Developing Trustworthy Systems
Dr. Peter G. Neumann
Principal Scientist
Computer Science Lab, SRI International
333 Ravenswood Ave, Menlo Park CA 94025-3493
Tel 1-650/859-2375; Neumann@CSL.sri.com http://www.csl.sri.com/neumann
- Place: Simularium, E2 ground floor.
- Time: 2-3:10pm, Wednesday, March 1, 2006
Abstract
Computer-communication systems are becoming a fundamental core of almost every application environment, including critical infrastructures, medical applications, control systems, electronic voting systems, and so on. And yet, those systems are seriously lacking in predictable trustworthiness with respect to security, integrity, reliability, survivability, interoperability, and many other desiderata. This talk addresses some of the problems, some of the risks that have resulted and that are likely to continue in the absence of major cultural changes in the system development process, and various possible approaches. In general, there are no easy answers, but many useful steps that could be effective. The talk will be illustrated with various examples from the archives of the ACM Risks Forum.
Background
Extensive background can be found in Peter Neumann's book, Computer-Related Risks, Addison-Wesley, 1995, and on the Web:
Neumann's Principled Assuredly Trustworthy Composable Architectures report, 28 December 2004: ps, pdf, html.
Speaker's Bio
Peter G. Neumann (Neumann@CSL.sri.com) has doctorates from Harvard and Darmstadt. After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, during which he was heavily involved in the Multics development jointly with MIT and Honeywell, he has been in SRI's Computer Science Lab since September 1971. He is concerned with computer systems and networks, security, reliability, survivability, safety, and many risks-related issues such as voting-system integrity, crypto policy, social implications, and human needs including privacy. His book, Computer-Related Risks, has gone through five printings, and is now being cranked out as needed by Addison-Wesley. He is on the Editorial Board of IEEE Security and Privacy. He moderates the ACM Risks Forum, edits CACM's monthly Inside Risks column, chairs the ACM Committee on Computers and Public Policy, and co-founded People For Internet Responsibility (PFIR, http://www.PFIR.org). He is a Fellow of the IEEE, ACM, and AAAS, and is also an SRI Fellow. He is the 2002 recipient of the National Computer System Security Award. He is a member of the U.S. Government Accountability Office (formerly General Accounting Office) Executive Council on Information Management and Technology, and the California Office of Privacy Protection advisory council. He has taught at Stanford, U.C. Berkeley, and the University of Maryland. See his Web site (http://www.csl.sri.com/neumann) for further background, Senate and House testimonies, bibliography, etc.