Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 257
APPENDIXES
OCR for page 258
OCR for page 259
A
Study Committee Biographies
Fred B. Schneider, Chair
Fred B. Schneider has been on the faculty of Cornell University's
Computer Science Department since 1978. His research concerns concur-
rent systems, particularly distributed and fault-tolerant ones intended for
mission-critical applications. He has worked on formal methods as well
as protocols and system architectures for this setting. Most recently, his
research has been directed at implementing fault-tolerance and security
for mobile processes (so-called agents) that might roam a network.
Dr. Schneider is managing editor of Distributed Computing, co-manag-
ing editor of the Springer-Verlag texts and monographs in computer sci-
ence, and a member of the editorial boards for ACM Computing Surveys,
IEEE Transactions on Software Engineering, High Integrity Systems, Informa-
tion Processing Letters, and Annals of Software Engineering. He is co-author
(with D. Gries) of the introductory text, A Logical Approach to Discrete
Math, and he is author of the monograph, On Concurrent Programming. A
Fellow of the Association for Computing Machinery and the American
Association for the Advancement of Science, Dr. Schneider is also a pro-
fessor-at-large at the University of Tromso (Norway). He was a member
of the 1995 ARPA/ISAT study on defensive information warfare and is a
member of Sun Microsystem's lava Security Advisory Council.
259
OCR for page 260
260
Steven M. Bellovin
APPENDIX A
Steven M. Bellovin received a B.A. degree from Columbia University
and an M.S. and Ph.D. in computer science from the University of North
Carolina at Chapel Hill. While a graduate student, he helped create netnews;
for this, he and the other collaborators were awarded the 1995 USENIX Life-
time Achievement Award. He is a Fellow at AT&T Laboratories, where he
does research in networks and security, and why the two do not get along.
He is currently focusing on cryptographic protocols and network manage-
ment. Bellovin is the co-author of the recent book Firewalls and Internet Secu-
rity: Repelling the Wily Hacker, and he is a member of the Internet Architecture
Board.
Martha Branstad
Martha Branstad is a computer security researcher and entrepreneur.
She was chief operating officer of Trusted Information Systems Inc. (TIS)
and president of its Advanced Research and Engineering Division, direct-
ing a research program that encompassed security in networked and dis-
tributed systems, applications of cryptography, access control and con-
finement within operating systems, and formulation of security policy
and enforcement within dynamically changing systems. Before joining
TIS, Dr. Branstad managed the Software Engineering program at the Na-
tional Science Foundation (NSF), the Software Engineering program at
the National Institute of Standards and Technology (NIST), whose pro-
gram in performance measurement for parallel processing she established,
and research groups at the National Security Agency (NSA). She holds a
Ph.D. in computer science from Iowa State University.
l. Randall Catoe
T. Randall Catoe is senior vice-president of the Internet Engineering,
Solutions, Operations, and Suport Group at Cable and Wireless. Previ-
ously, as executive director of engineering, Catoe led the engineering
portion of Vinton Cerf's Internet Architecture and Engineering Group for
MCI Telecommunications Inc. His responsibilities included design and
development of the internetMCI backbone, including applications, security
infrastructure, and the operation of Web-hosting services. Before joining
MCI in 1994, Mr. Catoe served as the team leader and architect for design
of data handling and control systems for NASA's X-Ray Timing Explorer
spacecraft. In previous positions, Mr. Catoe has served as a vice-presi-
dent of engineering for The Wollongong Group, for which he oversaw the
development of security features in the company's TCP/IP products.
OCR for page 261
APPENDIX A
261
Earlier in his career, Mr. Catoe led a team of systems and network engi-
neers in the design and development of MCImail while he was employed
at Digital Equipment Corporation.
Stephen D. Crocker
Stephen D. Crocker is an Internet researcher and entrepreneur. He
was a founder of CyberCash Inc. and served as its chief technology of-
ficer. He was previously a vice-president for Trusted Information Sys-
tems, a senior researcher at the University of Southern California Infor-
mation Sciences Institute, and a program manager in the Advanced
Research Projects Agency (ARPA). Dr. Crocker was part of the team that
developed the original protocols for the ARPANET, which paved the way
for today's Internet. He served as the area director for security on the
Internet Engineering Task Force for 4 years and was a member of the
Internet Architecture Board for 2 years. Dr. Crocker holds a Ph.D. in
computer science from the University of California at Los Angeles.
Charlie Kaufman
Charlie Kaufman works for Iris Associates Inc. (a wholly owned sub-
sidiary of Lotus Development, which is in turn a wholly owned subsid-
iary of IBM) as security architect for Lotus Notes. Previously, he was
network security architect for Digital Equipment Corporation, and before
that he worked for Computer Corporation of America on a research
project designing highly survivable distributed databases. He is a co-
author of Network Security: Private Communication in a Public World, pub-
lished by Prentice-Hall. He chairs the Internet Engineering Task Force
(IETF) Web Transaction Security Working Group, and he wrote Internet
RFC 1507: "DASS Distributed Authentication Security Service." He
holds more than 20 patents in the fields of computer networking and
computer security.
