Ravi Sandhu

Keynote by Prof. Ravi Sandhu

Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio (USA)

Title: The Science, Engineering and Business of Cyber Security

Time: Wednesday, Nov 6th, 2013 at 8:30 am in Room C01

Abstract: I will use the rare opportunity of this keynote talk to give my perspective on the general state and future prospects for cyber security, and the consequences of this perspective with respect to cyber security research and education. The ambiguous status of computer science in modern academia has persisted through the thirty plus years of my career. Does it belong in the College of Science or the College of Engineering? How about the College of Business? Is it worthy of a separate College of its own? I believe this ambiguity is a manifestation of the fundamental difference between computer science relative to traditional sciences and engineering disciplines. The forces of science, engineering and business come together and reconcile in a particularly unique way in computer science, and within computer science cyber security brings additional peculiarities to this reconciliation.

My outlook on cyber security is generally optimistic. I believe at the consumer level market and social forces will drive developed societies to a relatively low assurance of security and privacy analogous to the current state of internet security. The large-scale adoption of internet services across diverse global populations is one indicator that the average consumer is reasonably comfortable with the collateral risks. But nothing is automatic, so social organization will be required to compensate for the intrusions of big government and big business which may turn out to be the much bigger problem than big crime. At the same time I share the concern of many senior national security officials and thought leaders on the increasingly grave threat of cyberwar and cyberterrorism. The US Department of Defense has publicly recognized cyberspace as a man-made domain on par with land, sea, air and space within which wars will be conducted and facilitated. Many other nations and militaries are preparing offensive and defensive cyber capabilities.

My talk will elaborate on these notions and seek to glean some lessons for cyber security researchers.

Bio: Ravi Sandhu is Executive Director of the Institute for Cyber Security at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security in the Department of Computer Science. Previously he was on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi respectively, and MS and PhD degrees from Rutgers University. He is a Fellow of IEEE, ACM and AAAS, and has received awards from IEEE, ACM, NSA and NIST. A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL and private industry. His papers have accumulated over 25,000 Google Scholar citations including over 6,000 citations for his seminal role-based access control paper. He has authored over 235 papers with over 100 co-authors. He is ranked as the number one non-cryptographer and number five overall at Microsoft Academic Search for Security and Privacy.

His papers on role-based access control established it as the dominant form of access control in practical systems. His numerous other models and mechanisms have also had considerable influence. He is Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and founding General Chair of the ACM Conference on Data and Application Security and Privacy. He previously served as founding Editor-in-Chief of ACM Transactions on Information and System Security and on the editorial board for IEEE Internet Computing. He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security and the ACM Symposium on Access Control Models and Technologies and chaired their Steering Committees for many years. He has served as General Chair, Program Chair and Committee Member for numerous security conferences. He has consulted for leading industry and government organizations, and has lectured all over the world. He was a co-founder of TriCipher, a Silicon Valley security start-up acquired by VMware. He is an inventor on 29 security technology patents. At the Institute for Cyber Security he leads multiple teams conducting research on many aspects of cyber security including secure information sharing, social computing security, cloud computing security, secure data provenance, attribute-based access control and botnet analysis and detection, in collaboration with researchers all across the world.