Printer friendly version

Fixing cybersecurity topic of Tuesday Director's Colloquium

How to make revolutionary improvements in cybersecurity is the topic of a Director's Colloquium by Purdue University computer sciences professor Eugene Spafford on Tuesday (Nov. 16).

Spafford will discuss "Exploring Grand Challenges in Trustworthy Computing" at the colloquium, scheduled for 1:10 p.m., in the Physics Building Auditorium at Technical Area 3.

Spafford's talk is open to all badgeholders and will be shown on LABNET Channel 9 and on desktop computers using Real Media Stream and IPTV technology.

A year ago, the Computing Research Association sponsored a conference on information security at which participants identified four "grand challenges" that could lead to long-term information infrastructure improvements:

• Eliminate epidemic-style attacks (viruses, worms, e-mail spam) within 10 years;
• Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
• Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade; and
• Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.

Spafford said the steady barrage of attacks and technical flaws in computer systems makes it hard to see such large-scale challenges in the first place, as well as the revolutionary improvements in infrastructure security needed to meet those challenges.

"I will discuss a few of the trends and problems that have been on the minds of researchers and people in industry over the last few years," Spafford said. "I will explain why advances intended to solve these challenges are unlikely to provide long-term improvements in the security of our infrastructure."

He also will discuss some recent ideas on how to make progress on each of the four grand challenges.

Spafford is a professor of computer sciences at Purdue, with courtesy appointments in the Philosophy, Communication and Electrical and Computer Engineering departments. He heads the Center for Education and Research in Information Assurance and Security, a multi-disciplinary center that explores information resource protection.

Spafford has written extensively about information security, cyber-crime, software engineering and professional ethics, publishing more than 100 articles and reports and more than a dozen books or book chapters.

Spafford is a Fellow of the Association for Computing Machinery, the American Academy for the Advancement of Science and the Institute of Electrical and Electronics Engineers. He co-chairs ACM's U.S. Public Policy Committee and is a member of the Board of Directors of the Computing Research Association, and is a member of the President's Information Technology Advisory Council.

His awards and honors include the following: the Computer Society's Golden Core award; selection as a Certified Information Systems Security Professional, honoris causa; the William Hugh Murray medal of the National Colloquium for Information Systems Security Education for contributions to research and education in information security; election to the Information Systems Security Association Hall of Fame; and the National Computer Systems Security Award from the National Institute of Standards and Technology's National Computer Security Conference, generally regarded as the field's most significant honor in information security research. He is a 2003 recipient of the Air Force medal for Meritorious Civilian Service.

--Jim Danneskiold

Other Headlines