feb
7
2011

CRCS Seminar: Cybersecurity Challenge

Steven Bellovin, Columbia University

CRCS Lunch Seminar
Date: Monday, February 7, 2011
Time: 11:30am - 1:-00pm
Place: Maxwell Dworkin 119

Speaker:  Steven Bellovin, Columbia University
Title:  Cybersecurity Challenge

Abstract:   From more or less any perspective, we have failed in our attempts to build secure systems.  We argue that given one uncontroversial assumption -- that bug-free code is impossible, if only because we cannot construct bug-free specifications -- this is unlikely to change.  Doing the same thing over and over again and expecting a different result is one class definition of insanity, but that's what security people have been doing.  Instead, we outline a fundamentally different approach to security, called resilient system design.

Bio:  Steven M. Bellovin is a professor of computer science at Columbia University<http://www.cs.columbia.edu>, where he does research on networks, security, and especially why the two don't get along. He joined the faculty in 2005 after many years at Bell Labs<http://www.bell-labs.com> and AT&T Labs Research<http://www.research.att.com>, where he was an AT&T Fellow<http://www.research.att.com/viewAwardCategory.cfm?id=1>. He received a BA degree from Columbia University<http://www.columbia.edu>, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill<http://www.cs.unc.edu>. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix<http://www.usenix.org> Lifetime Achievement Award (The Flame)<http://www.usenix.org/about/flame.html>. He is a member of the National Academy of Engineering<http://www.nae.edu/> and is serving on the Computer Science and Telecommunications Board<http://www.cstb.org> of the National Academies<http://www.nationalacademies.org>, the Department of Homeland Security's Science and Technology Advisory Committee<http://www.dhs.gov/xres/committees/gc_1163542152895.shtm>, and the Technical Guidelines Development Committee<http://vote.nist.gov/TGDC.htm> of the Election Assistance Commission<http://www.eac.gov/>; he has also received the 2007 NIST/NSA National Computer Systems Security Award<http://www.acsac.org/2006/ncss-pr.html>.

Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker<http://www.wilyhacker.com>, and holds a number patents on cryptographic and network protocols. He has served on many National Research Council<http://sites.nationalacademies.org/nrc/index.htm> study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board<http://www.iab.org> from 1996-2002; he was co-director of the Security Area<http://trac.tools.ietf.org/area/sec/trac/wiki> of the IETF<http://www.ietf.org> from 2002 through 2004.