We are a group of computer scientists interested in the public disclosure of security vulnerabilities and the social problems created by emerging technologies.

Steve Bellovin

Steve Bellovin is an AT&T Fellow in the Network Services Research Lab at AT&T Labs-Research in Florham Park, New Jersey. He does research on networks, security and why the two don't get along. Dr. Bellovin was a member of the Internet Architecture Board from 1996-2002; he is now Security Area co-director, and hence a member of the Internet Engineering Steering Group (IESG). In 2001, he was elected to the National Academy of Engineering.

Matt Bishop

Matt Bishop received his Ph.D. in computer science from Purdue University, where he specialized in computer security, in 1984. He was a research scientist at the Research Institute of Advanced Computer Science and was on the faculty at Dartmouth College before joining the Department of Computer Science at the University of California at Davis. His main research area is the analysis of vulnerabilities in computer systems, especially their origin, detection, and remediation. He is also active in the areas of network security, the study of denial of service attacks and defenses, policy modeling, software assurance testing, and formal modeling of access control. He is active in information assurance education, and is a charter member of the Colloquium on Information Systems Security Education. His textbook, Computer Security: Art and Science, was published in December 2002 by Addison-Wesley-Longman.

Matt Blaze

Matt Blaze is a research scientist at AT&T Laboratories, where he studies the use of cryptography in computing and network security. His research focuses on the architecture, design and analysis of secure systems and on discovering new cryptographic primitives and techniques. He is responsible for a number of computer security and cryptologic concepts, including Trust Management, Remotely-Keyed Encryption, Atomic Proxy Cryptography, and Master-Key Cryptography. Blaze's research has also been influential in network-layer encryption (he co-designed "swIPe", a predecessor of the IPSEC standard for protecting Internet traffic), session-layer encryption, and filesystem encryption. Blaze's research has uncovered weaknesses in a number of published and fielded security systems, including the protocol failure in the U.S. Government's "Clipper" key escrow system that led to its abandonment, as well as a fundamental weakness in master keyed mechanical locks. Blaze has been long been a leader in the debate on encryption and computer security policy, having testified before Congress several times and having led and participated in a number of influential public-policy panels and reports. He holds a PhD in Computer Science from Princeton University.

Dan Boneh

Dr. Boneh heads the applied crypto group at the Computer Science department at Stanford University. Dr. Boneh's research focuses on applications of cryptography to computer security. He is the author of over 70 technical publications in the field. Dr. Boneh's work includes e-mail security, security for handheld devices and web servers, digital copyright protection, and cryptanalysis. He is a recipient of the Packard Award, the Alfred P. Sloan Award, and the Terman Award.

Simon Byers

Simon Byers obtained his Ph.D. in epidemiology and image analysis from University of Washington in 1998. Since then he has worked at AT&T Labs-Research on subjects such as fraud, network management and visualization, network abuse, service creation, data security and information warfare. For the last two years he has been exploring the unforseen interactive properties of emergent systems, specifically with regard to so-called "Functionality Abuse" and its use in disrupting technologies.

Bill Cheswick

Bill Cheswick logged into his first computer in 1969. Six years later, he was graduated from Lehigh University with a degree that looked like Computer Science. Cheswick has worked on (and against) operating system security for over 30 years. He contracted for several years at Lehigh and the Naval Air Development Center working on systems programming and communications. In 1987 (Morris minus 1) he joined Bell Laboratories as a Member of the Technical Staff, and worked there for over twelve years. He did early work on firewall design and implementation, including the first circuit-level gateway, for which he coined the term "proxy". Ches also worked on PC viruses, mailers, Internet munitions, and the Plan 9 operating system. He co-authored the first full book on firewalls, and has since toured the world giving media interviews and entertaining post-lunch security talks. Cliff Stoll, who is given to overstatement, has called Ches ``one of the seven avatars of the Internet.'' In 1998, Ches starting the Internet Mapping Project with Hal Burch. This work became to core technology of a Bell Labs spin-off, Lumeta Corporation, which explores the extent of corporate and government intranets and checks for host leaks that violate perimeter policies.

