 |
 |
|
|
![Back to [21]](../all_the_pictures/arrow_left.jpg){kind=icon} [22]
![Forwards to [23]](../all_the_pictures/arrow_right.jpg){kind=icon} Position Statement
John McLean I am Director of NRL's Center for High Assurance Computer Systems. The Center employs about 60 government scientists and support personnel responsible for basic research, exploratory development, advanced technology demonstrations, and consultation for ONR, NSA, various Navy System Commands, and other clients within DOD. We execute in-house research programs in communication security, computer security, formal methods, INFOSEC engineering, and software engineering. We also serve as lead engineers for key Navy development programs in cryptographic key management, secure voice, device development, and network security. Besides managing research, I also do hands-on research in computer security. Putting all of this together, I guess I have interest in the area of survivable systems from the point of view of a researcher, research director, practitioner, and buyer. As a researcher I started out publishing on methods for formal specification and analysis of software. However, over the last 10 years or so my research has focused primarily on computer security. Here, I have developed methods for specifying, analyzing, and composing security properties. For the last couple years I have focused on the fact that information flow properties are not standard in that they fall outside the Alpern-Schneider safety/liveness framework. As such, they are not preserved by standard refinement techniques nor by standard composition techniques. Part of my research is aimed at developing a software engineering theory that adequately addresses such properties. I also have a personal interest in systems that must satisfy multiple high-assurance properties, such as security, safety, fault-tolerance, and real-time properties. As part of this, I was a co-organizer of a workshop on property combinations and property trade-offs and a co-author of a research agenda on high assurance computer systems that came out of this workshop. Workshop participants also produced several group reports on property interaction. [The research agenda and group reports are available under the link for the workshop on the Center's home page.] As a research director, I am responsible for programs in information security, information warfare, and software engineering. The software engineering research focuses on tools for applying formal methods to software requirements and on the specification of real-time systems. We have developed requirement specification analysis methods that are currently being used on several industry and military systems. This reflects my belief that: (1) we must perform research across the board from theory to practice, (2) money for producing high assurance software is best spent up front, and (3) one of the biggest current threats to the national information infrastructure is code that is incorrect (rather than malicious). However, one cannot assume that the only threat to our infrastructure is incorrect code. Our research in information security and in information warfare reflects the fact that our information infrastructure provides a very appealing target for a relatively cheap, easy, and extremely effective attack. Systems at risk include not only DOD C4I systems but the country's entire nonmilitary infrastructure as well. Some of our research in this area is specialized in that it is directed toward defense against specific attacks, for example, data jamming where data is manipulated in such a way that resources are mispent but in such a way that the mistake is not easily detectable. We also focus on general INFOSEC techniques for broad spectrum defense. For example, we execute (1) fleet-supported programs to perform near-term system prototype development and to evaluate available technologies with an eye toward building systems that can provide near-term solutions to fleet security problems and (2) ONR-funded and NSA-funded 6.1, 6.2, and 6.3A research that will lead to improved future solutions. Major programs under (1) include the next generation electronic cryptographic key management system for the joint services, next generation secure voice, and network security. Major programs under (2) include architectural methods for producing high-assurance systems from COTS, GOTS, and legacy component, and basic research in security models and cryptographic protocol analysis. It is the programs under (1) that give me a practitioner's and buyer's perspective.
In summary, I would be bringing to the workshop a variety of skills and interests that I think would benefit the emergent information survivability community. Such a variety is necessary for this area, which makes a workshop that is explicitly soliciting input from diverse backgrounds an extremely important event. I would very much like to be included. [22]
|
