Research/Areas of Interest
I do very little research now, but previous work was on proving cryptographic protocols; proving safety properties of models of physical systems (this involved using interval arithmetic to achieve correct numerical results using floating point arithmetic); and less formal methods of improving security properties of systems.
Education
- Doctor of Philosophy, Brandeis University, USA, 2004
- Master of Science, Yale University, USA, 1986
- Master of Philosphy, Yale University, USA, 1986
- Bachelor of Arts, Brandeis University, USA, 1982
Biography
I have been working on computer security for my whole career.
I started by working on formal proofs of correctness of cryptographic protocols for distributed systems. I have worked on two large projects, the first of which built a secure system using standard hardware, and the second building a secure system with new hardware, programming languages, and software. Both were technically successful, but did not sell.
My "day job" is working for the Air Force on designing networks for classified information. We have all the security problems that everyone else has and, in addition, have to maintain separate networks for Secret and Top Secret information. The major difficulty this adds is that some information has to move between levels -- the operating systems are unclassified, but have to be moved to the classified networks, and after analyzing classified information, some action (often unclassified) must be taken.
Controlling the information moving between levels is an extremely difficult problem, particularly when moving from a Top Secret network to an unclassified one. One must check that the movement was properly authorized, and that the authorization was based on all the information in the file. So we have to detect Steganography (such as using white text on a white background) as well as more manual techniques such as paraphrasing the information.
I started by working on formal proofs of correctness of cryptographic protocols for distributed systems. I have worked on two large projects, the first of which built a secure system using standard hardware, and the second building a secure system with new hardware, programming languages, and software. Both were technically successful, but did not sell.
My "day job" is working for the Air Force on designing networks for classified information. We have all the security problems that everyone else has and, in addition, have to maintain separate networks for Secret and Top Secret information. The major difficulty this adds is that some information has to move between levels -- the operating systems are unclassified, but have to be moved to the classified networks, and after analyzing classified information, some action (often unclassified) must be taken.
Controlling the information moving between levels is an extremely difficult problem, particularly when moving from a Top Secret network to an unclassified one. One must check that the movement was properly authorized, and that the authorization was based on all the information in the file. So we have to detect Steganography (such as using white text on a white background) as well as more manual techniques such as paraphrasing the information.