Marshall D. Abrams Invited Essay Program

Mr. O. Sami Saydjari is the founder and Chief Executive Officer of the Cyber Defense Agency LLC, where he provides vision, leadership and expertise for building a Research and Consulting concern that creates effective systematic defenses for high-value systems against aggressive cyber-attack. Before founding the Cyber Defense Agency, Mr. Saydjari was a Senior Staff Scientist in SRI International's Computer Science Laboratory, where he was the program leader of the Cyber Defense Research Center (CDRC). While at SRI, Mr. Saydjari led the survivability assessment of the DARPA UltraLog program, whose goal to improve the survivability of software agent architectures to solve large-scale distributed applications.

Prior to SRI, Mr. Saydjari was the Information Assurance Program Manager for DARPA's Information Systems Office. He created and drove the security architecture and technology for a common reference architecture for DARPA and DISA's advanced programs. His focus areas include high-assurance operating systems, network security, public-key infrastructures, and security architecture. Before his assignment at DARPA, Mr. Saydjari was the technical director of the Office of Network Security Infrastructure for the National Security Agency (NSA). In this role, Mr. Saydjari performed an advanced survivability architecture analysis of the MISSI system, including attack trees and fundamental review of required system architecture properties. At NSA, Mr. Saydjari was also the leader of several information assurance research teams in A1 INFOSEC systems design (LOCK), highly assured distributed operating systems design, and trustworthy network systems design.

Mr. Saydjari earned his M.S. in Computer Science from Purdue University. The Director of NSA named Mr. Saydjari an NSA Fellow in 1993 and 1994. He has published more than a dozen technical papers in the field of information security and has presented the results of his research at both such as the National Cryptologic Quarterly, the National Computer Security Conference, IEEE Security and Privacy Conference, and the ACM New Security Paradigms Workshop. He is based in Wisconsin Rapids, Wisconsin.

Daniel Weitzner is Co-Director of the MIT CSAIL Decentralized Information Group, teaches Internet public policy in the Electrical Engineering and Computer Science Department, and is Policy Director of the World Wide Web Consortium's Technology and Society activities. At DIG he leads research on the development of new technology and public policy models for addressing legal challenges raised by the Web, including privacy, intellectual property, identity management and new regulatory models for the Web. At W3C he is responsible for Web standards needed to address public policy requirements, including the Platform for Privacy Preference (P3P) and XML Security technologies. He was the first to advocate user control technologies such as content filtering to protect children and avoid government censorship. These arguments played a critical role in the landmark Internet freedom of expression case in the United States Supreme Court, Reno v. ACLU (1997). In 1994, his advocacy work won legal protections for email and web logs in the US Electronic Communications Privacy Act.

Weitzner was co-founder and Deputy Director of the Center for Democracy and Technology, and Deputy Policy Director of the Electronic Frontier Foundation. He serves on the Boards of Directors of the Center for Democracy and Technology, the Software Freedom Law Center, and the Internet Education Foundation.

Weitzner has law degree from Buffalo Law School, and a B.A. in Philosophy from Swarthmore College. His writings have appeared in Science magazine, the Yale Law Review, Communications of the ACM, Computerworld, Wired Magazine, Social Research, Electronic Networking: Research, Applications & Policy, and The Whole Earth Review.

As Director of Government Research, Mr. Brian Witten leads all federally sponsored research and development within Symantec. Symantec Government Research is charged with the responsibility of developing technology for future Symantec products and services emerging from federally sponsored research solving nationally critical problems. Symantec pursues much of this research in partnership with world renowned universities. An experienced information security expert, Mr. Witten has also worked closely with both established industry leaders and early stage venture backed companies founded on disruptive technology.

Prior to joining Symantec, Mr. Witten worked at the Defense Advanced Research Projects Agency (DARPA), the U.S. military’s central research and development organization charged with sponsoring revolutionary, high-payoff research to maintain the technological superiority of the U.S. military. While at DARPA, he focused on creation of new network security technologies to protect current and future information systems supporting "Network Centric Warfare." At DARPA, Mr. Witten managed an R&D investment portfolio of more than $150 million in U.S. and international efforts.

Mr. Witten began his technology career as on officer in the U.S. Air Force where he first began collaborating with leading academic institutions and commercial firms in information security research while assigned to Rome Laboratories and Air Force Research Labs (AFRL).

Mr. Witten received his B.S. in Electrical and Computer Engineering from the University of Colorado.

Mary Ellen Zurko leads security architecture and strategy for Lotus Workplace, Portal, and Collaboration Software at IBM. She defined the field of User-Centered Security in 1996. She is on the steering committee for New Security Paradigms Workshop and the International World Wide Web Conference series. She has worked in security since 1986, at The Open Group Research Institute and Digital Equipment Corporation, as well as IBM. She is a contributor to the upcoming O.Reilly book, .Security and Usability: Designing Secure Systems that People Can Use.

Dr. Rebecca Mercuri became an overnight celebrity during the media frenzy that ensued when the U.S. Presidential election ended in a dead heat in November 2000. A few weeks earlier, she had successfully defended her Doctoral Dissertation "Electronic Vote Tabulation: Checks and Balances" at the University of Pennsylvania, and then found herself writing testimony in the now-legendary Bush v. Gore case that was working its way through the legal system. Her testimony was presented to the U.S. 11th Circuit Court of Appeals and referenced in one of the briefs to the U.S. Supreme Court. Since then, she has provided formal testimony on voting systems to the House Science Committee, Federal Election Commission, U.S. Commission of Civil Rights, and the U.K. Cabinet, has been quoted in the U.S. Congressional Record, and has played a direct role in municipal, state, federal, and international legislative initiatives. Rebecca's comments on election technology are frequently cited by the media, and she authors the quarterly "Security Watch" column in the Communications of the Association for Computing Machinery (archived at www.notablesoftware.com).

