Date:
Location:
CRCS Lunch Seminar
Date: Monday, February 7, 2011
Time: 11:30am – 1:-00pm
Place: Maxwell Dworkin 119
Speaker: Steve Bellovin, Columbia
Title: Cybersecurity Challenge
Abstract: From more or less any perspective, we have failed in our attempts to build secure systems. We argue that given one uncontroversial assumption — that bug-free code is impossible, if only because we cannot construct bug-free specifications — this is unlikely to change. Doing the same thing over and over again and expecting a different result is one class definition of insanity, but that’s what security people have been doing. Instead, we outline a fundamentally different approach to security, called resilient system design.
Bio: Steven M. Bellovin is a professor of computer science at Columbia University, where he does research on networks, security, and especially why the two don’t get along. He joined the faculty in 2005 after many years at Bell Labs and AT&T Labs Research, where he was an AT&T Fellow. He received a BA degree from Columbia University, and an MS and PhD in Computer Science from the University of North Carolina at Chapel Hill. While a graduate student, he helped create Netnews; for this, he and the other perpetrators were given the 1995 Usenix Lifetime Achievement Award (The Flame). He is a member of the National Academy of Engineering and is serving on the Computer Science and Telecommunications Board of the National Academies, the Department of Homeland Security’s Science and Technology Advisory Committee, and the Technical Guidelines Development Committee of the Election Assistance Commission; he has also received the 2007 NIST/NSA National Computer Systems Security Award.
Bellovin is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker, and holds a number patents on cryptographic and network protocols. He has served on many National Research Council study committees, including those on information systems trustworthiness, the privacy implications of authentication technologies, and cybersecurity research needs; he was also a member of the information technology subcommittee of an NRC study group on science versus terrorism. He was a member of the Internet Architecture Board from 1996-2002; he was co-director of the Security Area of the IETF from 2002 through 2004.
More details may be found at http://www.cs.columbia.edu/~smb/informal-bio.html