Lorrie Cranor

Dr. Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She came to CMU in December 2003 after seven years at AT&T Labs-Research. Dr. Cranor's research has focused on a variety of areas where technology and policy issues interact, including online privacy, electronic voting, and spam. She is chair of the Platform for Privacy Preferences Project (P3P) Specification Working Group at the World Wide Web Consortium and author of the book Web Privacy with P3P (O'Reilly 2002). In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. In the Spring of 2000 she served on the Federal Trade Commission Advisory Committee on Online Access and Security. She also serves on the editorial boards of the journals ACM Transactions on Internet Technology and The Information Society.

Ed Felten

Edward W. Felten is a Professor of Computer Science at Princeton University. He is also affiliated with the Program in Science, Technology and Environmental Policy, in the Woodrow Wilson School of Public and International Affairs, at Princeton University. His research focuses on computer security and privacy (especially on security and privacy issues related to consumer technology), and on technology law and policy. He has published more than sixty papers in the technical literature, and two books. He serves on advisory committees to several companies, to the Defense Advanced Research Projects Agency, and to the Association for Computing Machinery.

Dan Geer

Dr. Daniel E. Geer, trained as a computer scientist and biostatistician, ran development for MIT's Project Athena out of which came the X Window System, Kerberos and most of the first versions of what we take for granted in the Internet of today. He founded what was probably the first information security consultancy. Widely published both in journals and books, Dr. Geer has been active in professional life including eight years on the Board of the USENIX Association including two years as President. His 1998 speech, "Risk Management is Where the Money Is," changed the paradigm of both academic and commercial security development. He has testified at Congress multiple times and has served in an advisory capacity to the Departments of Justice, Defense, Commerce and Treasury, to the Federal Trade Commission, the National Institute of Justice, the National Research Council, and the Commonwealth of Massachusetts. He holds several security related patents, is a serial entrepreneur, and serves in both fiduciary and non-fiduciary roles for a small set of promising startups.

Tadayoshi Kohno

Tadayoshi Kohno is a doctoral student in the Cryptography and Security Laboratory at the University of California San Diego, where he focuses on both applied systems security and the theoretical and practical aspects of cryptography. He is also affiliated with the Johns Hopkins Information Security Institute. Prior to entering graduate school, Kohno worked as a cryptography and security consultant for Counterpane Systems (now Counterpane Labs) and for Cigital. As a consultant, he broke the security of proprietary systems and helped companies improve the security of their applications. Kohno is a National Defense Science and Engineering Graduate Fellow.

Carl Landwehr

Carl Landwehr coordinates the new Cyber Trust theme in the Computer and Information Science and Engineering Directorate of the National Science Foundation. He is on assignment from his position as Senior Research Scientist at the University of Maryland's Institute for Systems Research. For many years he conducted research in security flaw taxonomies, secure message systems, and security gadgets at the Naval Research Laboratory, and he served as a Senior Fellow at Mitretek systems, advising DARPA program managers on information assurance and survivability programs. His current research interests span many aspects of trustworthy computing, including high assurance software development, understanding software flaws and vulnerabilities, token-based authentication, system evaluation and certification methods, multilevel security, and architectures for intrusion tolerant systems.

Patrick McDaniel

Patrick McDaniel is a Senior Technical Staff Member of the Secure Systems Group at AT&T Labs-Research. He received his Ph.D. from the University of Michigan in 2001 where he studied the form, algorithmic limits, and enforcement of security policy. Patrick's recent research efforts have focused on security management in distributed systems, network security, and public policy and technical issues in digital media. Patrick is a past recipient of the NASA Kennedy Space Center fellowship, a frequent contributor to the IETF security standards, and has authored many papers and book chapters in various areas of systems security. Prior to pursuing his Ph.D. in the 1996, Patrick was a software architect and program manager in the telecommunications industry.

Gary McGraw


Gary McGraw, Cigital, Inc.'s CTO, researches software security and sets technical vision in the area of Software Quality Management. Dr. McGraw is co-author of four popular books: Java Security (Wiley, 1996), Securing Java (Wiley, 1999), Software Fault Injection (Wiley 1998), and Building Secure Software (Addison-Wesley, 2001). A noted authority on software and application security, Dr. McGraw consults with major e-commerce vendors, including Visa, MasterCard, and the Federal Reserve. Dr. McGraw has written over fifty peer-reviewed technical publications and functions as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. He serves on Advisory Boards of Counterpane, Aereous, and Cenzic as well as advising the CS Department at UC Davis. Dr. McGraw holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He regularly contributes to popular trade publications and is often quoted in national press articles.

