Curriculum Vitae

Carl E. Landwehr

Email: firstname dot lastname



Ph.D., University of Michigan–Ann Arbor, MI, Computer and Communication Sciences

M.S. University of Michigan – Ann Arbor, MI, Computer and Communication Sciences

B.S.,  Yale University, New Haven, CT, Magna Cum Laude, with Departmental Honors in Engineering and Applied Science



UNIVERSITY OF MICHIGAN, Ann Arbor, Visiting Professor, ECE Dept., June, 2019 - present. 

GEORGE WASHINGTON UNIVERSITY, Washington D.C. 2012 – present. 

         Cyber Security and Privacy Research Institute. Lead Research Scientist.

INDEPENDENT CONSULTANT, Cyber security research and development, 2012 - present.

NATIONAL SCIENCE FOUNDATION, Expert to assist CISE/CNS SaTC Program (Special Government Employee position) June, 2016 - 2019

LEMOYNE COLLEGE, Syracuse, NY, 2014-2016, Visiting McDevitt Professor of Computer Science

UNIVERSITY OF MARYLAND – College Park, 2003-2011

     2003 to 2011 Senior Research Scientist, Institute for Systems Research

     2009 to 2011 on assignment to U.S. National Science Foundation (Program Director, CISE Directorate)

     2005 to 2009 on assignment to Intelligence Advanced Research Projects Activity and predecessor organizations (Advanced Research Projects Activity, Disruptive Technology Organization) (Division Chief, Program Manager)

     2003 to 2005 on assignment to U.S. National Science Foundation  (Program Director)


1999 – 2003  Senior Fellow

     2001 to 2003 on assignment to U.S. National Science Foundation


1976 – 1999 Supervisory Computer Scientist


1976 – 1976 Consultant, Naval Command System Support Activity (NAVCOSSACT)


1974 – 1975 Assistant Professor, Computer Science Department



Dr. Landwehr’s research in cybersecurity (earlier called computer security, information security, and information assurance) has helped a generation of researchers and practitioners understand the meaning of security in diverse systems and has led to new, more usable, access controls.  Early in system security research, his results organized and advanced the field of formal models for computer security. Later, he provided an influential taxonomy for security flaws and incorporated that work with the broader field of dependable computing in a landmark paper.  His publications include highly influential articles in IEEE and ACM Transactions and top tier conferences.  From 2001 - 2011, he shaped research in the entire field of cybersecurity through creation and management of broad, innovative research programs at the National Science Foundation (NSF) and the Intelligence Advanced Research Projects Agency (IARPA) and through editorials in IEEE Security & Privacy Magazine.  

Since retiring from his positions with the National Science Foundation (NSF) at the University of Maryland in 2011, he has worked as an independent consultant and was invited to join George Washington University’s Cyber Security and Privacy Research Institute in 2012.  As a consultant, he has assisted in the development and management of a research program in the science of security, in the evaluation of programs in software engineering for the state of Israel, as a consultant to an NSF Frontier award in Trustworthy Health and Wellness, and as an advisor on research programs for several government and industry research laboratories in the U.S. and Australia. He has also developed and promoted the idea of working with industry to establish a "building code" for the construction of software with significant security requirements, organizing workshops under the auspices of the IEEE Cybersecurity Initiative and with support from the National Science Foundation to foster this idea in the domains of medical device and power system software.

In 2014 he was invited by the McDevitt Center for Innovation at LeMoyne College to be the Visiting McDevitt Professor of Computer Science and to develop a course entitled “Cyber Security for Future Presidents.”  He was invited to teach the course again in the spring 2016 term, and the NSF invited him to return as an expert consultant in 2016. Also in 2016, he was elected to the Board of the Center for Democracy and Technology, a nonprofit devoted to developing pragmatic policies to preserve civil liberties and humans rights globally in the Internet era. In 2019, he was invited by the University of Michigan to teach Cybersecurity for  Future Leaders” jointly with Javed Ali, Towsley Policymaker in Residence (now Professor of Practice) at the Ford School of Public Policy.

In 2012, he was inducted into the first class of 11 members of the National Cyber Security Hall of Fame, selected from over 300 initial nominees (see .  He was named an IEEE Fellow for contributions to cybersecurity, and was honored with the National Science Foundation Director’s Award for Meritorious Service.  In 2016, one of his publications was honored with the Jean-Claude Lprie Award in Dependable Computing. From 2015 to 2019 he served Communications of the ACM as editor for the Security and Privacy Viewpoints column.


