Microsoft Trustworthy Computing Academic Advisory Board

[Dan Updegrove <updegrove () MAIL UTEXAS EDU>]

Colleauges - FYI, Dan Updegrove


Date: Tue, 18 Mar 2003 04:23:25 -0500
Subject: [IP] MS Forms  a "Think Tank" on Trustworthy Computing
From: Dave Farber <dave () farber net>
To: ip <ip () v2 listbox com>
Message-ID: <BA9C4FBD.35D28%dave () farber net>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Sender: owner-ip () v2 listbox com
Precedence: list
Reply-To: dave () farber net
List-ID: <ip () v2 listbox com>
List-Help: <http://v2.listbox.com/help?list_name=ip () v2 listbox com>
List-Subscribe: <mailto:subscribe-ip () v2 listbox com>, 
<http://v2.listbox.com/subscribe/?listname=ip () v2 listbox com>
List-Unsubscribe: <mailto:unsubscribe-ip () v2 listbox com>, 
<http://v2.listbox.com/member/unsubscribe/?listname=ip () v2 listbox com>
Errors-To: listbox+trampoline+247+126829+22dedcb6 () v2 listbox com

Microsoft Trustworthy Computing Academic Advisory Board

*    Dr. Martín Abadi, professor, University of California at Santa Cruz
*    Dr. Elisa Bertino, professor, University of Milan, Italy
*    Dr. Dawson R. Engler, assistant professor, Stanford University
>
*    Dr. Virgil D. Gligor, professor, University of Maryland
*    Dr. Richard A. (Dick) Kemmerer, professor, University of California at
Santa Barbara
*    Dr. Chris Mitchell, professor, Royal Holloway, University of London
*    Dr. J. Gregory (Greg) Morrisett, associate professor, Cornell
University
*    Dr. David A. Patterson, professor, University of California at Berkeley
*    Dr. Fred B. Schneider, professor, Cornell University
*    Dr. Eugene H. Spafford, professor, Purdue University
*    Dr. Neeraj Suri, professor, TU Darmstadt, Germany
*    Dr. Vijay Varadharajan, professor, Macquarie University, Australia
*    Dr. James A. Whittaker, professor, Florida Institute of Technology
*    Dr. Jeannette Wing, professor, Carnegie Mellon University

The following law professors are members of the advisory board¹s Privacy
Committee:

*    Fred H. Cate, professor, Indiana University School of Law
*    Deirdre Mulligan, professor, Samuelson Law, Technology and Public
Policy Clinic (at UC Berkeley)
*    Paul M. Schwartz, professor, Brooklyn Law School
*    Peter P. Swire, professor, Ohio State University
*    Eugene Volokh, professor, UCLA School of Law




Forming a "Think Tank" on Trustworthy Computing

REDMOND, Wash., Feb. 20, 2003 -- The academic experts assembled at the
Microsoft campus today have their work cut out for them. As members of the
new Microsoft Trustworthy Computing Academic Advisory Board, they¹ve been
asked to give scrutiny and advice on an ambitious company-wide initiative
that aims to provide safe, private and reliable computing experiences for
everyone.

To learn the why and what-for behind the group and its first two-day
meeting, PressPass convened a group of its own. Joining the roundtable
discussion are David Ladd, manager of external research programs for
Trustworthy Computing at Microsoft Research, and two advisory board members,
Dr. Fred B. Schneider, a professor at Cornell University in Ithaca, N.Y.,
and Dr. Neeraj Suri, a professor at TU Darmstadt University in Darmstadt,
Germany, near Frankfurt.

PressPass: Why did Microsoft form the Trustworthy Computing Academic
Advisory Board?

Ladd: Microsoft has long had relationships with academic experts on an
individual basis, and we¹ve received excellent feedback and interaction by
doing so. We felt it would be an even better idea to bring the experts
together, present them with our business and technical challenges, and have
the group synthesize their comments and solutions. Essentially, it¹s a think
tank on Trustworthy Computing.

PressPass: What function will the advisory board serve?

Ladd: The goal is to learn from each other. By turning to academia for
advice and direction, Microsoft can avoid taking missteps in technology
areas that others may have researched in depth already. Plus, we know
Microsoft initiatives can benefit from scrutiny by outside experts who don¹t
have preconceived notions about how something should be accomplished, from
both a technology and policy perspective. Microsoft has long realized that
to achieve needed systemic change, it¹s important to involve academia early
on.

