Contact:
U.S. Mail:
1923 Kenbar Court
McLean, Virginia 22101
Telephone: +1 703-532-8494
email: firstname.lastname at gmail.com      
Education:
Ph.D., University of Michigan,  Computer and Communication Sciences
M.S. University of Michigan, Computer and Communication Sciences
B.S. Yale University, Magna Cum Laude, with Departmental Honors  in Engineering and Applied Science
Employment:
Senior Research Scientist, Univ. of Maryland, Institute for Systems Research (Sept 2003 – 2011)
Director, Trustworthy Computing Program, National Science Foundation (Nov. 2009 - 2011) (on assignment)
Division Chief, Program Leader, Program Manager, ARDA/DTO/ IARPA, Dec. 2005 – Nov. 2009) (on assignment)
Coordinator, NSF Cyber Trust program (Sept. 2003 – October 2005) (on assignment)
Senior Fellow, Mitretek Systems, Inc. (renamed Noblis, Inc., Feb. 21, 2007), Center for Information and Telecommunications Technology (formerly Center for Information Systems (CIS)), (June 1999 – August 2003)    
Coordinator, Cyber Trust program, National Science Foundation (Dec. 2002-Aug. 2003) (on assignment)
Program Director, Trusted Computing Research Program, National Science Foundation (Oct. 2001-Dec. 2002) (on assignment)
Acting Director, Mitretek CIS, (Oct. 1999 – March 2000)
Supervisory Computer Scientist, U.S. Naval Research Laboratory   (Jan. 1982 – Aug. 1999)  
    Adjunct Professor of Computer Science, Virginia Tech (Jan.- May 1999)
    Lecturer in Computer Science University of Maryland  (Fall, 1988)
Computer Scientist U.S. Naval Research Laboratory  (Nov. 1976 - Jan 1982)
    Lecturer, Dept. of Computer Science Georgetown University  (Jan. 1981 - Dec. 1981)
Senior Member of Technical Staff, Computer Sciences Corporation,   (Jan. 1976 - Nov. 1976)
Assistant Professor of Computer Science Purdue University  (1974-1975)
Lecturer, Western Electric Inf. Systems Group Program in Operating Systems  (May - June 1975)
Research Assistant, University of Michigan Computing Center, 1969-1974:
     Systems programmer for MERIT Computer Network support (1970-1974)  
    User counselor (1969-1972)
    Teaching Fellow, Computer and Communication Sciences, Univ. of Michigan  (1970-1971)
Programmer, Lawrence Radiation Laboratory (computing center), Livermore, CA (summer, 1969)
Programmer, Bell Telephone Laboratories, Indian Hill Laboratory  (summer, 1967)
Summary of Experience
I have more than 35 years experience in computer science research, focusing primarily on issues in computer security, information assurance, and trustworthy computing, and in research management, research funding and program management.  Publications are available here.
At the U.S. Naval Research Laboratory, I worked for 23 years as a researcher and section head, managing a small group of researchers developing concepts and prototypes in security modeling, high assurance software, secure system development, database management system security, and token-based authentication. Among the developments in which I participated or led include the NRL Pump, Onion Routing, a taxonomy of security flaws, the first extensive survey of formal security models, and the development of application-based security models, including the first documented example of role-based access control. During this period I received Outstanding Paper awards from the IEEE Symposium on Security and Privacy, generally acknowledged as the premier forum for research in this field, and from the Annual Computer Security Applications Conference (ACSAC). From the Naval Research Laboratory, I received an invention award and several awards for outstanding performance. Also during this period I founded IFIP WG11.3 on Database Security (now extended to Database and Application Security and Privacy) and chaired the group for 7 years.  I was also nominated and elected as the first chair of the Trustworthy Computing Panel (XTP-1) under The Technical Cooperation Program (TTCP), a treaty-based organization under which defense laboratories in the U.S., Canada, United Kingdom, Australia, and New Zealand share research results and coordinate research activities. I served in this role for ten years.
My professional activities with the IEEE include serving as Chair of the Technical Committee on Security and Privacy, Chair of the IEEE Symposium on Security and Privacy, and a four-year term as Editor-in-Chief of IEEE Security and Privacy Magazine, the leading peer-reviewed technical magazine in this field. I have been an Associate-Editor-in-Chief of the magazine since its founding in 2003 and remain on its Editorial Board. I have also been active in ACM activities related to Trustworthy Computing. Currently I serve on the Steering Committee of their major conference, the ACM Conference on Computer and Communications Security, was honored to receive their Outstanding Contribution Award in 2009.
