Distinguished Lecture - Thinking Outside the Box

Location: Squires Haymarket Theatre
Date: Friday, October 9, 2009
Time: 11:15am-12:30pm
This talk is open to the general public.

Presentation: Video

Slides: PDF

A Meet-the-Speaker sesssion will be held 4:00pm-5:00pm in Torgersen Museum.

Eugene H. Spafford
Purdue University

Over the last six decades, computing technology has undergone a series of revolutions that have changed the world.  Computing touches everyone's life, yet few people stop to think about the incredible rate of change of the underlying technology.   The WWW is only about 20 years old, and Internet commerce is younger than that. With the expansion of the reach of computing, networks, and all that we do with computers, we have also seen new threats emerge to security, privacy, and even (to some extent) our social interactions.  This trend accelerated after 9/11/2001, and we continue to pursue solutions using outmoded models and paradigms that sometimes make the problems worse.

In this talk I will discuss some of the major changes we have seen in computing, and some of their implications for security and privacy.  Moreover, I will discuss how some of our basic concepts in computing technology have failed to change along with the computing hardware, and how that ultimately shapes what we do (and do not do) in research to address urgent problems.  We must challenge some of our fundamental views of how we use computing, and the nature of privacy, if we wish to see improvement.

Eugene H. Spafford is a professor of Computer Sciences at Purdue University. He is also a professor of Electrical and Computer Engineering (courtesy), Philosophy (courtesy appointment), a professor of Communication (courtesy),  and is the founder and Executive Director of the Center for Education and Research in Information Assurance and Security. CERIAS is a campus-wide multi-disciplinary Center, with a broadly-focused mission to explore issues related to protecting information and information resources.  CERIAS was established in 1998 from the earlier COAST Laboratory, headed by Professor Spafford, and founded in 1992.

Spaf has written and spoken extensively about information security, cybercrime, software engineering, and professional ethics.  He has published over 100 articles and reports on his research, has written or contributed to over a dozen books, and he serves on the editorial boards of several major infosec-related journals. In his career to date, Professor Spafford and his students are credited with a number of security "firsts," including the first open security scanner, the first widely-available intrusion detection tool, the first integrity-based control tool, the first multistage firewall, the first formal bounds on intrusion detection, the first reference model of firewalls, and some of the first work in vulnerability classification databases. Much of the current security product industry can therefore be viewed as based, in part, on his past research; some of his ideas directly led to the establishment of two commercial firms: Tripwire and Signacert.  His current research is directed towards issues of public policy and information security, architecture and construction of highly-secure systems, and cyberforensic technologies.

Dr. Spafford is a Fellow of the ACM, Fellow of the AAAS, Fellow of the IEEE, Fellow of the (ISC)^2 and is a charter recipient of the Computer Society's Golden Core award. He was the year 2000 recipient of the NIST/NCSC National Computer Systems Security Award, generally regarded as the field's most significant honor in information security research.  In 2001, he was named as one of the recipients of the "Charles B. Murphy" award and named as a Fellow of the Purdue Teaching Academy, and in 2003 was named to the "Book of Great Teachers" -- thus receiving all three of Purdue University's highest awards for outstanding teaching.

In 2001, Spaf was elected to the ISSA Hall of Fame, and he was awarded the William Hugh Murray medal of the NCISSE for his contributions to research and education in infosec. He is a 2003 recipient of the Air Force medal for Meritorious Civilian Service.  In 2004, Spaf was named as the recipient of the IEEE Computer Society's Taylor Booth medal, and of the ACM SIGCAS's "Making a Difference" award.  In 2005 he was named as a recipient of the IEEE Computer Society's Technical Achievement Award.  In 2006, he received the ACM SIGSAC's "Outstanding Contribution" award, and in 2007 he was named as the recipient of the prestigious ACM President's Award.  In 2008, he was cited as the recipient of CRA's Distinguished Service Award.

Among his many activities, Spaf is chair of the ACM's U.S. Public Policy Council (USACM), and is a member of the USAF Air University Board of Visitors.

More information may be found at http://spaf.cerias.purdue.edu.

In his spare time, Spaf wonders why he has no spare time!