Embed Size (px)
Citation preview
In Memoriam: Paul Karger
NOVEMBER/DECEMBER2010■1540-7993/10/$26.00©2010IEEE■COPUBLISHEDBYTHEIEEECOMPUTERANDRELIABILITYSOCIETIES 5
A s Peter Neumann put it, “Paul contributed many significant papers on data
integrity, revocation, covert chan-nels, and perhaps most important, an approach to avoiding Trojan horses. He will long be remem-bered.” A summary of his career could fill many pages, but some brief highlights are included here.
Paul was a member of the Mul-tics development team at the Mas-sachusetts Institute of Technology. After graduation, he received his commission as an officer in the US Air Force, where he developed some of the original technology for penetration-resistant computer systems. He was also on the com-puter science faculty at the US Air Force Academy.
Assigned to the Multics vul-nerability assessment, he grew to understand not just the flaws he discovered but also the design principles whose violation led to vulnerabilities. More important, Paul’s insight pointed him to a verifiable “security kernel” as a highly effective defense against in-creasingly determined and sophis-ticated adversaries.
He clearly reflected his deep understanding as the lead author of the classic 1974 technical report, “Multics Security Evaluation: Vulnerability Analysis.” A decade later, Ken Thompson described an innovative trap door in his 1984 Turing Award paper, an idea he at-tributed to Paul’s report.
Paul joined Digital Equipment Corp. (DEC) around 1980, where
he founded its Secure Systems De-partment. There, he was the lead designer on the Security Enhanced VMS operating system prototype and the inspiration behind DEC’s A1-secure virtual machine moni-tor (VMM) security kernel. Paul’s design reduced the complexity of the system through his use of a strict layered approach, which also provided rigor and structure for the design and implementation. His approach to the VMM was one that he applied many times during his career, as have countless others.
Paul was also a visionary in co-vert channel analysis and a leading authority on the topic throughout his career. His early guidance was recognized when the National Computer Security Center cited his work as a primary reference for the covert channel analysis rationale in its 1987 “Trusted Network Inter-pretation” (aka the “Red Book”).
Later, he was security architect for the Open Software Founda-tion and researched wireline and wireless telephone security at GTE Laboratories.
Paul joined the security depart-ment at the IBM Thomas J. Wat-son Research Center in 1995 as a founding member of the compa-ny’s highly successful ethical hack-ing team.
Paul was a zealous advocate of high-assurance operating systems, often pointing out their superior reliability. Much of his research at IBM focused on the security of the inseparable interactions of operating systems, hypervisors,
and hardware. Although his back-ground was in software, he also worked to improve the security and performance of a wide range of hardware, from smart cards to large high-end servers.
Paul invented the first prac-tically applicable access control model that combined secrecy and integrity and allowed controlled sharing of data among commer-cial applications (a harder problem than strict isolation). He also col-laborated with logicians and cryp-tographers to create formal proofs that demonstrated the soundness of his models. He invented the first privacy-preserving authentication protocol for smart cards, which was incorporated into standards throughout Europe.
Paul sought to comply with and improve standards for evaluating the security of systems. One ex-ample was his work on Compos-ite Evaluation, which emphasized the need for full information flow between hardware and software developers of high-assurance sys-tems. He was also a significant contributor to the first crypto-graphic library ever to earn an Evaluation Assurance Level 5+ under the Common Criteria.
P aul’s vast publication and pat-ent record can be found at
www.research.ibm.com/people/ k/karger. He is survived by his wife Carol Lynn, and his daugh-ters Rebecca and Sarah. He will be greatly missed.
V.S. Naipaul’s latest book cites an African saying: “When an old person dies, we say a library has burnt down.” Paul Karger was far from old, and he had not only an encyclopedic (and bibliographic) knowledge of our field but also the ability to apply it to new situations. We have indeed lost a library, and more, with Paul’s passing in September. In recognition of his impact on the field, IEEE S&P solicited the following tribute from a few of his many colleagues and friends.
RogeR Schell
AESEC
Steve lipneR
Microsoft
MaRy ellen ZuRko, elaine R. palMeR, DaviD SaffoRD, anD chaRleS c. palMeR
IBM
caRl e. lanDwehR
University of Maryland
