|
Computer Science Department and Electrical and Computer Engineering Department Colloquium Security from Tags Speaker: Fred B. Schneider, Eckert Professor of Computer Science, Computer Science, Cornell University When: 9:30AM ~ 10:30AM, Tuesday, October 23 Where: Clark A 202 Contact: Indrakshy Ray (Indrakshi.Ray@colostate.edu) Abstract: Reference monitors generally restrict operation invocation. We discuss an alternative approach to security: enforcing restrictions that labels give about how a value may be used. A new class of reactive information flow (RIF) labels is useful, and we describe a static enforcement scheme. We also discuss run-time enforcement for chains of labels, including results that characterize the trade-off between chain length and permissiveness. Bio: Fred B. Schneider is Samuel B. Eckert Professor of Computer Science at Cornell University. He joined Cornell's faculty in Fall 1978 and served as department chair from 2014-2018, having completed a Ph.D. at Stony Brook University and a B.S. in Engineering at Cornell in 1975. Schneider's research has focused on various aspects of trustworthy systems --- systems that will perform as expected, despite failures and attacks. His early work concerned formal methods to aid in the design and implementation of concurrent and distributed systems that satisfy their specifications. He is author of two texts on that subject: On Concurrent Programming and (co-authored with D. Gries) A Logical Approach to Discrete Mathematics. He is also known for his research in theory and algorithms for building fault-tolerant distributed systems. His paper on the "state machine approach" for managing replication received (in 2007) an SOSP "Hall of Fame" award for seminal research. And his paper on fail-stop processors (with Richard Schlichting) received the Jean-Claude Laprie Award in Dependable Computing. More recently, his interests have turned to system security. His work characterizing what policies can be enforced with various classes of defenses is widely cited, and it is seen as advancing the nascent science base for security. He is also engaged in research concerning legal and economic measures for improving system trustworthiness. Schneider was elected Fellow of the American Association for the Advancement of Science (1992), the Association of Computing Machinery (1995), and the Institute of Electrical and Electronics Engineers (2008). He was named Professor-at-Large at the University of Tromso (Norway) in 1996 and was awarded a Doctor of Science honoris causa by the University of Newcastle-upon-Tyne in 2003 for his work in computer dependability and security. He received the 2012 IEEE Emanuel R. Piore Award for "contributions to trustworthy computing through novel approaches to security, fault-tolerance and formal methods for concurrent and distributed systems". The U.S. National Academy of Engineering elected Schneider to membership in 2011, the Norges Tekniske Vitenskapsakademi (Norwegian Academy of Technological Sciences) named him a foreign member in 2010, and the American Academy of Arts & Sciences elected him to membership in 2017. Schneider chaired the National Academies Computer Science and Telecommunications Board (CSTB) study on information systems trustworthiness that produced the 1999 volume Trust in Cyberspace. He is currently a member of the National Academies Naval Studies Board, its Computer Science and Telecommunications Board, and is founding chair of its Forum on Cyber Resillience. He is also a member of the U.S. Defense Science Board. In 2007, Schneider was elected to the board of directors of the Computing Research Association (CRA) and served through 2016. During that period, he was a member of CRA's Computing Community Consortium steering committee 2007-2013 and chaired the Government Affairs committee. In Fall 2011, he started the CCC/CRA Leadership in Science Policy Institute, which still runs biannually. Schneider is a frequent consultant to industry, believing this to be an efficient method of technology transfer and a good way to learn about the real problems. He provides technical expertise in fault-tolerance and computer security to a variety of other firms, including Intel, Lincoln Laboratories, NTREPID, and ZeroFox. In addition, Schneider has testified about cybersecurity research at hearings of the US House of Representatives Armed Services Committee (subcommittee on Terrorism, Unconventional Threats, and Capabilities), as well as the Committee on Science and Technology (subcommittee on Technology and Innovation and subcommittee on Research and Science Education). |