Trustworthy Information Systems – A Myth or an Enabler?

Viable human societies in general and businesses in particular have always required trust. Our dramatically growing dependence on information systems inescapably allocates more and more of this trust from humans to technology. Unfortunately, both accumulated experience and a growing body of expert opinion increasingly call into serious question whether it is responsible to place substantial trust in this technology at all, especially in the face of professional attacks. The good news is that the state of the science of information security is astonishingly rich with solutions and tools to incrementally and selectively solve the hard problems. The bad news is that the state of the actual application of science, and the general knowledge and understanding of the existing science, is lamentably poor. The challenge for scholars and practitioners is to aggressively work to remedy this before our professional efforts to expand the reach of technology becomes a recipe for disaster.

Roger R. Schell is co-founder and President of Aesec Corporation, a new company focused on verifiably secure platforms for secure, reliable e-business. He is internationally recognized as a major contributor to the advancement of computer security concepts and the overall definition of network security. At Novell, he led their Class C2 network evaluation and managed development of product security. He was VP for Engineering at Gemini Computers where he developed their highly secure (Class A1) commercial product. He served as the founding Deputy Director of the National Computer Security Center, which he grew into a respected organization of more than 150 security professionals. For his work there he is widely regarded as the “father” of the Trusted Computer System Evaluation Criteria (the “Orange Book”), which has been the most widely used international security standard for computers and networks.

Dr. Schell originated several key modern security design and evaluation techniques and holds patents in cryptography and authentication. He has more than 60 publications, and was Associate Professor of Computer Science at the Naval Postgraduate School. The NIST and NSA recognized him with the 1991 National Computer System Security Award, the nation's highest honor in the computer security field. Dr. Schell is a retired USAF Colonel. He received a Ph.D. in Computer Science from the MIT, an M.S.E.E. from Washington State, and a B.S.E.E. from Montana State.