Virgil D. Gligor

Last updated
Virgil D. Gligor
Born (1949-07-30) July 30, 1949 (age 74)
Zalău, Romania
NationalityAmerican
Alma mater University of California at Berkeley
Awards1995 Doctor Honoris Causa, Politehnica University of Bucharest
2006 National Information Systems Security Award
2011 ACM SIGSAC Outstanding Innovation Award
2013 IEEE Technical Achievement Award
2019 Inductee in the National Cyber Security Hall of Fame
2020 Test of Time Award (with B. Parno and A. Perrig), IEEE Security and Privacy Symposium.
Scientific career
Fields Computer science
Institutions University of Maryland
Carnegie Mellon University

Virgil Dorin Gligor (born July 30, 1949) is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

Contents

Education and career

Gligor was born in Zalău and lived in Bucharest, Romania, until his late teens. He received his high school degree and baccalaureate at the Gheorghe Lazăr National College. After completing the first year as a student in the Faculty of Automatic Control and Computer Science at Politehnica University of Bucharest, he earned a national scholarship to study in the United States, where he received his B.Sc., M.Sc., and Ph.D. degrees from the University of California at Berkeley. While a graduate student he was a Lecturer in EECS at the University of California, Santa Barbara. Between 1976 and 2007 he taught at the University of Maryland, College Park, and since 2008 he has been a Professor in the Department of Electrical and Computer Engineering at Carnegie Mellon University (CMU). Until 2015, he was also the co-director of CyLab, CMU’s security and privacy research institute. [1] He was a visiting professor at University of Cambridge, UK, ETH Zurich and EPF Lausanne in Switzerland, SMU in Singapore, and a long-time consultant to Burroughs and IBM corporations. He served on Microsoft’s Trusted Computing Academic Advisory Board and SAP’s Security Advisory Board. He has been an advisory board member of several security and privacy institutes including those of Johns Hopkins University and Pennsylvania State University in the US, CISPA Saarbrucken, Germany, and KTH Stockholm, Sweden.

Gligor co-chaired several conferences and symposia, including the ACM Computer and Communication Security, IEEE Security and Privacy, the Internet Society’s Network and Distributed Systems Security, the IEEE Dependable Computing for Critical Applications, and IEEE-ACM Symposium on Reliability in Distributed Software and Databases. He was an editorial-board member of Information Systems, Journal of Computer Security, ACM Transactions on Information System Security, IEEE Transactions on Computers, IEEE Transactions on Mobile Computing, and was the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing.

Research

Gligor’s research in computer and network security spans over four decades. He began his career with work on the design of protection mechanisms of capability-based systems. [2] [3] In particular, he initiated the area of protection-mechanism verification of complex instruction set architectures [4] and processor security testing. [5] In the early 1980s, Gligor provided the first precise definition of the denial-of-service (DoS) problem in operating systems [6] and extended it to network protocols [7] thus helping establish availability as a first-class security concern. He and his students published all DoS research papers during the 1980s, including the Yu-Gligor model. [8] In the mid’ 80s he and Gary Luckenbaugh were the principal designers of the Secure Xenix, [9] [10] which was the first Unix-class commodity operating system to be evaluated at the B2 security level according to the NSA’s TCSEC. [11] [ circular reference ] He and his students co-designed the first automated tools for storage-channel analysis, [12] penetration analysis for C-language programs, [13] [14] pattern-oriented (i.e., signature-based) intrusion detection tool for Unix systems. [15]

During the 1990s, Gligor co-designed secure message authentication codes [16] for Kerberos v5 and inter-domain authentication [17] for OSF’s Distributed Computing Environment. His research also led to new formal models of access control, mainly for separation-of-duty and application-oriented policies. [18] He was the principal author of several security guidelines in NSA’s NCSC Rainbow Series for TCSEC, including those on security testing, trusted facility management, covert channel analysis, and trusted recovery. [19] [ circular reference ]

In early 2000s, his research focused on lightweight cryptographic schemes and protocols. He is a co-inventor of the first efficient authenticated-encryption scheme in one pass over the data [20] [21] and random-key pre-distribution in large sensor networks. [22] The later scheme, which was co-designed with his student L. Eschenauer, gave rise to a uniform random intersection graph, or simply a random key graph. Its k-connectivity and k-robustness are properties of interest in social networks, recommender systems, clustering and classification analysis, circuit design, cryptanalysis of hash functions, trusted and small-world networks, and epidemics modeling. [23] He also co-authored of the first distributed algorithms for detecting sensor-node replication attacks. [24]