Technical Contributions

In the late 1970’s, Landwehr observed a growing number of models for “security” in technical reports, outside the peer-reviewed literature. He collected and organized these models within the context of a thorough survey of security issues and published a comprehensive paper in ACM Computing Surveys. This paper became a standard reference for computer security courses and helped many researchers enter the field.

Early security models focused primarily on the perimeter of the operating system or even more narrowly on a security kernel; applications inevitably required user-approved exceptions if they were to perform useful work. Landwehr (with C. Heitmeyer and J. McLean) led the development of a new style of security model that could incorporate application requirements and formalized it. Co-authors brought application domain and formal logic expertise; Landwehr developed the structure and content of the model, guided the effort, and documented it in ACM Transactions on Computing. This was the first model to include user roles in access control, predating RBAC literature by several years. A classified system serving intelligence needs was subsequently built and operated using this model. The work’s significance is evidenced by its selection as a “Classic Paper” by the Annual Computer Security Applications Conference nearly twenty years after its original publication.

The 1980’s and early 1990’s witnessed both the widespread adoption of personal computers and workstations, generally built with minimal attention to security, and the rise of malicious software.  Landwehr, with colleagues at the Naval Research Laboratory, collected examples showing how malware exploited software flaws to violate users’ intuitive notions of security. This information, absent from peer-reviewed literature, provided ground truth as to how system security was being violated.

Landwehr also developed a taxonomy organizing these software flaws which he published with the collected examples in ACM Computing Surveys.  This paper also became a standard reference for courses in the field. Subsequently, Landwehr joined with dependability researchers, who were developing a foundational scheme of concepts and definitions, to incorporate security into the dependability framework.  The resulting paper, published in the premier issue of IEEE Transactions on Dependable and Secure Systems, now has over 6800 citations.

Beyond Landwehr’s substantial personal research record, from 2001 through 2011 he advanced cybersecurity research on a national scale by developing and managing major cybersecurity research programs at NSF and IARPA.  Landwehr’s reputation for integrity and insight were significant factors in the initiation and growth of these programs. At NSF he was instrumental in the growth of the Trusted Computing program into the much more broadly scoped Cyber Trust program, which inaugurated center-scale activities to study security in the future power grid, in voting systems, and in the Internet ecosystem. All of these have produced significant research advances and educated many graduates. Numerous smaller awards under this program and its successors have been similarly productive. Returning to NSF in 2009, he led the expansion of the Trustworthy Computing program into the Secure and Trustworthy Cyberspace (SaTC) program.

At IARPA (and its predecessor organizations, ARDA and DTO) from 2005-2009 he created programs focusing on accountable information flow, symmetric private information retrieval, and automated detection of software flaws. These supported the development of the OpenFlow networking infrastructure, Telcordia’s Configassure technology for detecting and correcting insecure network and operating system configurations, physical unclonable function research now commercialized by Verayo, Inc., as well as many other innovative efforts. Overall, his willingness and ability to create and administer research programs has substantially expanded and invigorated the entire field of cybersecurity research. The programs he set in motion continue to bear fruit and to benefit society.

From 2001 through 2011, Landwehr formulated and executed major national programs that shaped the cybersecurity research landscape. The NSF Cyber Trust solicitation was the first to provide a succinct, broad vision for the field as a whole.  Others at NSF contributed; Landwehr was the responsible author and managed the review, selection, and award process for hundreds of submitted proposals. At DTO (later IARPA) he formulated the NICECAP program focused on accountable information flow and large-scale system defense, crafted a portfolio of awards from 100+ submissions, and managed the research. He also developed the still-active IARPA APP and STONESOUP programs. Returning to NSF in 2009, he oversaw the expansion of Trustworthy Computing into SaTC, integrating transition-to-practice and social science components. Landwehr also chaired the Federal INFOSEC Research Council and participated in the development of national cybersecurity research strategy through the NITRD Cybersecurity and Information Assurance Interagency Working Group


Board of Directors, Center for Democracy and Technology, (2016 —  )

Editor for Security and Privacy Viewpoints, Communications of the ACM (2014 — 2019)

Editor-in-Chief, IEEE Security and Privacy Magazine (2007 - 2010)

Associate Editor-in-Chief, IEEE Security and Privacy Magazine (2003 - 2006)

Member of Editorial Board, IEEE Security and Privacy Magazine (2003 - )

Associate Editor, IEEE Transactions on Dependability and Security, (2004 - 2007)

