Carl E. Landwehr

Privacy and Cybersecurity: The Next 100 Years

The past and the future of privacy and cybersecurity are addressed from four perspectives, by different authors: theory and algorithms, technology, policy, and economics. Each author considers the role of the threat from the corresponding perspective, and each adopts an individual tone, ranging from a relatively serious look at the prospects for improvement in underlying theory and algorithms to more lighthearted considerations of the unpredictable futures of policy and economics.

A security model for military message systems: retrospective

We favor an approach to building secure systems that includes an application-based security model. An instance of such a model and its formalization have been presented. Important aspects of the model are: (1) because it is framed in terms of operations and data objects that the user sees, the model captures the systems security requirements in a way that is understandable to users; (2) the model defines a hierarchy of entities and references; access to an entity can be controlled based on the path used to refer to it; (3) because the model avoids specifying implementation strategies, software developers are free to choose the most effective implementation; (4) the model and its formalization provide a basis for certifiers to assess the security of the system as a whole. Simplicity and clarity in the models statement have been primary goals. The models statement does not, however, disguise the complexity that is inherent in the application. In this respect, we have striven for a model that is as simple as possible but stops short of distorting the users view of the system. The work reported demonstrates the feasibility of defining an application-based security model informally and subsequently formalizing it.

Security Analytics and Measurements

The magazines founding editor in chief, George Cybenko, and his first successor, Carl E. Landwehr, provide perspectives on the need for measuring security and the meaning of those measurements in the context of adversarial dynamics.

Improving Information Flow in the Information Security Market

The market for information security has long been seen as dysfunctional [1]. The remedy proposed in 1990 by [1] was to create a not-for-profit foundation that would establish Generally Accepted System Security Principles along the lines of similar principles for accounting. The proposed “Information Security Foundation” never really got off the ground, though recent years have witnessed continuing efforts to establish “Best Practices” in the government and elsewhere, and several not-for-profit organizations now offer information security training and guidelines.

A National Goal for Cyberspace: Create an Open, Accountable Internet

Todays Internet has proven to be such a valuable resource, so useful in enabling creative new forms of communication and commerce, that it has become a critical infrastructure underlying much of our economy and society. Unfortunately, todays Internet and the machines it connects have also become easy targets for economically and politically motivated attacks that exploit vulnerabilities in computer software and network protocols that were designed without security as a primary consideration. EIC Carl Landwehr explores what it will take to get the Internet to the next level.

Cybersecurity and Artificial Intelligence: From Fixing the Plumbing to Smart Water

Ray Kurzweil predicts that by 2040 or 2050, machine intelligence will exceed human intelligence—an event he and others have dubbed the singularity. Will such intelligent machines be better able to defend themselves than todays relatively unsophisticated ones? Will their intelligence be used for attacks as well??

Speaking of Privacy

When Plato, quoting Socrates, said the unexamined life is not worth living, he was talking about self-examination. Today, it seems every life is examined, but more frequently by others than by ourselves.

History of US Government Investments in Cybersecurity Research: A Personal Perspective

This paper traces the history of cyber security research funding by the U.S. government. Difficulties in accurately measuring the level of U.S. government research funding for cyber security are first described. Some of the legislative and bureaucratic mechanisms involved in funding and reporting such research today are reviewed. A qualitative, personal perspective on the ups and downs of US cyber security research funding from the late 1960s to 2010 is then provided. The essay is written for the thirtieth anniversary meeting of the IEEE Symposium on Security and Privacy, held in May 2010.

Changing the Puzzle Pieces

Could increases in cybersecurity research investments, combined with commercial uptake, lead us to a more trustworthy cyberinfrastructure?

In Memoriam: Paul Karger

V.S. Naipauls latest book cites an African saying: When an old person dies, we say a library has burnt down. Paul Karger was far from old, and he had not only an encyclopedic (and bibliographic) knowledge of our field but also the ability to apply it to new situations. We have indeed lost a library, and more, with Pauls passing in September. In recognition of his impact on the field, IEEE S&P solicited the following tribute from a few of his many colleagues and friends.