Rebecca is a senior member of the IEEE and serves in their working group on voting system standards. She is a co-founder of the Princeton professional chapter of the ACM/IEEE computer society. Having completed a fellowship at the John F. Kennedy School of Government in their Belfer Center for Science and International Affairs, Dr. Mercuri's research efforts are currently supported by Harvard University's Radcliffe Institute.

Lance Spitzner is a geek who constantly plays with computers, especially network security. He loves security because it is a constantly changing environment, your job is to do battle with the bad guys. This love for tactics first began in the Army, where he served for seven years, four as an Armor officer in the Army's Rapid Deployment Force. Following the military he received his M.B.A and became involved in the world of information security. Now he fights the bad guys with IPv4 packets as opposed to 120mm SABOT rounds. His passion is researching honeypot technologies and using them to learn more about the enemy. He is founder of the Honeynet Project, moderator of the honeypot maillist, author of Honeypots: Tracking Hackers, co-author of Know Your Enemy and author of several whitepapers. He has also spoken at various conferences and organizations, including SANS, Blackhat, FIRST, the Pentagon, NSA, CIA the FBI Academy, JTF-CNO, the President's Advisory Board, the Army War College, DOJ, West Point and Navy War College. When not actively leading the Honeynet Project, Lance consults for Honeypot Technologies Inc.

Lance Spitzner earned a B.A. History from the University of Illinois - Champaign and an MBA from the Univiversity of Illinois - Chicago.

When not involved in network security he attempts to have as much fun as possible. He developed a love for Scuba Diving, spending several months exploring dive sites in the remote islands of Indonesia. When not diving, he comes up with other excuses to get out, especially roller blading or hiking. He also loves military history, especially the tools and tactics of medieval warfare. This is where he gets his interest for network security, as there are many similarities between information security and combat tactics.

Dr. Daniel Geer oversees the strategy and direction of @stake's approach to digital security. Over the last 25 years, he has researched, developed, and instructed on the use of technology in medical computing, distributed systems management, and digital security. Dr. Geer has an extensive background in medical computing, culminating in a systems manager role for the Health Sciences Computer Facility at Harvard University. He went on to manage systems development for MIT's Project Athena, the first large distributed computing plant. Project Athena introduced much of the general organization of enterprise computing we now take for granted, including the X Windows System and Kerberos.

In the private sector, Dr. Geer served as a Director of Engineering at Open Market, Inc. and as Chief Scientist and Vice President of OpenVision Technologies (now Veritas). Prior to joining @stake, he was Vice President and Senior Strategist at CertCo, the leading on-line risk assurance authority.

An expert in modern security protocols and network solutions, Dr. Geer has been called to testify before the House Science Committee and the Subcommittee on Technology about public policy in the age of electronic commerce.

Dr. Geer speaks and publishes regularly on a range of issues in digital security. His November 1998 speech, "Risk Management is Where the Money Is," has been widely quoted, warranting both reprint as a special issue of the RISKS Digest and prompting editorial comment in Wired Magazine. With Avi Rubin of ATT Research and Marcus Ranum of Network Flight Recorder, he is co-author of The WebSecurity Sourcebook.

He holds a Sc.D. in biostatistics from the Harvard University School of Public Health as well as an S.B. in Electrical Engineering and Computer Science from MIT. He recently completed his term as President of USENIX, the advanced computing systems association.

Dr. Roger R. Schell is President of ÆSec, a new company focused on appliances built on hardened platforms for secure, reliable e-business on the Internet. For several years he managed the successful development and delivery of security for several Novell releases of network software products including an integral PKI, an international crypto API, and an authentication service with exposed SSL capability. Dr. Schell was co-founder and Vice President for Engineering of Gemini Computers, Inc., where he directed development of Gemini's highly secure (Class A1) network processor commercial product. He was also the founding Deputy Director of the DoD (now National) Computer Security Center. Previously he was an Associate Professor of Computer Science at the Naval Postgraduate School.

Dr. Schell received a Ph.D. in Computer Science from the MIT, an M.S.E.E. from Washington State, and a B.S.E.E. from Montana State. He originated several key modern security design and evaluation techniques and holds patents in cryptography and authentication. He is widely regarded as the "father" of the Trusted Computer System Evaluation Criteria (the "Orange Book"). The NIST and NSA have recognized Dr. Schell with the National Computer System Security Award, the nation's highest honor in the information security field.

Abstract
(HTML)

Essay
(Acrobat Format)

Butler Lampson is an Architect at Microsoft Corporation and an Adjunct Professor of Computer Science and Electrical Engineering at MIT. He was on the faculty at Berkeley, at the Computer Science Laboratory at Xerox PARC, and at Digital's Systems Research Center. He has worked on computer architecture, local area networks, raster printers, page description languages, operating systems, remote procedure call, programming languages and their semantics, programming in the large, fault-tolerant computing, transaction processing, computer security, and WHSIWYG editors. He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages.

He received an AB from Harvard University, a PhD in EECS from the University of California at Berkeley, and honorary ScD's from the Eidgenoessische Techniche Hochschule, Zurich and the University of Bologna. He holds a number of patents on networks, security, raster printing, and transaction processing. He is a member of the National Academy of Engineering and a Fellow of the Association for Computing Machinery and the American Academy of Arts and Sciences. He received the ACM's Software Systems Award in 1984 for his work on the Alto, the IEEE Computer Pioneer award in 1996, the National Computer Systems Security Award in 1998, and the Turing Award in 1992.

More information may be found at http://research.microsoft.com/lampson/.