group.
OCR for page 199
APPENDIX A
199
STEVEN BELLOVIN is a fellow at AT&T Research. He received a B.A.
degree from Columbia University and M.S. and Ph.D. degrees in com-
puter science from the University of North Carolina at Chapel Hill. While
a graduate student, he helped create Netnews; for this, he and the other
collaborators were awarded the 1995 USENIX Lifetime Achievement
Award. At AT&T Laboratories, Dr. Bellovin does research in networks and
security and why the two do not get along. He has embraced a number of
public interest causes and weighed in (e.g., through his writings) on initia-
tives (e.g., in the areas of cryptography and law enforcement) that appear to
threaten privacy. He is currently focusing on cryptographic protocols and
network management. Dr. Bellovin is the coauthor of the book Firewalls and
Internet Security: Repelling the Wily Hacker, and he is one of the Security
Area directors for the Internet Engineering Task Force. He was a member of
the CSTB committee that produced Trust in Cyberspace (1999) and served on
the Information Technology subcommittee of the group that produced the
NRC report Making the Nation Safer. He has been a member of the National
Academy of Engineering since 2001.
BOB BLAKLEY is chief scientist for security and privacy at IBM Tivoli
Software. He is general chair of the 2003 Institute for Electrical and
Electronics Engineers Security and Privacy Conference and has served as
general chair of the Association for Computing Machinery's (ACM's) New
Security Paradigms Workshop. He was named Distinguished Security
Practitioner by the 2002 ACM Computer Security and Applications Con-
ference and serves on the editorial board for the International Journal of
Information Security. Dr. Blakley was the editor of the Object Management
Group's Common Object Request Broker Architecture (CORBA) security
specification and is the author of CORBA Security: An Introduction to Safe
Computing with Objects, published by Addison-Wesley. Dr. Blakley was
also the editor of the Open Group's Authorization Application Program-
ming Interface specification and the OASIS Security Services Technical
Committee's Security Assertion Markup Language specification effort.
He has been involved in cryptography and data security design work
since 1979 and has authored or coauthored seven papers on cryptogra-
phy, secret-sharing schemes, access control, and other aspects of com-
puter security. He holds nine patents on security-related technologies.
Dr. Blakley received an A.B. in classics from Princeton University and a
master's degree and a Ph.D. in computer and communications sciences
from the University of Michigan.
DREW DEAN is a computer scientist at SRI International. He joined SRI
in July 2001; prior to that he was a member of the research staff at Xerox
PARC. He pioneered the systematic study of lava security and more
OCR for page 200
200
APPENDIX A
recently has worked across a wide range of security issues, including
denial of service, the theory of access control, and IP traceback. Among
his publications, he has received a Best Student Paper award from the
ACM Computer and Communications Security conference (1997), an
Outstanding Paper award from the ACM Symposium on Operating Sys-
tem Principles (1997), and a Best Paper Award from the Internet Society's
Network and Distributed Systems Security Symposium (2001~. Dr. Dean
is a member of the editorial board of Springer-Verlag's International Jour-
nal of Information Security. Dr. Dean holds M.A. and Ph.D. degrees from
Princeton University and a B.S. degree from Carnegie Mellon University,
all in computer science.
BARBARA FOX is a senior software architect in cryptography and digital
rights management at Microsoft Corporation and is currently a senior
fellow at the Kennedy School of Government at Harvard University. She
serves on the technical advisory board of The Creative Commons and the
board of directors of the International Financial Cryptography Associa-
tion. Ms. Fox joined Microsoft in 1993 as director of advanced product
development and led the company's electronic commerce technology de-
velopment group. She has coauthored Internet standards in the areas of
Public Key Infrastructure and XML security. Her research at Harvard
focuses on digital copyright law, public policy, and privacy.
STEPHEN H. HOLDEN is an assistant professor in the Department of
Information Systems at the University of Maryland, Baltimore County.
Dr. Holden's research, publications, and teachings leverage his substan-
tial federal government experience in government-wide policy in infor-
mation technology management and electronic government. He left the
Internal Revenue Service (IRS) in 2000 after a 16-year career in the federal
career service. While at the IRS, he served as the program executive for
electronic tax administration (ETA) modernization, reporting to the assis-
tant commissioner (ETA). He also served on the Federal Public Key Infra-
structure Steering Committee during his time at the IRS. Prior to going to
the IRS, Dr. Holden worked for 10 years at the Office of Management and
Budget, doing a variety of policy, management, and budget analysis work.
