Andrew Moore is a senior member of the technical staff of the CERT Program at the Software Engineering Institute at the Carnegie Mellon University. Moore explores ways to improve the security, survivability, and resiliency of enterprise systems through attack and defense modeling, incident processing and analysis, and architecture engineering and analysis. Before joining the SEI in 2000, he worked for the Naval Research Laboratory investigating high assurance system development methods for the Navy. He has twenty years of experience developing and applying mission-critical system analysis methods and tools, leading to the transfer of critical technology to both industry and the military. Moore received his B.A. in Mathematics from the College of Wooster and M.A. in Computer Science from Duke University.

While at the NRL, Moore served as member of the US Defense Science and Technology review (Information Technology TARA) panel on Information Assurance; the International Technical Cooperation Program, Joint Systems and Analysis Group on Safety-Critical Systems, (TTCP JSA-AG-4); and the Assurance Working Group of DARPA’s Information Assurance Program. He has served as Principal Investigator on numerous projects sponsored by NSA and DARPA. He has also served on numerous computer assurance and security conference program committees and working groups. Moore has published a book chapter and a wide variety of technical journal and conference papers.

research interests

Moore’s research interests include computer and network attack modeling and analysis, adversary modeling, survivable systems engineering, formal assurance techniques, and security risk analysis.

recent publications

D.F. Anderson, D.M. Cappelli, J.J. Gonzalez, M. Mojtahedzadeh, A.P. Moore, E. Rich, J.M. Sarriegui, T.J. Shimeall, J.M. Stanton, E. Weaver, A. Zagonel. Preliminary System Dynamics Maps of the Insider Cyber-Threat Problem. Proceedings of the 22nd International Conference of the System Dynamics Society. July 2004.

Moore, A.P., R.J. Ellison. "TRIAD: A Framework for Survivability Architecting." Proceedings of the Workshop on Survivable and Self-Regenerative Systems, 10^th ACM Conference on Computer and Communications Security. Washington, D.C. October 2003.

Ellison, R.J., A.P. Moore. "Trustworthy Refinement through Intrusion-Aware Design: An Overview." Proceedings of the Third Annual High Confidence Software and Systems Conference. Baltimore, MD. 1-3 April 2003. Available at http://www.cert.org/sse.

Ellison, R.J., A.P. Moore. Trustworthy Refinement through Intrusion-Aware Design (CMU/SEI-2003-TR-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. March 2003 (revised from October 2002). Available under publication year at http://www.sei.cmu.edu/publications/documents/doc.list/.

R.J. Ellison, R.C. Linger, H.F. Lipson, N.R. Mead, A.P. Moore. "Foundations for Survivable Systems Engineering." CrossTalk 15:7 pg. 10-15. July 2002. Available at http://www.cert.org/archive/html/SSE_foundations.html.

Lipson, H.F., N.R. Mead, A.P. Moore. "Can We Ever Build Survivable Systems from COTS Components?" Proc. International Conf. on Advanced Information Systems Engineering. May 2002. Available at http://www.cert.org/sse.

Lipson, H.F., N.R. Mead, A.P. Moore. "Assessing the Risk of COTS Usage in Survivable Systems." Cutter IT Journal 15:5. May 2002.

Moore, A.P., R.J. Ellison. "Survivability through Intrusion-Aware Design." Information System Survivability Workshop. Vancouver, BC. March 2002.

Ellison, R.J., A.P. Moore. "Architectural Refinement for the Design of Survivable Systems." SEI Technical Note, CMU/SEI-2001-TN-008. October 2001. Available at http://www.cert.org/sse.

Moore, A.P., R.J. Ellison, R.C. Linger. "Attack Modeling for Survivable Systems Analysis." Dependable Systems and Networks Conference. Gothenburg, Sweden. June 2001.

Moore, A.P., R.J. Ellison, R. Linger, N.R. Mead. "Intrusion Scenarios for Security Requirements Engineering." Symposium on Requirements Engineering for Information Security. CERIAS, Purdue University. March 2001.

Moore, A.P. "Security Requirements Engineering through Intrusion-Aware Design." Symposium on Requirements Engineering for Information Security. CERIAS, Purdue University. March 2001.

Moore, A.P., R.J. Ellison, R.C. Linger. Attack Modeling for Information Security and Survivability (CMU/SEI-2001-TN-001). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University. March 2001. Available under publication year at http://www.sei.cmu.edu/publications/documents/doc.list/.