Since leaving NRL in 1999, I have assisted, developed and managed research programs in cybersecurity for the National Science Foundation (NSF), DARPA, and the Intelligence Advanced Research Activity (IARPA) and its predecessor organizations, the Advanced Research and Development Activity (ARDA) and the Disruptive Technology Office (DTO).  I was invited to come to NSF in 2001 to develop their first program in Trusted Computing. In the course of a four-year term at NSF, and with management support, I led the growth of this initially small program into the Cyber Trust program with grants totaling about $35M in 2005; I received a Director’s Award for Program Management Excellence for my performance. Four center-scale activities awarded under this program addressed issues of security in power grids, voting systems, Internet epidemiology, and secure interaction security.  At ARDA/DTO, I inaugurated a program in Accountable Information Flow that supported research which has matured into the Open-Flow networking scheme, Telcordia’s ConfigAssure tool to verify network and operating system configurations against formal policy specifications, and many other areas.  After IARPA was established, I developed the first program to be approved and funded by the new Director, Automatic Privacy Protection, which developed methods for practical symmetric Private Information Retrieval; a second phase of the program has been initiated by my successor under a new name.  I also developed an ongoing program for the automatic certification of software called STONESOUP – Securely Taking On New Executable Software Of Uncertain Provenance – that is ongoing. At the end of the four-year assignment with ARDA/DTO/IARPA, I was invited back to NSF to resume leadership of the (renamed and expanded) Trustworthy Computing Program, which in 2010 awarded about $55M in grants.
 
Awards
IFIP WG 11.3 Outstanding Service Award, 2011
IEEE TC on Security and Privacy Outstanding Community Service Award, 2010
ACM SIGSAC Outstanding Contribution Award, 2009
IEEE Computer Society Distinguished Service Award, 2009, 2010
Director’s Award for Excellence, National Science Foundation, June, 2005
IEEE Computer Society Meritorious Service Award, 1990, 1998, 2011
NRL Invention Award for Wireless Identification System, 1997 (Patent Issued, 1999)
IEEE Computer Society Golden Core Award (charter recipient) 1997
IFIP Silver Core Award, 1992, in appreciation for services rendered to IFIP as Chairman of IFIP WG11.3 for a period of six years.
Outstanding Paper Award, 11th Annual Computer Security Applications Conf., 1995
Outstanding Paper Award, IEEE Symposium on Security and Privacy, 1986.
 
Professional Activities
Editor-in-Chief, IEEE Security and Privacy Magazine (2007 - 2010)
Associate Editor-in-Chief, IEEE Security and Privacy Magazine (2003 - 2006)
Associate Editor, IEEE Transactions on Dependability and Security, (2004 - 2007)
Associate Editor IEEE Transactions on Software Engineering (1996-2000)
Member of Editorial/Advisory Board/Steering Committee:
    Steering Committee, ACM Conference on Computer and Communication Security (2011 - )
    IEEE Security and Privacy Magazine (2003 - )
    International Journal for Information Security (Springer) (2000 - ) (Advisory Board)
     Journal of Computer Security (IOS Press) (1992-1996)
    High Integrity Systems Journal (Oxford University Press) (1993-1996 )
U.S. (ACM) representative to IFIP Technical Committee 11, Security and Protection in Information Systems, (2003 - )
Chair, Information Security Research Council (2003 - 2005) (Federal govt. coordination committee)
Co-Chair, Distinguished External Advisory Board, NSF TRUST (Team for Research in Ubiquitous Secure Technologies) Science and Technology Center (2006 - 2007)
Member:
Scientific Council, EU ReSIST (Resilience for Survivability in Information Society Technologies) Network of Excellence (2006 - 2008)
DARPA Information Science and Technology (ISAT) study group (2005 - 2009)
NSA Information Assurance External Relations Task Force (2002 -  2010)
Advisory Council, Trusted Computing Group (2004 - 2005)
Steering Committee, IEEE TC on Fault Tolerant Computing (2004 - 2010)
IEEE (Senior Member), IEEE Computer Society, ACM, Sigma Xi, Tau Beta Pi, Phi Kappa Phi,