In the 2010s, Gligor’s research was on trustworthy computer systems and the design of micro-hypervisors, trusted paths, I/O channel isolation, [25] trust establishment for networks of humans and computers, [26] and on protection against distributed denial of service on the Internet. [27] In 2019 he designed the first method for software root of trust establishment in a computer system that is unconditionally secure; i.e., without secrets, trusted hardware modules/tokens, or bounds on the adversary’s computation power. [28] Most recently, Gligor co-authored the first I/O separation model for formal verification of kernels implementations. [29] Over the years, Gligor’s research papers received several conference awards.

Notable Awards

In 1995, Gligor was awarded the Doctor Honoris Causa degree at Universitatea Politehnica. [30] In 2005, he received the 2006 National Information Systems Security Award jointly given by the United States National Security Agency (NSA) and National Institute of Standards and Technology (NIST) for contributions to access control mechanisms, penetration analysis, denial-of-service protection, cryptographic protocols, and applied cryptography. [31] In 2011, he was awarded the ACM SIGSAC Outstanding Innovation Award for innovations in secure operating systems as well as covert channel analysis, intrusion detection, and secure wireless sensor networks. [32] In 2013, he was given Technical Achievement Award by the IEEE Computer Society for his pioneering work and leadership in the area of computer and network security. [33] In 2019 he was inducted in the National Cybersecurity Hall of Fame, [34] [35] [ circular reference ] and in 2020, together with B.Parno and A. Perrig, he received a Test of Time Award from the IEEE Security an Privacy Symposium for their 2005 work on distributed detection of node replication attacks in sensor networks. [36]

Related Research Articles

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

Markus Guenther Kuhn is a German computer scientist, currently working at the Computer Laboratory, University of Cambridge and a fellow of Wolfson College, Cambridge.

<span class="mw-page-title-main">Aircrack-ng</span> Software suite

Aircrack-ng is a network software suite consisting of a detector, packet sniffer, WEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless network interface controller whose driver supports raw monitoring mode and can sniff 802.11a, 802.11b and 802.11g traffic. Packages are released for Linux and Windows.

Shahid H. Bokhari is a highly cited Pakistani researcher in the field of parallel and distributed computing. He is a fellow of both IEEE and ACM. Bokhari's ACM Fellow citation states that he received the award for his "research contributions to automatic load balancing and partitioning of distributed processes", while his IEEE Fellow award recognises his "contributions to the mapping problem in parallel and distributed computing".

M. Dale Skeen is an American computer scientist. He specializes in designing and implementing large-scale computing systems, distributed computing and database management systems.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

A wireless ad hoc network (WANET) or mobile ad hoc network (MANET) is a decentralized type of wireless network. The network is ad hoc because it does not rely on a pre-existing infrastructure, such as routers or wireless access points. Instead, each node participates in routing by forwarding data for other nodes. The determination of which nodes forward data is made dynamically on the basis of network connectivity and the routing algorithm in use.

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This function of encryption makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a hash function generation of a random number, constrained within mathematical parameters determined by the prover and verifier.

Blacker is a U.S. Department of Defense computer network security project designed to achieve A1 class ratings of the Trusted Computer System Evaluation Criteria (TCSEC).

Carsten Lund is a Danish-born theoretical computer scientist, currently working at AT&T Labs in Bedminster, New Jersey, United States.

ProVerif is a software tool for automated reasoning about the security properties found in cryptographic protocols. The tool has been developed by Bruno Blanchet.

Daniel (Danny) Dolev is an Israeli computer scientist known for his research in cryptography and distributed computing. He holds the Berthold Badler Chair in Computer Science at the Hebrew University of Jerusalem and is a member of the scientific council of the European Research Council.

Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy.