Stephen T. Kent
Stephen T. Kent is chief scientist for information security at BBN Cor-
poration and chief technical officer for CyberTrust Solutions, both part of
GTE Internetworking. Dr. Kent has been engaged in network security
research and development activities at BBN for 20 years. His work includes
the design and development of user authentication and access control sys-
tems, network and transport layer and electronic messaging security proto-
cols, and a multilevel secure directory system. His most recent projects
include public-key certification systems, mobile IP security, and securing
OCR for page 262
262
APPENDIX A
routing systems against denial-of-service attacks. Dr. Kent served on the
Internet Architecture Board, the oversight body for the Internet standards
process, from 1983 to 1994, and chaired the Privacy and Security Research
Group of the Internet Research Task Force from 1985 to 1998. In the IETF,
he chaired the PEM working group and is currently co-chair of the Public
Key Infrastructure working group. He served on several computer and
network security study committees for the National Research Council, the
Office of Technology Assessment, and other government agencies. He was
a charter member of the board of directors of the International Association
for Cryptologic Research, served on the presidential SKIPlACK review
panel for the Escrowed Encryption System, and chaired the ACM Special
Panel on Cryptography and Public Policy and the Technical Advisory Com-
mittee to develop a FIPS for key recovery.
Dr. Kent is the author of two book chapters and numerous technical
papers on network security and has served as a referee, panelist, and
session chair for a number of conferences. He has lectured on the topic of
network security on behalf of government agencies, universities, and pri-
vate companies worldwide. Dr. Kent received the B.S. degree in math-
ematics from Loyola University of New Orleans, and the S.M., E.E., and
Ph.D. degrees in computer science from the Massachusetts Institute of
Technology. He is a member of the Internet Society, a Fellow of the ACM,
and a member of Sigma Xi.
John C. Knight
John C. Knight received a B.Sc. (mathematics) from the Imperial Col-
lege of Science and Technology, London, England. He also received a
Ph.D. (computer science) from the University of Newcastle upon Tyne,
Newcastle upon Tyne, England. From 1974 to 1981 he was employed
with NASA's Langley Research Center. He has been a member of the
Computer Science Department at the University of Virginia since 1981.
From 1987 to 1989 Dr. Knight was on leave from the University of Vir-
ginia at the Software Productivity Consortium. Dr. Knight's research
interests lie in software engineering for high-dependability applications.
The specific topic areas include formal specification, specification-capture
processes, software architectures especially involving protection shells,
verification including rigorous inspections and testing, and the exploita-
tion of reuse for dependability.
Steven McGeady
Steven McGeady is vice-president of Intel Corporation's Content
Group and director of Intel's Health Technology Initiative. Upon join
OCR for page 263
APPENDIX A
263
ing Intel in 1985, Mr. McGeady led the software development efforts for
Intel's i960 32-bit embedded microprocessor. In 1991, he joined Intel's
Senior Vice-President Ron Whittier in forming the Intel Architecture
Labs. As vice-president and director of Multimedia Software, Mr.
McGeady led the development of Intel's Indeo video compression tech-
nology, key components of the ProShare videoconferencing products,
Intel's and Turner Broadcasting's CNN@Work networked video deliv-
ery system, the Intercast technology for broadcast Web pages, Intel's
Common Data Security Architecture, and numerous other advanced
technology products.
As vice-president and director of Internet technology, Mr. McGeady
led Intel's research into the Internet, the World Wide Web, and lava,
intelligent information filtering and autonomous agents, and new classes
of human-computer interface. He spent the 1996-1997 academic year as a
visiting scientist at the Massachusetts Institute of Technology's Media
Lab, researching aspects of emergent behavior in networks of personal
computers. During that time his article, titled "The Digital Reformation,"
was published in the fall 1996 Harvard Journal of Law and Technology. Mr.
McGeady chairs Intel's Research Council committees for Applications,
Interface and Media, charged with funding and oversight of long-range
academic research. Mr. McGeady studied physics and philosophy at Reed
College in Portland, Oregon, where he became an early developer of the
UNIX operating system, compilers, and graphics and networking soft
ware.
Ruth R. Nelson
Ruth R. Nelson has been involved in network and computer security
research since 1975. Most of her career has been at GTE Government
Systems, with shorter stays at BBN and Digital. In 1993, she left GTE and
started Information System Security, a research and consulting company.
She was an undergraduate and graduate student in pure mathematics at
the Massachusetts Institute of Technology.
In 1989, and again in 1992, Ms. Nelson was an invited participant in
NSA's Network Security Working Group, which was formed to examine
the agency's INFOSEC approach and recommend technical and organiza-
tional improvements. She was one of the invited attendees at the confer-
ence on Network Evaluation Criteria in 1984 and contributed her com-
ments on several drafts of the Trusted Network Interpretation. She has
given several colloquia on computer and network security at the Univer-
sity of Massachusetts in Boston and has assisted on a project to develop a
graduate-level course in network security. She has developed and re-
fined the concept of Mutual Suspicion, which includes firewalls, local
OCR for page 264
264
APPENDIX A
resource control, and the importance of considering security as risk man-
agement.
