Gene Spafford

From Wikipedia, the free encyclopedia

Eugene H. Spafford (born 1956) (known colloquially as "Spaf") is a professor of computer science at Purdue University and a leading computer security expert.

A historically significant Internet figure, he is renowned for first analyzing the Morris Worm, one of the earliest computer worms, and his participation in the Usenet backbone cabal. Spafford was a member of the President's Information Technology Advisory Committee 2003-2005^[1], has been an advisor to the National Science Foundation (NSF), and serves as an advisor to over a dozen other government agencies and major corporations.

Contents 1 Biography 1.1 Education and early career 1.2 Recent work 2 Quotations 3 Selected honors and awards 4 See also 5 References 6 External links

[edit] Biography

[edit] Education and early career

Spafford attended State University of New York at Brockport for three years and completed his B.A. with a double major in mathematics and computer science in that time. He then attended the School of Information and Computer Sciences (now the College of Computing) at the Georgia Institute of Technology. He received his M.S. in 1981, and Ph.D. in 1986 for his design and implementation of the original Clouds distributed operating system kernel.

During the early formative years of the Internet, Spafford made significant contributions to establishing semi-formal processes to organize and manage Usenet, then the primary channel of communication between users, as well as being influential in defining the standards of behavior governing its use.

[edit] Recent work

At Purdue, Spafford has a joint appointment as a professor of computer science and as professor of electrical and computer engineering, where he has served on the faculty since 1987. He is also a professor of philosophy (courtesy), and a professor of communication (courtesy). He is also Executive Director of the Purdue CERIAS (Center for Education and Research in Information Assurance and Security) and was the founder and director of COAST Laboratory, which preceded CERIAS.

He is involved in a number of professional societies and activities outside Purdue including serving on the Board of Directors of the Computing Research Association and as co-chair of the ACM's US Public Policy Committee. He serves on a number of advisory and editorial boards and is internationally known for his writing, research, and speaking on issues of security and ethics. Spafford has authored or co-authored four books on computer and computer security, including Practical Unix and Internet Security for O'Reilly, as well as over a hundred research papers, chapters and monographs.

Spafford has stated that his research interests have focused on "the prevention, detection, and remediation of information system failures and misuse, with an emphasis on applied information security. This has included research in fault tolerance, software testing and debugging, intrusion detection, software forensics, and security policies."

Among notable software designed and/or supervised by Spafford include the freeware Tripwire tool coded by his student Gene Kim (Spafford was later the chief external technical advisor to the Tripwire company during their first few years), and the freeware COPS tool coded by his student Dan Farmer. He initiated the Phage List as a response to the Morris Worm. Some of his research also helped inspire the creation of the MITRE CVE service and the NIST ICAT database. Research by other graduate students of his has resulted in tools for software testing and debugging, distributed processing, cyber forensics, firewalls, intrusion detection, auditing, and network traceback.

Spafford discusses a recent piece in the New York Times that looked at how the current Internet is a conduit for all types of "cybercrime" on C-SPAN. http://www.c-span.org/Watch/watch.aspx?MediaId=HP-A-15710

[edit] Quotations

Spafford is well-known for his aphorisms regarding the Internet:

• Axiom #1: "The Usenet is not the real world. The Usenet usually does not even resemble the real world."^[2]
  • Corollary #1: "Attempts to change the real world by altering the structure of the Usenet is an attempt to work sympathetic magic -- electronic voodoo."^[2]
  • Corollary #2: "Arguing about the significance of newsgroup names and their relation to the way people really think is equivalent to arguing whether it is better to read tea leaves or chicken entrails to divine the future."^[2]

• Axiom #2: "Ability to type on a computer terminal is no guarantee of sanity, intelligence, or common sense."^[2]
  • Corollary #3: "An infinite number of monkeys at an infinite number of keyboards could produce something like Usenet."^[2]
  • Corollary #4: "They could do a better job of it."^[2]

• Axiom #3: "Sturgeon's Law (90% of everything is crap) applies to Usenet."^[2]
  • Corollary #5: "In an unmoderated newsgroup, no one can agree on what constitutes the 10%."^[2]
  • Corollary #6: "Nothing guarantees that the 10% isn't crap, too."^[2]

• "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind-boggling amounts of excrement when you least expect it."^[2]

• "Don't sweat it -- it's not real life. It's only ones and zeroes."^[2]

• "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."^[3]

• "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted."^[4]

[edit] Selected honors and awards

• 1992 Inducted in Sigma Xi, research scientists' honor society. ^[5]
• 1992 Inducted in Upsilon Pi Epsilon, the Computer Sciences honor society.
• 1996 Awarded charter membership in the IEEE Computer Society's Golden Core for distinguished service to the Computer Society during its first 50 years.
• 1996 Award of Distinguished Technical Communication (highest award) and Award of Merit by the Society for Technical Communication for Practical Unix and Internet Security.
• 1997 Inducted as a Fellow of the Association for Computing Machinery.
• 1999 Inducted as a Fellow of the American Association for the Advancement of Science.
• 2000 NIST/NCSC National Computer Systems Security Award.
• 2000 Proclaimed a CISSP, honoris causa by (ISC)²
• 2000 Inducted as a Fellow of the Institute of Electrical and Electronics Engineers.
• 2001 Named to the ISSA (Information Systems Security Association) Hall of Fame.
• 2003 Awarded U.S. Air Force medal for Meritorious Civilian Service.
• 2005 Honorary D.Sc. from the State University of New York (SUNY)
• 2006 IEEE Computer Society Technical Achievement Award
• 2007 ACM President's Award
• 2009 Computing Research Association Distinguished Service Award

[edit] See also

• Usenet
• Purdue University
• The Morris Worm
• The Great Renaming
• Backbone Cabal / There is No Cabal

[edit] References

1. ^ President's Information Technology Advisory Committee - Archive
2. ^ ^{a b c d e f g h i j k} "That's all, folks"
3. ^ Gene Spafford's Personal Pages: Quotable Spaf
4. ^ Tripunitara, Mahesh, The Page of Spaf's Analogies, http://homes.cerias.purdue.edu/~tripunit/spaf-analogies.html, retrieved on 2008-02-06 
5. ^ Abridged Vita: Eugene H. Spafford

[edit] External links

• Gene Spafford's home page at Purdue
• Greplaw interview
• PKI Forum interview (introduction) (very long)
  • Part 1: Gene Spafford on security threats, PKI, interoperability, privacy, wireless security and key management
  • Part 2: Gene Spafford on key escrow, backup and recovery, security education, digital certificate revocation, identity fraud, security trends and predictions
• CERIAS website
• Spafford's analysis of the Morris worm
• Practical Unix and Internet Security
• The Phage List"