IFIP WG 10.4 (Dependability and Fault Tolerance), IFIP WG 11.3 (Data and Application Security)
 
Invited Talks, Study Participation, Other Activities
Invited speaker, GameSec 2011, November, 2011
Invited panelist, Executive Leadership Conference, Williamsburg, VA, October 2011
Invited member, Defense Science Board study of Resilience in Cybersecurity, 2011
Invited speaker, reviewer, Intel Corp. Trust Evidence Workshop, August, 2011
Invited speaker, Sandia National Laboratory University Partners Cyber Open House and Workshop, July, 2011
Invited speaker, ACM Baltimore Chapter, January 2011
Distinguished Speaker, MITRE Corp., January, 2011
Invited member, Dagstuhl Seminar “Insider Threats: Strategies for Prevention, Mitigation, and Response”, August 2010
Invited speaker, JASON study on Science of Cybersecurity, June 2010
Invited speaker, Harvard University CRCS Privacy and Security Seminar, Dec. 2008
Invited panelist, AFCEA Solutions Series, Cyberspace: Challenges and Solutions for National Security Dec. 11, 2008
Invited keynote talk, ACM Workshop on Artificial Intelligence and Security (AISEC), ACM Conference on Computer and Communications Security, October 27, 2008
Invited panelist, Technology for Cyber Physical System Security Forum, Oct. 6, 2008, Washington DC. Organized by Dartmouth Institute for Information Infrastructure Protection at the request of the U.S. Senate Committee on Homeland Security and Governmental Affairs.
Invited speaker, Interdisciplinary Studies in Information Privacy and Security (ISIPS 2008): Second Annual Workshop on Privacy and Security, Rutgers University, May 12, 2008
Invited speaker, Dartmouth Inst. for Security Technology Studies, Distinguished Speaker Series, Nov. 6, 2007.
Invited keynote speaker, Storage Network Industry Association Security Summit, May 31, 2007
Invited keynote speaker, Oak Ridge National Laboratories Cyber Security and Information Infrastructure Research Workshop May 14, 2007
Invited speaker, Singapore Defence Force, Singapore, March 23, 2007
Invited keynote speaker, IFIP-SEC 2005, Chiba, Japan.
Invited lecture, Worcester Polytechnic Institute “Milestones in Computer Science Distinguished Lecture series,” March 2005.
Invited Keynote speaker, 6th Annual AT&T Security Conference, Nov. 2004.
Steering Committee,  Accelerating Trustworthy Internetworking 2004 Workshop
Invited member, OASIS Demonstration/Evaluation Panel, DARPA, 2003-5
Member, National Research Council / Naval Studies Board Study Committee on Autonomous Vehicles in Support of Naval Operations, National Research Council, (2002-2003)
Task force for creation of IEEE Security and Privacy Magazine (2002); search committee for initial Editor-in-Chief
Invited participant, DARPA Workshops on Self-Regenerating Systems, Information Assurance Measurement, and Trustworthy Computing in Dynamic Environments, Fall, 2002.
Co-chair, IFIP WG 10.4 Workshop on Survivability and Dependability, June 2002 (with David Powell, LAAS-CNRS)
Co-chair, Workshop on Intrusion Tolerant Systems, DSN 2002, Co-Chair (with Steve Bellovin, AT&T) Organized workshop as public “red-teaming” exercise.
Cyber Security R&D Presentation to President’s Management Council, White House Conference Center, spring 2002
Invited member, DARPA IPTO Study Group on Self-Regenerative Systems, 2001-2
Steering Committee, NRC CSTB Insider Threat Workshop, Nov., 2000
Invited member, DARPA ISAT panel on Mobility and Security, 2000
Invited speaker, Purdue University Computer Security lecture series, 1999
Invited member of National Academy of Sciences / National Research Council Study Committee on Enhancing the Internet for Medical Applications, 1998-1999
Member, NATO Networked Expert Team on Information Protection and Task Group on Information Assurance, 1997-99
NRL Invention Award for Wireless Identification System, 1997 (Patent Issued, 1999)
Invited participant, Research Programme #16 on Computer Security, Cryptology, and Coding Theory, Isaac Newton Institute, Cambridge University, UK, 1996
Invited member of National Academy of Sciences / National Research Council Study Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, 1996-1997
IEEE Computer Society Golden Core Award (charter recipient) 1997
Invited speaker, IEEE Northern Virginia Chapter, May 1997.
