The Institute for Information Security & Privacy hosts Turing Award winner Butler Lampson for the Capital One Fall '16 Distinguished Lecture.
Butler Lampson is a renowned computer scientist and the 1992 Turing Award winner for pioneering contributions that laid much of the foundation for today’s local area networks, client-server systems, laser printers, and WYSIWYG editors, such as Microsoft Word. He is a Technical Fellow at Microsoft Corporation and an Adjunct Professor of Computer Science and Electrical Engineering at MIT, actively working on security, privacy, and fault-tolerance, and kibitzing in systems, networking, and other areas.
Lampson was part of the faculty at University of California Berkeley, at the Computer Science Laboratory at Xerox PARC, and subsequently at Digital’s Systems Research Center before joining Microsoft. He has worked on computer architecture, local area networks, raster printers, page description languages, operating systems, remote procedure call, programming languages and their semantics, programming in the large, fault-tolerant computing, transaction processing, computer security, editors, and tablet computers. He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, the SDSI/SPKI system for network security, the Microsoft Tablet PC software, the Microsoft Palladium high-assurance stack, and several programming languages.
He received an AB from Harvard University, a Ph.D. in EECS from the University of California at Berkeley, and honorary ScD’s from the Eidgenössische Technische Hochschule, Zurich and the University of Bologna. He holds a number of patents on networks, security, raster printing, and transaction processing. He is a member of the National Academy of Sciences and the National Academy of Engineering and a Fellow of the Association for Computing Machinery (ACM) and the American Academy of Arts and Sciences. He received the ACM Software Systems Award in 1984 for his work on the Alto, the IEEE Computer Pioneer award in 1996, the National Computer Systems Security Award in 1998, the IEEE von Neumann Medal in 2001, the Turing Award in 1992, and the National Academy of Engineering’s Draper Prize in 2004.
It’s time to change the way we think about computer security: instead of trying to prevent security breaches, we should focus on dealing with them after they happen. Today computer security depends on access control, and it’s been a failure. Real world security, by contrast, is mainly retroactive: the reason burglars don’t break into my house is that they are afraid of going to jail, and the financial system is secure mainly because almost any transaction can be undone.
There are many ways to make security retroactive:
- Track down and punish offenders.
- Selectively undo data corruption caused by malware.
- Require applications and online services to respect people’s ownership of their personal data.
Access control is still needed, but it can be much more coarse-grained, and therefore both more reliable and less intrusive. Authentication and auditing are the most important features. Retroactive security will not be perfect, but perfect security is not to be had, and it will be much better than what we have now.
RSVP for this event, which features an hors d'oeuvres reception with Dr. Lampson.