<span class="mw-page-title-main">Yuval Elovici</span>

Yuval Elovici is a computer scientist. He is a professor in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev (BGU), where he is the incumbent of the Davide and Irene Sala Chair in Homeland Security Research. He is the director of the Cyber Security Research Center at BGU and the founder and director of the Telekom Innovation Laboratories at Ben-Gurion University. In addition to his roles at BGU, he also serves as the lab director of Singapore University of Technology and Design’s (SUTD) ST Electronics-SUTD Cyber Security Laboratory, as well as the research director of iTrust. In 2014 he co-founded Morphisec, a start-up company, that develops cyber security mechanisms related to moving target defense.

Adrian Perrig is a Swiss computer science researcher and professor at ETH Zurich, leading the Network Security research group. His research focuses on networking and systems security, and specifically on the design of a secure next-generation internet architecture.

Automotive security refers to the branch of computer security focused on the cyber risks related to the automotive context. The increasingly high number of ECUs in vehicles and, alongside, the implementation of multiple different means of communication from and towards the vehicle in a remote and wireless manner led to the necessity of a branch of cybersecurity dedicated to the threats associated with vehicles. Not to be confused with automotive safety.

<span class="mw-page-title-main">Mark Tehranipoor</span>

Mark M. Tehranipoor is an Iranian American academic researcher specializing in hardware security and trust, electronics supply chain security, IoT security, and reliable and testable VLSI design. He is the Intel Charles E. Young Preeminence Endowed Professor in Cybersecurity at the University of Florida and serves as the Director of the Florida Institute for Cybersecurity Research. Since June 2022, he has served as the chair of the Department of Electrical and Computer Engineering at the University of Florida. He is a fellow of IEEE, ACM, and NAI as well as a Golden Core member of the IEEE. He is a co-founder of the International Symposium on Hardware Oriented Security and Trust (HOST). He is the recipient of the 2023 SRC Aristotle award. Tehranipoor also serves as a co-director of the Air Force Office of Scientific Research CYAN and MEST Centers of Excellence.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

<span class="mw-page-title-main">Jean-Pierre Hubaux</span> Swiss-Belgian computer scientist spezialised in security and privacy

Jean-Pierre Hubaux is a Swiss-Belgian computer scientist specialised in security and privacy. He is a professor of computer science at EPFL and is the head of the Laboratory for Data Security at EPFL's School of Computer and Communication Sciences.

