Computer security aims to ensure only "good" behavior happens in computer systems, despite potential action by malicious adversaries. Consequently, the field has focused primarily on the technology to prohibit "bad things," according to some set of rules, and to a lesser extent on the structure of such rules. Interestingly, the computer security field has largely ignored the process by which humans produce these sets of rules;
not surprisingly, fieldwork and anecdotes report how we keep getting the rules "wrong."
This talk presents some of my lab's research addressing this problem.
Prof. Sean Smith has been working in information security (attacks and defenses), for industry and government, since before there was a Web. In graduate school, he worked with the US Postal Inspection Service on postal meter fraud. As a post-doc and staff member at Los Alamos National Laboratory, he performed security reviews, designs, analyses, and briefings for a wide variety of public-sector clients. At IBM T.J. Watson Research Center, he designed the security architecture for (and helped code and test) the IBM 4758 secure coprocessor, and then led the formal modeling and verification work that earned it the world's first FIPS 140-1 Level 4 security validation.
In July 2000, Prof. Smith left IBM for Dartmouth, since he was convinced that the academic education and research environment is a better venue for changing the world. His current work, as PI of the Dartmouth PKI/Trust Lab, investigates how to build trustworthy systems in the real world.
At Dartmouth, his courses - on Operating Systems, Security, and Theory - have all been named "favorite classes" by graduating seniors. His book “Trusted Computing Platforms: Design and Applications” (Springer, 2005) provides a deeper presentation of this research journey; his other book “The Craft of System Security” (Addison-Wesley, 2007) resulted from the educational journey. Sean has published over ninety refereed papers; been granted over a dozen patents; and advised over three dozen Ph.D., M.S., and senior honors theses. His security architecture is used in thousands of financial, e-commerce, and rights managements installations world-wide.
Sean was educated at Princeton and CMU, and is a member of Phi Beta Kappa and Sigma Xi.