Associate Editor IEEE Transactions on Software Engineering (1996-2000)

General Chair, 1995 IEEE Symposium on Research in Security and Privacy

Vice Chair, 1994 IEEE Symposium on Research in Security and Privacy

Editor, CIPHER, (electronic newsletter of IEEE TC on Security and Privacy), 1994 - 1997 

IEEE Computer Society Distinguished Visitor, 1987-90

Chairman, IEEE Technical Committee on Security and Privacy, 1987-1989

Vice-Chairman, IEEE Technical Committee on Security and Privacy, 1984-87

Program committee, IEEE Symp. on Sec. and Privacy 1982-1990, 2006, 2008

Steering Committee, IEEE TC on Fault Tolerant Computing (2004 - 2010)

Program Committee, IFIP/IEEE Int. Conf. On Dependable Systems and Networks, 2000-2006, Program Committee; Steering Committee (2005 - 2010)



Jean-Claude Laprie Award in Dependable Computing, 2016  (as co-author of “Basic Concepts and Taxonomy of Dependable and Secure Computing,” with  A. Avizienis, J. C. Laprie, and B. Randell, published in 2004.)

IEEE Fellow, 2013, for contributions to cybersecurity

National Cyber Security Hall of Fame, 2012 (one of 11 initial inductees)

IFIP WG 11.3 Outstanding Service Award, 2011

IEEE Computer Society Meritorious Service Award, 1990, 1998, 2011

IEEE TC on Security and Privacy Outstanding Community Service Award, 2010

ACM SIGSAC Outstanding Contribution Award, 2009

IEEE Computer Society Distinguished Service Award, 2009, 2010

IEEE Computer Society Golden Core Award (charter recipient) 1997

IEEE Symposium on Security and Privacy, Outstanding Paper Award, 1986

Director’s Award for Program Management Excellence, National Science Foundation, 2005

Naval Research Laboratory Invention Award for Wireless Identification System, 1997 (Patent Issued, 1999)

IFIP Silver Core Award, 1992

Outstanding Paper Award, Annual Computer Security Applications Conf., 1995

Outstanding Performance Awards (10+), Naval Research Laboratory 1976-1999



Member Association for Computing Machinery, Sigma Xi, Tau Beta Pi, Phi Kappa Phi

IFIP Working Group 11.3 Data and Application Security and Privacy (founder) (1986 - )

IFIP Working Group 10.4 Fault Tolerance and Dependability (2002 -  )

U.S. (ACM) representative to IFIP Technical Committee 11, Security and Protection in Information Systems, (2003 - )

Chair, Information Security Research Council (2003 - 2005) (Federal govt. coordination committee)

Co-Chair, Distinguished External Advisory Board, NSF TRUST Science and Technology Center (2006 - 2007)

Scientific Council, EU ReSIST (Resilience for Survivability in Information Society Technologies) Network of Excellence (2006 - 2008)

DARPA Information Science and Technology (ISAT) study group (2005 - 2009)

National Security Agency Information Assurance External Relations Task Force (2002 -  2010)

Trusted Computing Group Advisory Council, (2004 - 2005)

International Journal for Information Security (Springer) (2000 - ) (Advisory Board)

Journal of Computer Security (IOS Press) (1992-1996) (editorial board)

High Integrity Systems Journal (Oxford University Press) (1993-1996 ) (editorial board)

Chair, TTCP Subgroup X, Technical Panel 1 (Trustworthy Computing Technologies), 1986-1996   (Treaty-based organization for sharing military R&D).



Carl Landwehr, “Formal Models for Computer Security,” ACM Computing Surveys, 13, 3 (September, 1981).  Translation reprinted in Japanese journal bit, Shuppan Kyoritsu, Tokyo, 1983. (602 citations [Google Scholar] December, 2016.)

Comprehensive discussion of information security issues in computer systems; for the first time describes and organizes efforts to formalize the meaning of “security” from the beginning of the field. Seminal work, became a standard reference for courses in computer security at a time when there were no textbooks. Remains an excellent introduction.


Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr,  “Basic Concepts and Taxonomy of Dependable and Secure Computing,”  IEEE TDSC 1, 1 (Jan 2004), pp. 11-33. (Over 4200 citations [Google Scholar] December, 2016.). Received 2016 jean-Claude Laprie Award in Dependable Computing, June 2016.