His federal civil servant career began in 1983 when he was a Presidential
management intern at the Naval Sea Systems Command. He holds a
Ph.D. in public administration and public affairs from Virginia Polytech-
nic and State University, a Master of Public Administration, and a B.A. in
public management from the University of Maine.
DEIRDRE MULLIGAN was recently appointed director of the new
Samuelson Law, Technology and Public Policy Clinic at the University of
OCR for page 201
APPENDIX A
201
California, Berkeley, School of Law (Boalt Hall). While attending
Georgetown University Law Center, Ms. Mulligan worked at the Ameri-
can Civil Liberties Union's Privacy and Technology project, where she
honed her interest in preserving and enhancing civil liberties and demo-
cratic values. After law school, she became a founding member of the
Center for Democracy and Technology, a high-tech public interest organi-
zation for civil liberties based in Washington, D.C. For the past 6 years,
Mulligan has been staff counsel at the center. She has worked with fed-
eral lawmakers, government agencies, the judicial system, public interest
organizations, and the high-tech business community, with the goal of
enhancing individual privacy on the Internet, thwarting threats to free
speech on the Internet, and limiting governmental access to private data.
She has testified in several settings and has contributed to technical stan-
dards development. Ms. Mulligan received her I.D., cum laude, from
Georgetown University Law Center in 1994 and a B.A. in architecture and
art history from Smith College in 1988.
JUDITH S. OLSON is the Richard W. Pew Chair in Human Computer
Interaction at the University of Michigan. She is also a professor in the
School of Information, Computer and Information Systems, the Business
School, and the Department of Psychology. Her research interests in-
clude computer-supported cooperative work, human-computer interac-
tion, the design of business information systems for organizational effec-
tiveness, and cognitive psychology. Dr. Olson's recent research focuses
on the nature of group work and the design and evaluation of technology
to support it. This field combines cognitive and social psychology with
the design of information systems. She began her career at the University
of Michigan in the Department of Psychology, served as a technical su-
pervisor for human factors in systems engineering at Bell Laboratories in
New Jersey, and returned to the University of Michigan, first to the Busi-
ness School and then the new School of Information. She has more than
60 publications in journals and books and has served on a number of
national committees, including the National Research Council's Commit-
tee on Human Factors and the council of the Association for Computing
Machinery (ACM). She has recently been appointed to the CHI Academy
of the ACM's Special Interest Group for Human-Computer Interaction.
Dr. Olson earned a B.A. in mathematics and psychology from Northwest-
ern University in 1965 and her Ph.D. 4 years later in the same disciplines
from the University of Michigan.
JOE PATO is the principal scientist for the HP Labs Trust, Security and
Privacy research program. He has also served as chief technology officer
for Hewlett-Packard's Internet Security Solutions Division. Mr. Pato's
OCR for page 202
202
APPENDIX A
current research focus is the security needs of collaborative enterprises on
the Internet, addressing both interenterprise models and the needs of
lightweight instruments and peripherals directly attached to the Internet.
Specifically, he is looking at critical infrastructure protection and the
confluence of trust, e-services, and mobility. These interests have led him
to look at the preservation of Internet communication in the event of
cyberterrorism, trust frameworks for mobile environments, and how to
apply privacy considerations in complex systems. His work in cybercrime
and homeland security recently led him to become one of the founders
and board members of the IT Sector Information Sharing and Analysis
Center. His past work included the design of delegation protocols for
secure distributed computation, key exchange protocols, interdomain
trust structures, the development of public- and secret-key-based infra-
structures, and the more general development of distributed enterprise
environments. Mr. Pato has participated on several standards or advisory
committees for the Institute for Electrical and Electronics Engineers,
American National Standards Institute, National Institute of Standards
and Technology, Department of Commerce, Worldwide Web Consortium,
Financial Services Technology Consortium, and Common Open System
Environment. He is currently the co-chair of the OASIS Security Services
Technical Committee, which is developing Security Assertions Markup
Language.
