Schedule Available!

The 2014 Conference Schedule is now available! Click here to view all talks. 

Attendee Registration Open

Attendee registration is now open! Register now to take advantage of early bird pricing. 

Cornerstones of Trust 2014 Theme: The Confluence of Many Challenges

  • Securing the 99%
  • It's All About the Data
  • Meeting the Challenge
  • Building the Culture

Gordon Shevlin

CEO, Allgress
Gordon Shevlin brings more than 25 years of technical, sales, marketing and management experience in the technology sector.  Gordon is currently Chief Executive Officer and partial owner of Allgress, Inc.  His previous position as Executive Vice President of FishNet Security resulted from his partial ownership and position as EVP of Sales with Siegeworks.  During his tenure at SiegeWorks, he grew the company from 3 employees to 120 employees, with a West Coast and International presence and led its successful acquisition by FishNet.  Previously Gordon has held positions with both Nokia and ODS.   Additionally, Gordon has served multiple roles with ISSA including President and Vice President of Silicon Valley Chapter as well as CFO of ISSA International.  He has held board positions for 3 consecutive terms.  With his breadth of knowledge of the security industry, Gordon has been invited to serve on the advisory boards of 12 of the leading information security companies.

Peter Neumann

Principal Scientist, SRI International
Peter G. Neumann has doctorates from Harvard and Darmstadt.  After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, during which he was heavily involved in the Multics development jointly with MIT and Honeywell, he has been in SRI's Computer Science Lab since September 1971 -- where he is a Senior Principal Scientist.  He is concerned with computer systems and networks, trustworthiness/dependability, high assurance, security, reliability, survivability, safety, and many risks-related issues such as election-system integrity, crypto applications and policies, health care, social implications, and human needs -- especially those including privacy.  He is currently PI on two DARPA projects: clean-slate trustworthy hosts for the CRASH program with new hardware and new software, and clean-slate networking for the Mission-oriented Resilient Clouds program.     He moderates the ACM Risks Forum (http://www.risks.org), has been reponsible for CACM's Inside Risks columns monthly from 1990 to 2007, tri-annually since then, chairs the ACM Committee on Computers and Public Policy.  He created ACM SIGSOFT's Software Engineering Notes in 1976, was its editor for 19 years, and still contributes the RISKS section.  He was on the editorial board of IEEE Security and Privacy until February 2014, and is taking a break from that, as just one volunteer obligation too many.  He has participated in four studies for the National Academies of Science: Multilevel Data Management Security (1982), Computers at Risk (1991), Cryptography's Role in Securing the Information Society (1996), and Improving Cybersecurity for the 21st Century: Rationalizing the Agenda (2007).  His 1995 book, Computer-Related Risks, is still timely.  He is a Fellow of the ACM, IEEE, and AAAS, and is also an SRI Fellow.

A Holistic View of System Trustworthiness, from the Perspectives of Hardware, Software, Programming Languages, Networks, People, and More

The state of the art of trustworthiness is inherently weak with respect to computer systems and networks.  Essentially every component today is a potential weak link, including hardware, operating systems, and apps -- for desktops, laptops, network switches and controllers, servers, clouds, and even mobile devices.  The potentially untrustworthy nature of our supply chains adds further uncertainty.  Indeed, the ubiquity of computer-based devices in the so-called Internet of Things is likely to make this situation even more critical than it already is.

This talk will briefly consider system vulnerabilities and risks, and some of the limitations of software engineering and programming languages.  It will also take a holistic view of total-system architectures and their implementation, which suggests that some radical systemic improvements are needed, as well as changes in how we develop software.

To this end, we will discuss some preliminary lessons from work in progress jointly between SRI and the University of Cambridge for DARPA, relating to some relatively clean-slate approaches.  In particular, we are pursuing formally based design of hardware that enables fine-grained access controls, new software and compiler extensions that can take significant advantage of the hardware, and some network switch/controller approaches that can also benefit from the new hardware.  Formal methods have been embedded in the hardware design process, and are also applicable selectively to the software.  We are also applying our trustworthy systems to software-defined networking, servers, and clouds.  Furthermore, the work is being open-sourced.  The potential implications for hardware and software developers are quite considerable.