Moore, A.P., D.M. Mihelcic, J.E. Klinker. "How to Construct Formal Arguments that Persuade Certifiers" in Industrial Strength Formal Methods in Practice (Springer Verlag London Limited: M. Hinchey and J. Bowen, September, 1999), pg. 285-314. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Kang, M.H., A.P. Moore, I.S. Moskowitz. "Design and Assurance Strategy for the NRL Pump." IEEE Computer 31:4, pg. 56-64. April 1998. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Payne, C.N., A.P. Moore. "Increasing Assurance with Literate Programming." Proc. Eleventh Annual Conf. on Computer Assurance Gaithersburg, MD, pg. 187-198. June 1996. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Froscher, J., D.M. Goldschlag, M.H. Kang, C.E. Landwehr, A.P. Moore, I.S. Moskowitz, C.N. Payne. "Improving Inter-Enclave Information Flow for a Secure Strike Planning Application." Proc. Computer Security Applications Conf. New Orleans, LA, pg. 89-98. December 1995. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Payne, C.N., A.P. Moore, D.M. Mihelcic. "An Experience Modeling Critical Requirements." Proc. Ninth Annual Conf. on Computer Assurance Gaithersburg, MD. pg. 245-256. June 1994. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Moore, A.P. "The Specification and Verified Decomposition of System Requirements Using CSP." IEEE Transactions on Software Engineering 16:9, pg. 932-948, September 1990. Available under publication year at http://www.itd.nrl.navy.mil/ITD/5540/publications/CHACS/index.html.

Moore, A.P. "Using CSP to Develop Trustworthy Hardware." Proc. Fifth Annual Conference on Computer Assurance pg. 126-134. June 1990.

Moore, A.P. "Investigating Formal Specification and Verification Techniques for COMSEC Software Security." Proc. 11th National Computer Security Conf pg. 129-138. October 1988.

McHugh, J., A.P. Moore. "A Security Policy and Formal Top Level Specification for a Multi-Level Secure Local Area Network." Proc. IEEE Symposium on Security and Privacy pg. 34-39. April 1986.

Moore, A.P., D.M. Cappelli, Joseph, H., Trzeciak, R.F., “An Experience Using System Dynamics to Facilitate an Insider Threat Workshop,” submitted to 25th International System Dynamics Conference, July 2007.

Kowalski, E.F., M.M. Keeney, D.M. Cappelli, A.P. Moore, “Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector,” Joint SEI and U.S. Secret Service Report, to be published Spring 2007.

Kowalski, E.F., T. Conway, S. Keverline, M. Williams, D. McCauley, B.W. Willke, A.P. Moore, “Insider Threat Study: Illicit Cyber Activity in the Government Sector,” Joint SEI and U.S. Secret Service Report, to be published Spring 2007.

Band, S.R.; Cappelli, D. M.; Fischer, L.F.; Moore, A. P.; Shaw, E.D.; & Trzeciak, R.F 2006. “Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis” Software Engineering Institute Technical Report CMU/SEI-2006-TR-026, Carnegie Mellon University, December 2006.

Moore, A.P., Antao, R.S., “Improving Management of Information Technology: System Dynamics Analysis of IT Controls in Context,” in Proceedings of the 24th International System Dynamics Conference, July 2006.

Cappelli, D.M. , A.G. Desai, A.P. Moore, T.J. Shimeall, E.A. Weaver, B.J. Willke, “Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks,” in Proceedings of the 24th International System Dynamics Conference, July 2006.

Keeney, M.M., Kowalski, E.F., Cappelli, D.M., Moore, A.P., Shimeall, T.J., and Rogers, S.N. 2005. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Joint SEI and U.S. Secret Service Report, May 2005.

Moore, A.P., and Cappelli, D.M. 2005. Analyzing Organizational Cyber Threat Dynamics. Proceedings of the Workshop on System Dynamics of Physical and Social Systems for National Security, 21-22 April 2005.

Cappelli, D.M., Moore, A.P., Shimeall, T.J., Trzeciak, R. “Common Sense Guide to Prevention / Detection of Insider Threats: Best Practices – A Twelve Step Program to Prevention of Insider Threats,” Internal CyLab Technical Report, April 2005 (revised July 2006).

Rich, E., Martinez-Moyano, I.J., Conrad, S., Cappelli, D.M., Moore, A.P., Shimeall, T.J., Andersen, D.F., Gonzalez, J.J., Ellison, R.J., Lipson, H.F., Mundie, D.A., Sarriegui, J.M., Sawicka, A., Stewart, T.R., Torres, J.M., Weaver, E.A., and Wiik, J. 2005. Simulating Insider Cyber-Threat Risks: A Model-Based Case and a Case-Based Model. Proceedings of the 23rd International Conference of the System Dynamics Society, July 2005.

Randazzo, M.R., Keeney, M.M., Kowalski, E.F., Cappelli, D.M., Moore, A.P. (2004, August) “Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector,” Joint SEI and U.S. Secret Service Report. Available at http://www.secretservice.gov/ntac/its_report_040820.pdf.

links

• CERT/CC research