RADIA PERLMAN is a Distinguished Engineer at Sun Microsystems
Laboratories. She is the architect for a group that does research in net-
work security issues, recently most focused on public key infrastructure
deployment. Some of the group's implementation will be distributed as
part of a reference implementation for lava. Dr. Perlman is the author of
many papers in the field of network security, as well as coauthor of a
textbook on network security (and author of a textbook on lower-layer
networking protocols). She is well known for her work on sabotage-proof
routing protocols. Her work on lower-layer protocols, also well known,
forms the basis of modern bridging, switching, and routing protocols.
This expertise is crucial to understanding the technology behind such
things as providing Internet anonymity. Dr. Perlman has about 50 issued
patents, a Ph.D. in computer science from the Massachusetts Institute of
Technology, and S.B. and S.M. degrees in mathematics from MIT. She was
recently awarded an honorary doctorate from the Royal Institute of Tech-
nology, Sweden.
PRISCILLA M. REGAN is an associate professor in the Department of
Public and International Affairs at George Mason University. Prior to
joining that faculty in 1989, she was a senior analyst in the congressional
OCR for page 203
APPENDIX A
203
Office of Technology Assessment (1984-1989) and an assistant professor
of politics and government at the University of Puget Sound (1979-1984~.
Since the mid-1970s, Dr. Regan's primary research interest has been analy-
sis of the social, policy, and legal implications of the organizational use of
new information and communications technologies. She has published
more than 20 articles or book chapters, as well as Legislating Privacy: Tech-
nology, Social Values, and Public Policy (University of North Carolina Press,
1995~. As a recognized researcher in this area, Dr. Regan has testified
before Congress and participated in meetings held by the Department of
Commerce, the Federal Trade Commission, the Social Security Adminis-
tration, and the Census Bureau. She received her Ph.D. in government
from Cornell University in 1981 and her B.A. from Mount Holyoke Col-
lege in 1972.
JEFFREY SCHILLER received his S.B. in electrical engineering (1979)
from the Massachusetts Institute of Technology (MIT). As MIT network
manager, he has managed the MIT Campus Computer Network since its
inception in 1984. Before that, he maintained MIT's Multiplexed Informa-
tion and Computing Service (Multics) time-sharing system during the
time of the ARPANET TCP/IP conversion. He is an author of MIT's
Kerberos authentication system. Mr. Schiller is the Internet Engineering
Steering Group's area director for security. He is responsible for oversee-
ing security-related working groups of the Internet Engineering Task
Force. He was responsible for releasing a U.S. legal freeware version of
the popular POP (Pretty Good Privacy) encryption program. Mr. Schiller
is also responsible for the development and deployment of an X.509-
based public key infrastructure at MIT. He is also the technical lead for
the new Higher Education Certifying Authority being operated by the
Corporation for Research and Educational Networking. Mr. Schiller is
also a founding member of the Steering Group of the New England Aca-
demic and Research Network (NEARnet). NEARnet, now part of Genuity,
Inc., is a major nationwide Internet service provider.
SOUMITRA SENGUPTA is assistant professor in the Department of
Medical Informatics at Columbia University. Dr. Sengupta has focused
his work on the challenges of security and privacy in health care, comple-
menting his academic work by service as security officer for the New
York Presbyterian Healthcare System. His research interests are in the
areas of distributed systems, their monitoring, management, and security
aspects, and their application in a health care environment. He is inter-
ested in the architectural design and engineering concerns of building
large, functioning systems over heterogeneous platforms and protocols.
Dr. Sengupta holds a B.E. from Birla Institute of Technology and Science
OCR for page 204
204
APPENDIX A
(electrical and electronics engineering), Pilani, India, and M.S. and Ph.D.
degrees from the State University of New York at Stony Brook, New York,
in computer science. He was a member of the Association for Computing
Machinery (1984-1994), the Institute for Electrical and Electronics Engi-
neers (IEEE) Computer Society (1984-1992) and is currently a member of
the American Medical Informatics Association.
NAMES L. WAYMAN has been the director of the Biometrics Test Center
at San lose State University in California since 1995. The Test Center is
funded by the U.S. government and other national governments to de-
velop standards and scientific test and analysis methods and to advise on
the use or nonuse of biometric identification technologies. The test center
served as the U.S. National Biometrics Test Center from 1997 to 2000. Dr.