But we also view this board as a two-way education channel. Ultimately, we¹d
like to see academia work with the industry to inculcate more security
concepts into a technical education, because it¹s not just a technology
problem or a computer science problem. It¹s a social problem. If we at
Microsoft work with academia to make sure they have the resources, time and
information to infuse Trustworthy Computing concepts into education, the
result will be graduates who are much more adept at understanding a secure
computing environment.

PressPass: Which Microsoft group created the advisory board?

Ladd: The advisory board was formed as the result of long-term discussions
among the Trustworthy Computing strategy team, Microsoft Research University
Relations and Microsoft¹s Security Business Unit. All three groups have been
working on the Trustworthy Computing initiative since it was launched in
January 2002.


PressPass: What expertise do the academics bring to the table?

Ladd: Many of the 19 board members are experts in Trustworthy Computing
issues that Microsoft is already working on. For example, some have
expertise in cryptography or malicious code. Others are extremely
well-versed in programming languages, compilers and tool modifications that
can minimize errors in the software development process. Some are testing
specialists. Some are experts in fault-tolerance and distributed computing.
When we created the board, we were keenly aware that we wanted it to reflect
expertise in all the major technology areas. In addition, we have a Privacy
Committee that consists of five legal specialists with significant
experience in privacy-enabling technologies and privacy policies.

PressPass: Dr. Schneider, can you summarize your background with regard to
Trustworthy Computing?

Schneider:At present, I¹m the director of the Information Assurance
Institute at Cornell University and the chief scientist for the newly formed
Griffiss Institute for Information Assurance. I served as the chairman of
the "Information Systems Trustworthiness" study for the Computer Science and
Telecommunications Board of the National Academy of Sciences. My research
focuses on techniques to support the construction of concurrent and
distributed systems for high-integrity, mission-critical settings, and these
days I am concentrating on security questions.


PressPass: Professor Suri, what¹s your area of specialty?

Suri: The primary area of my research addresses embedded systems, and
specifically, composite issues in "Dependability and Real-Time" in
distributed and networked systems. These encompass system design,
architectural, algorithmic and operating system issues related to providing
dependability and real-time attributes in high-performance systems, as well
as the more challenging -- and real -- problem of combined provision of
dependability and real-time in safety-critical, service-critical and
money-critical systems.

PressPass: What prompted you to serve on this advisory board?

Suri: As we reach new thresholds of our intertwining with technology,
Microsoft¹s Trustworthy Computing Academic Advisory Board is a remarkably
timely and pertinent initiative. This forum presents a unique opportunity
for academics to critically relate, analyze and critique concepts with
real-world implementations, reflect on current practices and chart out new
ideologies -- scientific, social, legal and implementational -- in the
provisioning of trust and security.


PressPass: Dr. Schneider, what led you to join the board?

Schneider: I measure my success as a university researcher in terms of the
impact I have. Helping Microsoft increase the trustworthiness of its systems
would have an enormous impact on the computing landscape, so I see
participation on this board as a highly leveraged use of my time. If
Microsoft can raise the bar on system trustworthiness, then not only will
the entire industry be better off, but our society's transition to increased
use of computing will also be on a sounder footing.

Second, I expect that my participation on the board will inform my research
at Cornell. Direct exposure to real problems in real settings helps ensure
that my research is addressing important problems and is based on sensible
assumptions. While I find the isolation and independence of the "Ivy Tower"
valuable, I also find direct involvement in industry to be a very useful
input.

PressPass: In your opinion, what key challenges does the industry -- and
Microsoft -- face in achieving Trustworthy Computing?

Schneider: The entire industry needs to place a higher priority on building
trustworthy systems, even though this means building systems that have fewer
features and that take longer to deploy because of increased development
times. But also the public needs to better understand the limits on the
trustworthiness of today¹s systems and to appreciate the consequences of not
having trustworthiness. Educating the public about risks and consequences is
a job that the industry shares with those of us who use systems and those
who study them.


PressPass: How do you envision this board helping Microsoft overcome those
challenges?

Schneider: I¹m hopeful that this board will provide an objective and
informed voice on security matters, and that it¹s a voice Microsoft can and
will embrace.  Our focused discussions over a long period could provide
Microsoft with not only a place to vet new solutions but also a constant and
undiluted set of values about trustworthiness, creating a palpable presence
in the Microsoft corporate conscience. Our board becomes a set of real
people that Microsoft is willing to take seriously -- rather than a
disembodied din -- advocating for trustworthiness and for the aesthetic in
design and corporate culture that will be required.