Allan M. Schiffman
Allan M. Schiffman is chief technologist of SPYRUS and was founder
of its Terisa Systems subsidiary, which merged with SPYRUS in mid-
1997. Mr. Schiffman has more than 25 years of diverse experience in com-
puting, heading major projects in transportation system modeling, mes-
saging systems, software development tools, programming language
environments, and network protocols. He is a regular speaker at industry
and academic conferences, frequently gives lectures and tutorials on se-
curity, and holds several patents. He has been a member of the World
Wide Web Consortium's Security Advisory Board and Netscape's Secu-
rity Advisory Board and frequently consults on the design of communica-
tions security systems for electronic commerce. In 1996, he was part of the
team that designed the SET payment card protocol commissioned by
MasterCard and Visa.
Before the formation of Terisa Systems, Mr. Schiffman held the posi-
tion of chief technical officer at Enterprise Integration Technologies (EIT),
where he was co-designer of the well-known Secure Hypertext Transfer
Protocol (S-HTTP). Also at KIT, Mr. Schiffman served as principal archi-
tect of CommerceNet, an industry consortium dedicated to promoting
Internet commerce. Before joining KIT, Mr. Schiffman was the vice-presi-
dent of technical strategy at ParcPlace Systems, where he led the develop-
ment of the company's well-known Objectworks/Smalltalk product fam-
ily. He has held other senior positions at Schlumberger Research and the
Fairchild Laboratory for AI Research. He received his M.S. in computer
science from Stanford University.
George A. Spix
As chief architect in the Consumer Products Division, George A. Spix
is responsible for Microsoft Corporation's end-to-end solutions for con-
sumer appliances and public networks. He also serves on the board of the
Digital Audio Video Council (DAVIC), the Information Infrastructure
Standards Panel (IISP), and the Commerce Department's Computer Sys-
tems' Security and Privacy Advisory Board (CSSPAB). Mr. Spix joined
Microsoft in 1993 as the director of multimedia document architecture.
He was responsible for the Advanced Consumer Technology Division's
multimedia tools efforts and early third-party tools acquisitions. Later, as
director of infrastructure and services, he headed the team that created
the services and networks required for early interactive television trials.
OCR for page 265
APPENDIX A
265
Before joining Microsoft, Spix spent five years as director of systems and
software development at Supercomputer Systems Inc. in Eau Claire, Wis-
consin. He was responsible for the delivery of systems and software
products for a next-generation supercomputer. Before that, he worked
for Cray Research Inc. in Chippewa Falls, Wisconsin, as a chief engineer,
responsible for systems and software development for the XMP and YMP
line of supercomputers. A Purdue University electrical engineering
graduate, Mr. Spix was drawn to supercomputers, their systems, and
their applications while at Los Alamos National Laboratory.
Doug Tygar
Doug Tygar is a professor at the University of California at Berkeley,
with a joint appointment in the Department of Electrical Engineering and
Computer Science and the School of Information Management and Sys-
tems. Before joining Berkeley, he served on the faculty of the Computer
Science Department of Carnegie Mellon University.
Dr. Tygar's interests are in electronic commerce and computer secu-
rity. He is actively working on several systems projects touching on
subjects including electronic auction technology, special electronic com-
merce protocols for cryptographic postal indicia to prevent forgery, se-
cure remote execution, and user interfaces for computer security. His
previous systems work includes NetBill (a system for low-cost online
microtransactions), CAE tools (developed for Valid Logic Systems, now
part of Cadence), Dyad (a system for using secure coprocessors), ITOSS
(Integrated Toolkit for Operating System Security), Miro (a visual lan-
guage for file system security specification), and Strongbox (a system for
self-securing programs).
Dr. Tygar was an NSF Presidential Young Investigator and serves on
the INFOSEC Science and Technology Study Group. He is active in the
electronic commerce and computer security communities. He consults
widely for both industry and government, has taught a number of profes-
sional seminars on these topics, and has served as program chair for
several conferences in these areas. Dr. Tygar received his bachelor's de-
gree from the University of California, Berkeley, and his Ph.D. from
Harvard University.
W. Earl Boebert, Special Advisor
W. Earl Boebert is a senior scientist at Sandia National Laboratories.
Before joining Sandia he was the founder and chief scientist of Secure
Computing Technology Corporation (SCTC), predecessor to today's Se-
cure Computing Corporation (SCC). At SCTC/SCC he led development
OCR for page 266
266
APPENDIX A
of the LOCK, Secure Network Server, and Sidewinder systems. He has
40 years of experience in the computer industry, with more than 25 of
them in computer security and cryptography. He is the holder of three
and co-holder of five patents in the field, the author and co-author of a
book and numerous papers, and a frequent lecturer. He has been a mem-
ber of numerous government and industry working groups and panels in
the United States and Canada, including the committees of the National
Research Council that produced the reports Computers at Risk and For the
Record.
Representative terms from entire chapter:
computer security
