Architectures and Components for High-Assurance Security
Carl Landwehr - Mitretek
Oct 01, 1999
Abstract"High assurance security" is what you need if you are trying to separate users who have different security clearances from information at different security levels. It may also be what you need if you are concerned about protecting particularly critical information such as health records, crucial corporate data, or valuable intellectual property from motivated, knowledgeable attackers. This talk will review briefly past efforts to solve this problem, why they failed, and some current approaches that look more promising. These approaches largely avoid the need for high assurance software and can work with commercial operating systems. The focus of this work is mostly on preserving confidentiality -- see next week's talk for an approach to preserving availability!
About the SpeakerCarl Landwehr recently joined Mitretek Systems as a Senior Fellow in the Center for Information Systems. From 1976-1999, he was with the Naval Research Laboratory, serving most recently as head of the Computer Security Section of the Center for High Assurance Computer Systems. He has published numerous papers on research topics in computer security, including surveys on computer security models and a taxonomy for computer security flaws, and he has co-edited eight books. Recently, he was awarded a patent for a device that supports continuous authentication. While at NRL, he served as the U.S. representative to NATO and TTCP groups concerned with information security R&D. He has been active professionally in ACM, IEEE Computer Society, and IFIP, and he has assisted the National Research Council on computer security aspects of several studies, including a current study on Enhancing the Internet for Biomedical Applications. He also serves as an Associate Editor for IEEE Transactions on Software Engineering.
Dr.Landwehr received a B.S. in Engineering and Applied Science from Yale University and M.S. and Ph.D. degrees in Computer and Communication Sciences from the University of Michigan. He served on the Computer Science faculty at Purdue from 1974-1975 and has also taught at Georgetown, the University of Maryland, and Virginia Tech.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.