PressPass: Professor Suri, can you speak to the need for Trustworthy
Computing based on your own experience?

Suri: It goes without saying that our daily lives are increasingly enmeshed
with the use of technology -- cars, planes, banking, e-transactions,
e-business, e-mail -- to the point that disruption of these services has
both service-critical and money-critical ramifications. Technology only
offers meaningful value if we can associate a level of trust on the delivery
of its services.

PressPass: You live and work in Germany. Do you see international
implications to Trustworthy Computing?

Suri: Trust and security are without physical borders. The Internet has
become a great harmonizer, adding transparency in linking service requests
and delivery. Transparency of the data transfer media, and related
underlying procedures to deliver the service, is wonderful to the consumer.
However, transparency comes at a cost. One, lesser control of the
transaction details becomes a factor, and two, the public nature of the
communication media makes trust and security more than just a scientific
concern. Transparency also opens up issues of how and where infringements
can take place, and in places where the legal perspectives on information
access may differ, for example, across the United States and Europe. To make
a complete transaction trustworthy without full control of the elemental
processes is indeed a challenge.


PressPass: What does this mean in terms of the Trustworthy Computing
Academic Advisory Board?

Suri: The international nature of the group is all the more important given
the delicate interplay offered by the varied cultural and legal nuances of
trust and security across the United States, Europe and the world. Trust in
the e-world is not an option any more. It behooves us, socially,
economically and scientifically, to ensure that trust in a system becomes a
foundational premise.


PressPass: Did Microsoft take international issues into account when forming
the Trustworthy Computing Academic Advisory Board?

Ladd: Trustworthy computing is something we definitely want global input on.
The fact that this is an international board means that in many cases, board
members from the international academic community will be able to give us a
sense of how issues might manifest in, for example, the European Union or
the Asia-Pacific region.

We have seen definite global differences, especially from a privacy
perspective. For example, the European Union has significantly different
laws on the books with regard to the type of information that companies can
present and collect. And looking at those policy directives could impact the
way we deliver the technology, too. We may have to have certain assurances
of doing something in a particular way, which in turn may require
architectural changes. That¹s why being proactive and talking to academic
experts early in a development cycle is so important to us.

PressPass: Why doesn¹t the board include government and industry
representatives as well as academics?

Ladd: Microsoft has other venues for input on security and privacy issues
from government and industry. We wanted this board focused on academics and
the perspective they offer.

PressPass: What sorts of topics will the board tackle over the next two
days?

Ladd: We built the agenda for this first meeting around the issues that we
believe need to be addressed most urgently. For example, various Microsoft
groups will introduce topics such as ongoing initiatives in Windows
security, general security business initiatives, the product innovations
under development in the Security Business Unit, and technology issues
related to Microsoft Internet Explorer and Office. Board members will also
discuss future platform innovations such as the next generation secure
computing base for Windows -- the secure hardware/software PC solution that
Microsoft is working on with Intel -- and they will talk about Microsoft
Research initiatives and how those play into Trustworthy Computing.

PressPass: What will Microsoft do with the board¹s input?

Ladd: We will pay close attention to the comments, determine whether any
suggestions are policy-based or technology-based, and work to extract a
series of action items from the board¹s discussions over time. We expect to
act on board recommendations insofar as they mesh with changing business
conditions and complement Microsoft¹s business model.

PressPass: What¹s the roadmap for the Trustworthy Computing Academic
Advisory Board beyond this initial session?

Ladd: We envision meeting with the academic advisory board on a twice-yearly
basis and, as with this first meeting, presenting the topics that Microsoft
perceives to be of greatest importance. Our initial thinking was at least a
three-year lifespan for the group, but given the nature of security issues,
it¹s more likely to endure longer.

-------------------------------------
You are subscribed as updegrove () mail utexas edu
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


VP  for Information Technology          Phone (512) 232-9610
The University of Texas at Austin       Fax (512) 232-9607
FAC 248 (Mail code: G9800)              d.updegrove () its utexas edu
P.O. Box 7407                                   http://wnt.utexas.edu/~danu/
Austin, TX 78713-7407 

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.