References

  1. "Virgil Gligor Bio". Cylab. Carnegie Mellon University. Retrieved 28 September 2013.
  2. Gligor, V. D. (November 1979). "Virgil D. Gligor. Review and Revocation of Access Privileges Distributed through Capabilities, IEEE Transactions on Software Engineering, SE-5 Vol. 6 (November 1979)". IEEE Transactions on Software Engineering. SE-5 (6): 575–586. doi:10.1109/TSE.1979.230193. S2CID   15951232.
  3. Gligor, V. D.; Lindsay, B. G. (November 1979). "Virgil D. Gligor and Bruce G. Lindsay. Object Migration and Authentication, IEEE Transactions on Software Engineering, SE-5 Vol. 6, (November 1979)". IEEE Transactions on Software Engineering. SE-5 (6): 607–611. doi:10.1109/TSE.1979.230196. S2CID   12104353.
  4. "Virgil D. Gligor. The Verification of the Protection Mechanisms of High-Level Language Machines, International Journal of Computer and Information Sciences, Vol. 12, No. 4, (October 1983)". doi:10.1007/BF00991620. S2CID   28348311.{{cite journal}}: Cite journal requires |journal= (help)
  5. "Virgil D. Gligor. Analysis of the Hardware Verification of the Honeywell SCOMP, Proc. of the IEEE Symposium on Security and Privacy, Oakland, California, April 1985".
  6. "Virgil D. Gligor. A Note on the Denial-of-Service Problem, Proc. of the IEEE Symposium on Computer Security and Privacy, Oakland, California, April 1983".
  7. "Virgil D. Gligor. On Denial of Service in Computer Networks, Proc. of International Conference on Data Engineering, Los Angeles, California, February 1986, pp. 608-617". February 1986: 608–617. doi:10.1109/ICDE.1986.7266268. S2CID   207929094.{{cite journal}}: Cite journal requires |journal= (help)
  8. "Jonathan K. Millen, A Resource Allocation Model for Denial of Service, Proc.of the IEEE Symposium on security and Privacy, Oakland, CA, pp. 137 - 147, (April 1992)". May 1992: 137–147. doi:10.1109/RISP.1992.213265. S2CID   45827681.{{cite journal}}: Cite journal requires |journal= (help)
  9. Gligor, V. D.; Chandersekaran, C. S.; Chapman, R. S.; Dotterer, L. J.; Hetch, M. S.; Jiang, Wen-Der; Johri, A.; Luckenbaugh, G. L.; Vasudevan, N. (February 1987). "Virgil D. Gligor, et al. Design and Implementation of Secure XENIX, IEEE Transactions on Software Engineering, SE-13 (2): 208-221, February1987". IEEE Transactions on Software Engineering. SE-13 (2): 208–221. doi:10.1109/TSE.1987.232893. S2CID   15376270.
  10. Gligor, V. D.; Chandersekaran, C. S.; Jiang, Wen-Der; Johri, A.; Luckenbaugh, G. L.; Reich, L. E. (February 1987). "Virgil D. Gligor, et al. A New Security Testing Method and its Application to the Secure Xenix Kernel, IEEE Transactions on Software Engineering, SE-13 (2): 169 - 183, (February 1987)". IEEE Transactions on Software Engineering. SE-13 (2): 169–183. doi:10.1109/TSE.1987.232890. S2CID   519024.
  11. "Xenix-Section on Trusted Xenix".
  12. Tsai, C.-R; Gligor, V. D.; Chandersekaran, C. S. (June 1990). "Chii-Ren Tsai, Virgil D. Gligor, C. Sekar Chandersekaran. On the Identification of Covert Storage Channels in Secure Systems. IEEE Transactions on Software Engineering, SE-16 (6): 569-580, (June 1990)". IEEE Transactions on Software Engineering. 16 (6): 569–580. doi:10.1109/32.55086.
  13. Gupta, Sarbari; Gligor, Virgil D. (January 1992). "Sarbari Gupta and Virgil D. Gligor. Towards a Theory of Penetration-Resistant Computer Systems, Journal of Computer Security, vol. 1, no. 2, pp. 133-158, (April 1992) (also in Proc. of 4th IEEE Computer Security Foundations Workshop, Franconia, New Hampshire, pp.62–78, (June 1991))". Journal of Computer Security. 1 (2): 133–158. doi:10.1109/CSFW.1991.151571. S2CID   33315521.
  14. "Sarbari Gupta and Virgil D. Gligor. Experience with a Penetration Analysis Method and Tool, Proc. of 15th National Computer security Conference, Baltimore, MD, pp. 165-183 (October 1992)" (PDF).{{cite journal}}: Cite journal requires |journal= (help)
  15. "Shiuhpyng W. Shieh and Virgil D. Gligor. A Pattern-Oriented Intrusion-Detection Model and its Applications. 1991 IEEE Symposium on Security and Privacy: 327-342 (May 1991)". May 1991: 327–342. doi:10.1109/RISP.1991.130800. S2CID   41801062.{{cite journal}}: Cite journal requires |journal= (help)
  16. "Stuart G. Stubblebine and Virgil D. Gligor. On Message Integrity in Cryptographic Protocols. Proc. of the 1992 IEEE Symposium on Research in Security and Privacy, Oakland, California, pp. 85 – 104 (May 1992)". May 1992: 85–104. doi:10.1109/RISP.1992.213268. S2CID   5212905.{{cite journal}}: Cite journal requires |journal= (help)