Editor, CIPHER, (electronic newsletter of IEEE TC on Security and Privacy), 1994 - 1997
Chairman, TTCP Subgroup S, Technical Panel 11 (Secure Information Systems) 1996-1997 (successor of XTP-1)
Chairman, TTCP Subgroup X, Technical Panel 1 (Trustworthy Computing Technologies), 1986-1996   (This is an international panel constituted under a treaty to facilitate cooperation in non-atomic military research and development among US, UK, Canada, Australia, and New Zealand).
Chair, 1995 IEEE CS Symposium on Research in Security and Privacy
Invited Address, IFIP World Computer Congress ‘94, Hamburg
Invited panelist, Computer Security Foundations Workshop, 1994.
Invited Keynote Address, SAFECOMP ‘93, Warsaw
Founder and Chairman, IFIP WG 11.3 on Database Security, 1986-1994
Vice Chair, 1994 IEEE CS Symposium on Research in Security and Privacy
Chair, XTP-1 Workshop on Effective Use of Automated Reasoning Technology in System Development, April 1992
Program Committee, ACM SIGSOFT ‘91 Conference, 1991
Program Co-Chair, Fifth IFIP WG11.3 Working Conference on Database Security, 1991
Program Committee, Panelist, 13th National Computer Security Conference, 1991
Local Arrangements, NATO RSG-2 Conference on Composite Trustworthy Systems, October, 1991   Invited participant, Formal Methods 91 Workshop, September, 1991
Co-chair, IFIP WG10.4/IFIP WG 11.3 Joint Meeting, February, 1991
Panel Organizer/Chair, 2nd IFIP Working Conference on Dependable Computing for Critical Applications, February, 1991
Invited participant, First Las Cruces Workshop on Software Safety, 1990
Chair, Federal Liaison Group for National Academy of Sciences Computer Science and Technology Board study of computer security issues, 1989-1990
IEEE Computer Society Distinguished Visitor, 1987-90
Keynote Speaker, Conference on Computing Systems and Information Technology, 1989, Sydney, Australia
Invited chair, group on example applications, Formal Methods 89 Workshop, July, 1989.
Invited Working Group Chair, Workshop on Integrity Protection in Computer Information Systems, II, January, 1989
Invited Member, National Institute of Science and Technology (National Bureau of Standards) Computer and Telecommunications Security Council (1987-90)
Chairman, IEEE Technical Committee on Security and Privacy, 1987-1989
Vice-Chairman, IEEE Technical Committee on Security and Privacy, 1984-87
Program committee, session chair, IEEE Symp. on Sec. and Privacy 1982-1990
Executive Secretary, Navy Acquisition of Software Prototypes Blue Ribbon Panel, 1987 (Letter of Appreciation from OASN (R,E&S) available)
Invited member, Blacker Review Panel, convened by Chief Scientist, National Security Agency, 1986.  
Invited group chairman, security policy, National Computer Security Center Invitational Workshop on Database Management Security Guidelines, June, 1986
Merit Pay Cash Award, 1988-94 (government award for superior  performance)
Invited participant, DOD Computer Security Center Invitation Workshop on Network Security, New Orleans, March, 1985
Invited Speaker, Navy/Marine Corps ADP Security Workshops, 1985, 1984
Participant, NBS invitational workshop on security in small systems, April 1984
Invited speaker, Sixth DoD/NBS Computer Security Conference, Nov. 1983
Invited speaker, Summer Study in Multilevel Data  Management Security, sponsored by National Academy of Sciences and Air Force Studies Board, July, 1982
Chairman of joint SIGOPS-SIGMETRICS session at 1980 ACM Annual Conference
Reviewer for Computing Reviews (author of more than a dozen reviews)
Letter of Appreciation, Naval Material Cmd. (Militarily Critical Technologies List) (1985)
Letter of Appreciation from OASD(C3I), Information Systems (1981)
Letter of Appreciation from National Security Agency (1980)
Letter of Appreciation from DOD Computer Institute (1980)
Letter of Commendation from Naval Intelligence Processing Sys.  Support Activity (1977)
Letter of Commendation from CINCPACFLT (1976)
IBM Fellowship (1972-1973)
Rackham Fellowship (1968-1969)