Security Risks in the Infrastructure
Peter G. Neumann, Computer Science Lab, SRI International
Tuesday 1 Oct 1996, 4:15pm, Gates 104
Abstract
This talk will review some of the most pressing concerns relating to
computer systems and networks that must be secure and reliable -- threats,
vulnerabilities, characteristic penetrations and other misuses, risks,
defensive measures involving operating-system and network security
(including crypto), difficulties in software development, networking and
system operation, problems inherent in distributed systems, and intrinsic
limitations in the use of technology.
Bigraphical Summary
Dr. Peter G. Neumann has been a computer scientist since 1953, with three
degrees from Harvard. He has been in the Computer Science Lab at SRI
International since 1971. Throughout the 1960s he was at Bell Telephone
Laboratories in Murray Hill, NJ, where from 1965 to 1969 he was a
codeveloper of Multics -- which has had a significant impact on subsequent
secure system developments. He has worked on systems that satisfy stringent
requirements for security, reliability, and safety, and on methodologies for
development of such systems. He was a Mackay Lecturer at Stanford in 1964
and at Berkeley in 1970-71. He is Chairman of the Committee on Computers
and Public Policy for the ACM (Association for Computing Machinery),
Moderator of the ACM Forum on Risks to the Public in the Use of Computers
and Related Systems (comp.risks), Editor of the ACM Software Engineering
Notes, and Contributing Editor of the Communications of the ACM. He is a
Fellow of the AAAS, ACM, and IEEE. He was a member of the National Research
Council System Security Study Committee, whose efforts resulted in the book,
Computers at Risk, and has just completed his stint on the NRC study group
that reviewed U.S. crypto policy, resulting in the book, Cryptography's Role
In Securing the Information Society (a.k.a., the CRISIS report)
(). This talk will be illustrated with cases
from the Risks Forum, many of which are documented in his book,
Computer-Related Risks, published by Addison-Wesley (1995).