  17. "Virgil D. Gligor, Shy-Wei Luan, and Joseph N. Pato. Inter-realm Authentication in Large Distributed Systems. Proc. of the 1992 IEEE Symposium on Research in Security and Privacy, Oakland, California, pp. 2 - 17 (May 1992)". May 1992: 2–17. doi:10.1109/RISP.1992.213274. S2CID   26406376.{{cite journal}}: Cite journal requires |journal= (help)
  18. "Virgil D. Gligor, Serban I. Gavrila and David Ferraiolo, On the Formal Definition of Separation-of-Duty Policies and their Composition. IEEE Symposium on Security and Privacy, Oakland, California, pp. 172-185 (May 1998)". May 1998: 172–183. doi:10.1109/SECPRI.1998.674833. S2CID   9966261.{{cite journal}}: Cite journal requires |journal= (help)
  19. "NSA, National Computer Security Center, Rainbow Series Books".
  20. "Virgil D. Gligor and Pompiliu Donescu. Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes. Fast Software Encryption, M. Matsui (ed.), Lecture Notes in Computer Science 2355, Springer Verlag, April 2001, ISBN 3-540-43869-6". doi: 10.1007/3-540-45473-X_8 .{{cite journal}}: Cite journal requires |journal= (help)
  21. "Virgil D. Gligor and Pompiliu Donescu. Block encryption method and schemes for data confidentiality and integrity protection, US Patent No. 6973187, Priority Data: 60/179,147, 31 January, 2000".
  22. "Laurent Eschenauer and Virgil D. Gligor. A Key-Management Scheme for Distributed Sensor Networks. Proc. of ACM Conference on Computer and Communication Security, Washington DC, pp. 41-47, (November 2002)". doi:10.1145/586110.586117. S2CID   2086986.{{cite journal}}: Cite journal requires |journal= (help)
  23. Zhao, Jun; Yağan, Osman; Gligor, Virgil (May 2017). "On Connectivity and Robustness in Random Intersection Graphs". IEEE Transactions on Automatic Control. 62 (5): 2121–2136. arXiv: 1911.01822 . doi: 10.1109/TAC.2016.2601564 . S2CID   16341712.
  24. "B. Parno, A. Perrig, V. Gligor. Distributed detection of node replication attacks in sensor networks. Proc. of IEEE Security and Privacy Symposium, pp. 49-63, (May 2005)". May 2005: 49–63. doi:10.1109/SP.2005.8. S2CID   8370738.{{cite journal}}: Cite journal requires |journal= (help)
  25. "Zongwei Zhou, Miao Yu and Virgil Gligor. Dancing with Giants: Wimpy Kernels for On-demand Isolated I/O. Proc. of IEEE Security and Privacy Symposium, vol. 13, no. 2, 2015, pp. 38-46 (May 2014)". May 2014: 308–323. doi: 10.1109/SP.2014.27 . S2CID   219907.{{cite journal}}: Cite journal requires |journal= (help)
  26. "Virgil D. Gligor and Jeannette Wing. Towards a Theory of Trust in Networks of Humans and Computers. Proc. of Security Protocols Workshop 2011, Cambridge, UK, LNCS 7114, Springer Verlag, pp. 223-242 (March 2011)". doi:10.1007/978-3-642-25867-1_22. S2CID   677462.{{cite journal}}: Cite journal requires |journal= (help)
  27. "Min Suk Kang, Soo Bum Lee and Virgil D. Gligor. The Crossfire Attack, in Proc. of IEEE Security and Privacy Symposium, pp. 127-141 (May 2013)". doi: 10.1109/SP.2013.19 . S2CID   781992.{{cite journal}}: Cite journal requires |journal= (help)
  28. "Virgil Gligor, and Maverick Woo. Establishing Software Root of Trust Unconditionally. Proc. of Network and Distributed System Security Symposium, San Diego, Ca, (February 2019) - Full Version" (PDF).
  29. "Miao Yu, Virgil Gligor and Limin Jia. An I/O Separation Model for Formal Verification of Kernel Implementations, Proc. of the IEEE Security and Privacy Symposium, pp. pp. 572-589, (May 2021)". May 2021: 572–589. doi:10.1109/SP40001.2021.00101. S2CID   237132794.{{cite journal}}: Cite journal requires |journal= (help)
  30. "Doctor Honoris Causa, Universitatea Politehnica din Bucuresti, November 23, 1995".
  31. "Gligor Wins National Security Award". James Clark School of Engineering. University of Maryland. November 14, 2005. Retrieved 28 September 2013.
  32. "ACM GROUP HONORS COMPUTER PRIVACY AND SECURITY EXPERTS" (PDF).
  33. "IEEE-CS Recognizes Five Technologists as Recipients of Technical Achievement Awards". Press Room. Los Alamitos, CA: IEEE Computer Society. 3 April 2013. Retrieved 28 September 2013.
  34. "Virgil Gligor inducted to the Cybersecurity Hall of Fame".
  35. "Cybersecurity Hall of Fame".
  36. "Five CMU Security and Privacy Papers Receive IEEE's Test of Time Award".


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.