Wayman received the Ph.D. degree in engineering from the University of
California at Santa Barbara in 1980 and joined the faculty of the Depart-
ment of Mathematics at the U.S. Naval Postgraduate School in 1981. In
1986, he became a full-time researcher for the Department of Defense in
the areas of technical security and biometrics. Dr. Wayman holds three
patents in speech processing and is the author of dozens of articles in
books, technical journals, and conference proceedings on biometrics,
speech compression, acoustics, and network control. He serves on the
editorial boards of two journals and on several national and international
biometrics standards committees. He is a senior member of the Institute
for Electrical and Electronic Engineers.
DANIEL l. WEITZNER is the director of the World Wide Web Con-
sortium's (W3C's) Technology and Society activities. As such, he is re-
sponsible for the development of technology standards that enable the
Web to address social, legal, and public policy concerns such as privacy,
free speech, protection of minors, authentication, intellectual property,
and identification. He is also the W3C's chief liaison to public policy
communities around the world and a member of the Internet Corporation
for Assigned Names and Numbers Protocol Supporting Organization Pro-
tocol Council. Mr. Weitzner holds a research appointment at the Massa-
chusetts Institute of Technology's (MIT's) Laboratory for Computer Sci-
ence and teaches Internet public policy at MIT. Before joining the W3C, he
was cofounder and deputy director of the Center for Democracy and
Technology, an Internet civil liberties organization in Washington, D.C.
He was also deputy policy director of the Electronic Frontier Foundation.
As one of the leading figures in the Internet public policy community, he
was the first to advocate user control technologies such as content filter-
ing and rating to protect children and avoid government censorship of
OCR for page 205
APPENDIX A
205
the Internet. These arguments played a critical role in the 1997 U.S. Su-
preme Court case, Reno v. ACLU, awarding the highest free speech pro-
tections to the Internet. He successfully advocated the adoption of amend-
ments to the Electronic Communications Privacy Act creating new privacy
protections for online transactional information such as Web site access
logs. Mr. Weitzner has a degree in law from Buffalo Law School and a
B.A. in Philosophy from Swarthmore College. His publications on com-
munications policy have appeared in the Yale Law Review, Global Networks,
Computerworld, Wired Magazine, Social Research, Electronic Networking: Re-
search, Applications and Policy, and The Whole Earth Review. He is also a
commentator for National Public Radio's Marketplace Radio.
STAFF
LYNETTE I. MILLETT is a study director and program officer with the
Computer Science and Telecommunications Board (CSTB) of the National
Research Council. She is currently involved in several CSTB projects,
including a study examining certification and dependable systems, a com-
prehensive exploration of privacy in the information age, and a look at
the fundamentals of computer science as a research discipline. She is also
exploring possible study options for CSTB with respect to the issues of
biometrics and open source software development. She recently com-
pleted a CSTB study that produced Embedded, Everywhere: A Research
Agendafor Networked Systems of Embedded Computers. Before joining CSTB,
Ms. Millett was involved in research on static analysis techniques for
concurrent programming languages as well as research on value-sensi-
tive design and informed consent online. She has an M.Sc., is "ABD" in
computer science from Cornell University, and has a B.A. in mathematics
and computer science from Colby College. Her graduate work was sup-
ported by both a National Science Foundation graduate fellowship and
an Intel graduate fellowship.
JENNIFER M. BISHOP has been a senior project assistant with the Com-
puter Science and Telecommunications Board (CSTB) since October 2001.
She is currently supporting several projects, including Digital Archiving
and the National Archives and Records Administration; Computing Fron-
tiers: Prospects from Biology; and Telecommunications Research and De-
velopment. She also maintains CSTB's contact database, handles updates
to the CSTB Web site, and has designed book covers for several reports.
Prior to her move to Washington, D.C., Ms. Bishop worked for the City of
Ithaca, New York, coordinating the police department's transition to a
new SQL-based time accrual and scheduling application. Her other work
OCR for page 206
206
APPENDIX A
experience includes designing customized hospitality-industry perfor-
mance reports for RealTime Hotel Reports, maintaining the police records
database for the City of Ithaca, and hand-painting furniture for
Mackenzie-Childs, Ltd., of Aurora, New York. She is an artist working in
oil and mixed media. Ms. Bishop holds a B.F.A (2001) in studio art from
Cornell University.
Representative terms from entire chapter:
network security