Mike Reiter

Michael Reiter is a Professor of Electrical & Computer Engineering and Computer Science at Carnegie Mellon University in Pittsburgh, Pennsylvania, USA. He received the B.Sc. degree in mathematical sciences from the University of North Carolina in 1989, and the M.Sc. and Ph.D. degrees in computer science from Cornell University in 1991 and 1993, respectively. He joined AT&T Bell Labs in 1993 and became a founding member of AT&T Labs – Research when NCR and Lucent Technologies (including Bell Labs) were split away from AT&T in 1996. He returned to Bell Labs in 1998 as Director of Secure Systems Research, and then joined Carnegie Mellon in 2001. Dr. Reiter's research interests include all areas of computer and communications security and distributed computing. He regularly publishes and serves on conference organizing committees in these fields, and has served as program chair for the flagship computer security conferences of the IEEE, the ACM, and the Internet Society. He is a member of the editorial boards of ACM Transactions on Information and System Security, the International Journal of Information Security, and IEEE Transactions on Software Engineering. He also served as Chair of the IEEE Technical Committee on Security and Privacy for 2002–2003.

Avi Rubin

Dr. Avi Rubin is Associate Professor of Computer Science and Technical Director of the Information Security Institute at Johns Hopkins University. Prior to joining Johns Hopkins Rubin was a research scientist at AT&T Labs. Rubin is author of several books including Firewalls and Internet Security, second edition (with Bill Cheswick and Steve Bellovin, Addison Wesley, 2003), White-Hat Security Arsenal (Addison Wesley, 2001), and Web Security Sourcebook (with Dan Geer and Marcus Ranum, John Wiley & Sons, 1997). He is Associate Editor of ACM Transactions on Internet Technology, Associate Editor of IEEE Security & Privacy, and an Advisory Board member of Springer's Information Security and Cryptography Book Series. Rubin serves on the board of directors of the USENIX Association.

Bruce Schneier

Internationally-renowned security technologist and author Bruce Schneier is the Founder and Chief Technical Officer of Counterpane Internet Security, Inc., the innovator and leading provider of Managed Security Monitoring. He has authored eight books, including his latest endeavor Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Best-selling Applied Cryptography, the seminal work in its field, now in its second edition, has sold over 130,000 copies worldwide and has been translated into three languages. Schneier is responsible for maintaining Counterpane's technical lead in world-class information security technology and its effective implementation. He has presented papers at numerous international conferences, is a frequent writer, contributing editor, and lecturer on the topics of security, risk management, and privacy.

Richard M. Smith

Richard M. Smith is an Internet consultant based in Brookline, Massachusetts. He works primarily with the media, policy makers, and law enforcement to interpret Internet technologies. He has more 30 years of experience in the computer software field. He is also the former president of Phar Lap Software and the former Chief Technology Officer of the Privacy Foundation.

Adam Stubblefield

Adam Stubblefield is a doctoral student in the Security and Privacy Applied Research (SPAR) Lab at the Johns Hopkins Information Security Institute. He has authored papers in many areas of computer security and has participated in the analysis of several systems including the SDMI candidates, 802.11 WEP, and Diebold's voting terminals. He is the recipient of the CRA Outstanding Undergraduate Award and a USENIX Scholars Fellowship.

Dan Wallach

Dan Wallach is Assistant Professor of Computer Science at Rice University in Houston, Texas, USA. His research involves computer security and the issues of building secure and robust software systems for the Internet. Mobile code technology enables modern web browsers to run untrusted code from arbitrary sources without allowing these mobile programs to damage the user's computer. Wallach's pioneering efforts led to the development and standardization of the "stack inspection" security model, now used by Sun, Microsoft, and many other systems. Wallach has also studied security issues that occur in distributed and peer-to-peer systems, focusing on techniques that can increase the robustness of these systems against malicious nodes that do not necessarily follow protocols correctly. Wallach has also helped expose poor security designs in commercial technologies including "secure" music standards and "secure" electronic voting systems, both of which turned out to be easy to circumvent.