Security Risks in the Infrastructure

Peter G. Neumann, Computer Science Lab, SRI International
Tuesday 1 Oct 1996, 4:15pm, Gates 104

Abstract

This talk will review some of the most pressing concerns relating to computer systems and networks that must be secure and reliable -- threats, vulnerabilities, characteristic penetrations and other misuses, risks, defensive measures involving operating-system and network security (including crypto), difficulties in software development, networking and system operation, problems inherent in distributed systems, and intrinsic limitations in the use of technology.

Bigraphical Summary

Dr. Peter G. Neumann has been a computer scientist since 1953, with three degrees from Harvard. He has been in the Computer Science Lab at SRI International since 1971. Throughout the 1960s he was at Bell Telephone Laboratories in Murray Hill, NJ, where from 1965 to 1969 he was a codeveloper of Multics -- which has had a significant impact on subsequent secure system developments. He has worked on systems that satisfy stringent requirements for security, reliability, and safety, and on methodologies for development of such systems. He was a Mackay Lecturer at Stanford in 1964 and at Berkeley in 1970-71. He is Chairman of the Committee on Computers and Public Policy for the ACM (Association for Computing Machinery), Moderator of the ACM Forum on Risks to the Public in the Use of Computers and Related Systems (comp.risks), Editor of the ACM Software Engineering Notes, and Contributing Editor of the Communications of the ACM. He is a Fellow of the AAAS, ACM, and IEEE. He was a member of the National Research Council System Security Study Committee, whose efforts resulted in the book, Computers at Risk, and has just completed his stint on the NRC study group that reviewed U.S. crypto policy, resulting in the book, Cryptography's Role In Securing the Information Society (a.k.a., the CRISIS report) (). This talk will be illustrated with cases from the Risks Forum, many of which are documented in his book, Computer-Related Risks, published by Addison-Wesley (1995).


Peter G. Neumann Home Page