Landmark paper incorporates Landwehr’s security flaw taxonomy to build a general framework for concepts of dependability and security. Establishes terminology for research in dependable systems, culminating more than 25 years’ effort by members of IFIP WG 10.4, originally formed to advance research in fault-tolerant systems. Landwehr elected member of 10.4 in part because of his work to document and organize security flaws.


Carl Landwehr, Constance Heitmeyer, and John McLean.  “A Security Model for Military Message Systems,” ACM TOCS, 2, 3, August, 1984, pp. 198-222. Extended version published Proc. ACSAC as “Classic Paper” 2001. (Over 200 conference and journal citations [Google Scholar] November 2016).

Introduces a new form of security model suited to application-level security. Incorporates earliest documented role-based access control and multi-level objects. Pioneering work, subsequently applied to other projects, including a classified system used by the intelligence community. 


Richard Kain, Carl Landwehr, “On Access Checking in Capability-Based Systems,” IEEE TSE, SE-13, 2 (Feb. 1987) pp. 202-207. Presented 1986 IEEE Symposium on Security and Privacy Outstanding Paper Award. Equal collaboration with Kain.

Models capability systems and shows that, contrary to prior assertions, appropriately configured capability-based systems can enforce “mandatory security” policies.


Carl Landwehr, Alan Bull, John McDermott, and William Choi, "A Taxonomy of Computer Program Security Flaws, with Examples," ACM Computing Surveys, 26, 3 (Sept., 1994) pp. 211-254. (617 citations [Google Scholar] December, 2016.)

First paper in peer-reviewed literature to document and organize a significant set of exploited software security flaws. The organization characterizes the nature of each flaw, where it was found in the software system, and when it was introduced in the software lifecycle. Landwehr constructed the taxonomy and wrote the paper; others contributed examples.



System Security Topics

Carl Landwehr, ed. Database Security: Status and Prospects, Elsevier (North-Holland), 1988.

First of seven volumes edited/co-edited by Landwehr in succeeding years. Landwehr founded IFIP WG 11.3 on Database Security in 1986, recruited members and organized initial meeting to benchmark the field and set a research agenda in this volume. One of the most active security groups in IFIP, 25th meeting held 2012.


Judith Froscher, David Goldschlag, Myong Kang, Carl Landwehr, Andrew Moore, Ira Moskowitz, Charles Payne, "Improving Inter-Enclave Information Flow for a Secure Strike Planning Application," in Proc. Eleventh ACSAC, Dec., 1995, IEEE CS Press, pp. 89-98. (Received Outstanding Paper Award.)

Documents practical approach to coordinate databases and enclaves operating at different security levels. Architecture employs a reliable one-way flow device (NRL Pump) subsequently built and now in use in many military systems. Many NRL scientists involved; Landwehr was the senior supervisor on the project and led drafting of the paper.


U.S. Patent 5,892,901, April 6, 1999. Carl Landwehr and Dan Latham, “Secure Identification System.”  Also documented in 1997 ACSAC.

Patents a family of devices to automatically secure a workstation when a user leaves its vicinity and unlock it when an authorized user approaches it, using active RFID technology — no software. Landwehr originated the concept, design, and architecture; Latham designed and built prototypes, which were successfully deployed.


Security and Public Policy

Improving Information Flow in the Information Security Market. Book chapter, Economics of Information Security, L. Jean Camp and S. Lewis, ed., Kluwer, 2004, pp. 155-164.

Documents experience with TCSEC (“Orange Book”) strategy for bringing secure computer systems into the commercial market. Contributed to first WEIS workshop; selected for inclusion in subsequent book.


For The Record: Protecting Electronic Health Information. Committee on  Maintaining Privacy and Security in Health Care Applications of the  National Information Infrastructure.  National Academy Press, 1997, 264 pages.  (Co-author with Paul Clayton, Chair, and other committee members)

Study of the state of electronic health record security. Landwehr was one of three security experts on the committee. Discussions and recommendations affected subsequent policies in HIPAA. Hundreds of hospitals requested the report, which became an NRC “best seller.” Landwehr also participated in the follow-up NRC study, Networking Health: Prescriptions for the Internet, 2000.


A National Goal for Cyberspace: Create an Open, Accountable Internet.   IEEE Security & Privacy 7, 3 (May/June. 2009), pp. 3-4.

Editorial advocating controllable accountability in the Internet, one of many Landwehr authored as Editor-in-Chief. Subsequent government research initiatives for “Tailored Trustworthy Spaces” align with this view.

© Carl Landwehr 2021