Fred B. Schneider
Professor
fbs@cs.cornell.edu
PhD SUNY Stonybrook, 1978
My research focuses on techniques to support construction of
concurrent and distributed systems for high-integrity, mission-critical
settings. Most recently, I have been attacking problems related to computer security.
The early part of this year was devoted to completing Trust in
Cyberspace, the final report of the National Research Council
study on Information Systems Trustworthiness. I also spent considerable time briefing various government
|
|
committees on the research agenda proposed in the report.
Work continued with Ulfar Erlingsson on inlined reference monitors for enforcing security policies by object code editing. We prototyped a successor to our SASI tool. This new tool involves two components: PSLang (Policy Specification Language) and PoET (Policy Enforcement Toolkit). PSLang specifications define sets of events and, for each event, an action that updates some
security state or aborts a program. Thus, PSLang specifications represent states and state transitions of a security automaton but do so in a form familiar to programmers.
I have begun to investigate interactions between security and fault-tolerance (working with Lidong Zhou and Robbert van
Renesse). As an experiment, we are designing a highly available and secure distributed certificate server. Active replication is not suitable in this setting, since having replicas increases the vulnerability of the service. Our solution is to employ proactive signature sharing and to split signatures on certificates across the servers comprising the service.
Corrupting a subset of the replicas no longer compromises the entire service. Based on this technology, we plan to implement a certificate repository and make it available on the Internet.
Honors
-
Professor-at-Large, Univ. of
Tromsoe, Tromsoe, Norway
(1996-2001)
University Activities
-
University Academic Freedom Committee
-
Duffield Hall Siting Committee, College of Engineering
-
Duffield Hall Design Committee, College of Engineering
-
Faculty Recruiting Committee, Computer Science Department
-
Computing Facilities Committee, Computer ScienceDepartment
Professional Activities
-
Editor-in-chief: Distributed
Computing
- Editor: Information Processing
Letters, IEEE Transactions on
Software Engineering, High
Integrity Systems, Annals of
Software Engineering,
ACM Computing Surveys
-
Co-managing Editor: Texts and
Monographs in Computer
Science,
Springer-Verlag
- Chairman: Steering committee,
Information Systems
Trustworthiness, Computer
Science and
Telecommunications Board,
National Research Council.
- Program committee: 12th IEEE Computer Security Foundations
Workshop, First International
Symposium on Agent Systems
and Applications,
Symposium on Operating
Systems Principles (17 SOSP)
- JavaSoft Security Advisory
Committee
- IFIP Working Group 2.3
(Programming Methodology)
Lectures
-
Trust in cyberspace. Critical
Infrastructure Protection.
Research and Development
Interagency Working Group,
White House, Washington
DC, July 1998.
-
—. National Security Agency,
Washington DC, Sept. 1998.
- —. Predinner speech, National
Research Council, Washington
DC, Sept. 1998.
- —. Press Briefing, National
Research Council, Washington DC, Sept. 1998.
- —. DAPRA Colloquium Series, DARPA, Arlington, VA, Oct
1998.
- —. Workshop on Information
Assurance and Trustworthy
Networks, Cross Industry
Working Team (XWIT),
Washington DC, Nov 1998.
-
—. Computer System Security
and Privacy Advisory Board,
National Institute of Standards
and Technology, Washington
DC, Nov 1998.
- —. National Security
Telecommunications Advisory
Committee, Washington DC,
Nov 1998.
-
—. Java Security Advisory
Council, Sun Microsystems,
Cupertino, CA, Dec. 1998.
- —. CISE Distinguished Lecture Series, National Science Foundation, Washington DC,
March 1999.
- —. 13th HPCC Conference,
Newport, Rhode Island, March
1999.
-
—. EU-USA Workshop, A
joint initiative on dependability in
the Information Society: Defining
an Agenda for Collaboration,
Venice, Italy, Apr. 1999.
-
—. Network Associates,
Glenwood, Maryland, June
1999.
-
Critical infrastructures you can
trust: Where telecommunications
fits. 26th Annual
Telecommunications Policy
Research Conference, Virginia,
Oct 1998.
-
Information systems
trustworthiness. Panel Chair,
21st National Information
Systems Security Conference,
Crystal City, Virginia, Oct
1998.
-
National Research Council
report on trustworthiness. Invited speaker. 1998
-
Information Survivability
Workshop (ISW98), Orlando,
Florida, Oct 1998.
-
Trust in cyberspace? A research
roadmap. Invited speaker. Fifth
ACM Conference on Computer
and Communications Security,
San Francisco, California, Nov
1998.
-
Enforceable security policies.
Computer Science, Univ. of
Virginia, Charlottesville, VA,
Dec. 1998.
- —. LESS Lecture Series,
Computer Science, Univ. of
Texas at Austin, Austin, Texas,
Feb. 1998.
-
Mobile agents and systems
principles: Status Report. U.S.
Air Force Academy, Colorado
Springs, Colorado, Feb. 1999.
-
A network security research
agenda. Panel chair, Network
and Distributed System Security
Symposium (NDSS '99), San
Diego, California, Feb. 1999.
-
NRC study on "Trust in
Cyberspace". Invited lecture.
- Electronic Payments Forum,
San Francisco, California,
March 1999.
Publications
-
Automated stream-based
analysis of fault-tolerance.
Formal Techniques in
Real-time and Fault-Tolerant
Systems (FTRTFT98)LNCS 1486, Springer Verlag, Berlin,
(1998), 113-122 (with Scott
Stoller).
-
Towards trustworthy networked information systems.
InsideRisks 101, CACM 41, 11 (Nov
1998), 144.
-
Improving networked
information system
trustworthiness: A research
agenda. Proceedings 21st
National Information Systems
Security Conference (Oct
1998), 766.
-
Trust in Cyberspace, (editor).
National Academy Press, (Dec.
1998), 331 pages.
- Evolving telephone networks.
Inside Risks 103, CACM 42, 1
(Jan. 1999), 160 (with S.
Bellovin).
-
Operating system support for
mobile agents. Republished in
Mobility: Processes,
Computers, and Agents (D.
Milojicic, F. Douglis, and R.
Wheeler, eds.), Addison
Wesley and the ACM Press,
(Apr. 1999), 557-563.
-
What Tacoma taught us.
Mobility: Processes,Computers, and Agents (D.Milojicic, F.
Douglis, and R.
Wheeler, eds.), Addison
Wesley and the ACM Press,
(Apr. 1999), 564-566
-
NAP: Practical fault-tolerance
for itinerant computations. Proc.
19th IEEE International
Conference on Distributed
Computing Systems (June1999), 180-189 (with D.Johansen, K. Marzullo, K.
Jacobsen, and D. Zagorodnov).
Patents
-
Transparent fault tolerant computer system. United States
Patent 5,802,265, Sept. 1,
1998 (with T. Bressoud, J.
Ahern, K. Birman, R. Cooper, B. Glade, and J. Service).
|