Thursday, December 23, 2010

A tribute to Paul Karger

At the 26th ACSAC we had the opportunity to remember Paul Karger together with his peers, colleagues and friends. Helmut Kurth spoke about the significance of Paul’s work for the IT security field and many people signed the book that was set up during the conference.

Paul’s visionary approach to important IT security topics like covert channel analysis, high-assurance operating systems, access control, composite evaluations and many more still has an impact on the security field and will do so in the future.

To show his understanding of IT security we would like you to take a look at this quote from 1974 Multics Vulnerability Analysis:

‘The internal controls of current computers repeatedly have been shown insecure through numerous Penetration exercises…. This insecurity is a fundamental weakness of contemporary operating systems and cannot be corrected by "patches", "fix-ups", or "add-ons" to those systems.

Rather, a fundamental reimplementation using an integrated hardware/software design which considers security as a fundamental requirement is necessary. In particular, steps must be taken to ensure the correctness of the security related portions of the operating system. It is not sufficient to use a team of experts to "test" the security controls of a system. Such a "tiger team" can only show the existence of vulnerabilities but cannot prove their non-existence.’
His articles, papers and patents would fill many pages – please take a look at his record at www.research.ibm.com/people/k/karger.

Paul died in Spetember 2010. He is survived by his wife Carol Lynn, and his daughters Rebecca and Sarah. He will be greatly missed.

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.