(See also CAPSL documentation and the
- Cross-Domain Access Control via PKI,
with G. Denker and Y. Miyake, IEEE Policy 2002
Depender Graphs: A method of fault-tolerant certificate distribution
, with Lincoln and Wright, J. Computer Security 9(4), 2001
- Applications of Term Rewriting to Cryptographic
Protocol Analysis , for 2000 Workshop on Rewriting Logic
and its Applications (abstract).
- Efficient Fault-Tolerant Certificate
Revocation , with Lincoln and Wright, for 2000 ACM CCS.
- Survivability Measure, Report
- Reasoning About Trust and Insurance
in a Public Key Infrastructure with R. Wright, for 2000 Computer
Security Foundations Workshop ,
- Protocol-Independent Secrecy
with H. Ruess, in 2000 IEEE Security and Privacy Symposium
- Certificate Revocation the Responsible Way
with R. Wright, in Computer Security, Dependability, and
Assurance: From Needs to Solutions, IEEE Computer Society, 1999
- A Necessarily Parallel Attack, FMSP '99
20 Years of Covert Channel Analysis
(Panel position paper for
1999 IEEE Security and Privacy Symposium)
Local Reconfiguration Policies
(1999 IEEE Security and Privacy Symposium)
Secure Auctions in a
Publish/Subscribe System with D. X. Song, Report
Narrowing Terminates for
Encryption with H-P. Ko, 1996 Computer Security Foundations
Unwinding Forward Correctability,
Proc. Computer Security Foundations Workshop VII, 1994 (also in
J. Computer Security 3(1), 1994, pp. 35-54)
- A Resource Allocation Model for Denial Of Service,
J. Computer Security, 2(2/3), 1993
Other Reference Information
Graduated from Rensselaer Polytechnic Institute in
1969 with a Ph. D. in mathematics. Thesis: ``On the
Capacity and Homology of a Discrete Metric'' was
really about a problem in the intersection of graph
theory and coding theory, the zero-error capacity of
a channel whose ``confusion graph'' was a pentagon. I
didn't solve the problem; it was solved a few years
later by Lovacs. At Rensselaer I also discovered an
interest in automata theory.
Degrees from Stanford (1965) and Harvard
(1963) were in mathematics. But at Harvard I learned
how to program the Univac II in binary, and at Stanford I
learned Algol and LISP.
Began work in 1969 at The MITRE Corporation,
working on Mathlab and some expert systems.
Became involved in 1975
with computer security, especially modelling, covert channels, and
Trusted Product evaluation (the Orange Book). I contributed to the TNI.
IEEE Computer Security Foundations Workshop in 1988, and co-founded the
Journal of Computer Security
in 1992. Research interests include information flow, covert channels,
and protocol analysis. Developed the Interrogator, a Prolog program
for key distribution protocol vulnerability analysis.
Recent work at SRI (since 1997) includes application of PVS to protocol security
analysis, design of CAPSL, and other activities related
to modelling of high-assurance systems.
Wrote a few articles for BYTE magazine,
including one about an integrated-circuit implementation of a Turing
Machine; another called "One-dimensional Life''
(cited in Wolfram's A New Kind of Science); and
some articles for Nibble Mac, a Macintosh magazine.
Enjoy the game of Go, ranking about 5 kyu.