acm-header
Sign In

Communications of the ACM

Voices

Inspiration and Trust


In August 1984, Communications published one of the most important works in the literature on information security and assurance—the Turing Award essay "Reflections on Trusting Trust" by Ken Thompson [3]. In a concise and elegant manner, Thompson presented what may be the fundamental reason why real-world cyber security is so difficult: At some level we must trust that what we are using is correct because we cannot verify it. Furthermore, the essay embodied other important points, including the problem of the insider threat, as well as the lesson that technology alone cannot address all the problems of security. It is no wonder that it is on every significant "required reading" list concerning security, privacy, and assurance and has served to inspire so many professionals to get as close as they can to solutions to these problems.

I am one of those people whose career was changed by the opportune appearance of that particular essay. In 1984 I was developing the second generation of the CLOUDS distributed kernel for my Ph.D. thesis at Georgia Tech, where I was also helping administer some of the machines that were part of the early NSFnet and Usenet. Those experiences impressed on me the difficulty of configuring systems correctly to protect against intruders and exploitation. When queried, my faculty advisors steered me toward the extant literature in security, which dealt largely with cryptography, covert channels, and capability architectures. These topics didn't give me much insight into how to protect our current operational systems, nor did they seem to suggest that such lines of inquiry might be of longer-term academic interest.

One advisor told me I was wasting my time "playing" with security. The emergence of computer viruses and major intrusions, such as the one detailed in the "Cuckoo's Egg" incident (my server was among the victimized and is why I am in the references here [2]), gave me firsthand experience with these emerging threats. It was clear to me that security issues were important, even if some of my professors didn't share that view.

This was the context in which the August 1984 issue appeared. Not only did Thompson's essay address some of the same questions I found interesting and vexing but in only a few pages reflected a level of complexity I had yet to consider. Best of all, it was by someone who was firmly involved in writing real operating systems (Thompson was a co-inventor of Unix), as well as being a response to a Turing Award. This short essay validated my interest in "playing" with security and influenced my career in the years to come.

When I first joined ACM 30 years ago as an undergraduate student at the urging of another of my professors, I wasn't sure what to expect from my membership. I soon discovered my subscription to CACM to be one of its greatest benefits. In part, the world of inquiry reflected in its articles and columns (and in some of the SIG newsletters) reinforced my decision to attend graduate school. CACM revealed problems and issues that never came up in my classes but that I recognized as worthy of greater thought. I wanted to be involved in addressing some of them.

The "positions available" section in each issue also encouraged me in my annual quest for student loans; the prospect of a productive career that would (eventually) pay off those loans was reassuring.

While in graduate school at Georgia Tech working on a Master's and then Ph.D. degree in operating systems, I continued to be interested in what was going on across the discipline, and CACM provided great exposure to the challenging landscape of computing. I would often take an issue with me when I knew I would have time somewhere (at, for example, the dentist's office), as it provided more interesting reading than could be found in what was normally left in the rack. One memorable occasion is when I was chastised by an otherwise entrancing inamorata because I evidenced (at the moment) more interest in those articles than in her arrival after class; I kept all my CACM issues long after we parted company, so perhaps it was indeed a harbinger, although we didn't realize it at the time.

After graduating with my Ph.D. and completing a short post-doc in software engineering, I was hired at Purdue in 1987. I kept up my background activities in applied security, along with my deep interest in the assurance problem. Thus, in late 1988 when the Internet Worm appeared, I was prepared to investigate and write about it, although I was not formally performing research in the area at the time. Furthermore, it led to my first publication in CACM [1], something I had set as a goal during my undergraduate days when I first became an ACM member.

In the years since then, the Thompson essay has continued to indirectly inspire portions of my work. My design of the Tripwire system (www.tripwire.com) in 1992, my development of the technology underlying the recent offerings by Signacert (www.signacert.com), and my research, including with my students on execution verification and forensics (spaf.cerias.purdue.edu/students.html), all relate back to the fundamental ideas in Thompson's essay. It also influenced some of my work on the Computing Curricula 91 task force [4] and other efforts in education and computing policy. I continue to believe that everyone working in computing should be familiar with Thompson's essay, as well as why he won the Turing Award.

CACM has certainly helped shape the thinking and careers of many in the field over the past 50 years, myself included. Congratulations on turning 50, and on the many lives yet to be influenced.

Back to Top

References

1. Spafford, E. Crisis and aftermath. Commun. ACM 32, 6 (June 1989), 678–687.

2. Stoll, C. The Cuckoo's Egg. Doubleday, New York, 1989.

3. Thompson, K. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761–763.

4. Tucker, A. Computing curricula 1991. Commun. ACM 34, 6 (June 1991), 68–84.

Back to Top

Author

Eugene H. Spafford (spaf.cerias.purdue.edu) is Executive Director of the Center for Education and Research in Information Assurance and Security and a professor in the Department of Computer Science in Purdue University, West Lafayette, IN. He is also chair of ACM's U.S. Public Policy Committee.


©2008 ACM  0001-0782/08/0100  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: