Dorothy E. Denning

Dorothy Elizabeth Denning (née Robling, born August 12, 1945) is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations.^[1][3] She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.^[4][5][6][7]

Dorothy Denning
Born	Dorothy Elizabeth Robling (1945-08-12) August 12, 1945 (age 79)
Nationality	American
Alma mater	University of Michigan (BA, MA) Purdue University (PhD)
Known for	Lattice-based access control Intrusion detection systems
Spouse	Peter J. Denning ​ (m. 1974)​
Awards	ACM Fellow (1995) National Cyber Security Hall of Fame (2012)
Scientific career
Fields	Computers Information security[1]
Institutions	Naval Postgraduate School Purdue University Digital Equipment Corporation Georgetown University
Thesis	Secure Information Flow in Computer Systems (1975)
Doctoral advisor	Herbert Schwetman[2]
Website	faculty.nps.edu/dedennin/

Early life and education

Dorothy Elizabeth Robling, daughter of C. Lowell and Helen Watson Robling, grew up in Grand Rapids, Michigan. She earned a Bachelor of Arts degree in mathematics in 1967 followed by a Master of Arts degree in 1969 at the University of Michigan. Her PhD thesis was on Secure Information Flow in Computer Systems and awarded in 1975 by Purdue University.^[2]

Career and research

Denning began her academic career at Purdue University as assistant professor from 1975 to 1981. While associate professor at Purdue (1981-1983), she wrote her first book, Cryptography and Data Security in 1982. She joined SRI International as computer scientist from 1983 to 1987, working on the first intrusion detection system and on database security. After a stint as principal software engineer at Digital Equipment Corporation's Palo Alto Systems Research Center (1987-1991), she returned to academe as chair of the Computer Science Department at Georgetown University. She later became Georgetown's Patricia and Patrick Callahan Family Professor of Computer Science and director of the Georgetown Institute of Information Assurance. In 2002 Denning became professor in the Department of Defense Analysis at the Naval Postgraduate School, Monterey, California, then distinguished professor in 2009, retiring as emeritus distinguished professor at the end of 2016.

Throughout her career, Denning anticipated and addressed the cyber security issues of the day. She was the first president of the International Association for Cryptologic Research (1983-1986). With husband Peter in 1997 she edited Internet Besieged: Countering Cyberspace Scofflaws, a comprehensive collection of essays on cyber security. In 1998 she wrote Information Warfare and Security. She testified multiple times before various congressional subcommittees studying technology,^[8] infrastructure,^[9] intellectual property,^[10] and cyberterrorism.^[11][12] Her innovations won awards, and her opinions stirred up controversy. A full list of publications is available on her full vita at the Naval Postgraduate School website.

Innovations

Denning has received over 20 awards for her innovations in computer security. Key contributions are described below.

"A Lattice Model of Secure Information Flow" presented in 1976^[13] provided a method for controlling access to data which is still used today.

Detecting intruders is key to protecting computer systems. While at SRI International, Denning and Peter G. Neumann developed an intrusion detection system (IDS) model using statistics for anomaly detection that is still the basis for intrusion detection systems today. SRI's Intrusion Detection Expert System (IDES)^[14] ran on Sun workstations and considered both user and network level data. It combined a rule-based Expert System to detect known types of intrusions with a statistical anomaly-detection component based on profiles of users, host systems, and target systems. (An artificial neural network was proposed as a third component; All three components would then report to a resolver). SRI followed IDES in 1993 with the Next-generation Intrusion Detection Expert System (NIDES).^[15] The Multics Intrusion Detection and Alerting System (MIDAS), which protected the National Security Agency's Dockmaster System from 1998 to 2001, is an example of a fielded expert-system-based IDS.^[16]

Denning improved data security via encryption technology. She introduced timestamps in key distribution protocols,^[17] cryptographic checksums for multilevel database security,^[18] and a method for improving the security of digital signatures with RSA and other public key crypto systems.^[19] She considered key escrow systems,^[20][21] Internet crime^[22] and hacking.^[23] Her book Cryptography and Data Security^[24] became an ACM Classic, introducing cryptography to many.

In database security, Denning found ways to reduce inference threats in multilevel databases.^[25] She reported on the problems of working with data across different classification levels.^[26]

With L. Scott, Denning wrote two papers on using Global Positioning Systems for geo-encryption to enhance data security.^[27][28]

Although she remained a technical expert, Denning's interests evolved to consider legal, ethical, and social issues. She addressed wiretapping,^[29] the growth of the Internet,^[30] cyber terrorism^[31] and cyber warfare.^[32] Her most recent papers focused on current cyber threats^[33] and defenses.^[34]

Controversy

Denning interviewed hackers for her research on hacking and "hactivism".^[35] She was criticized when she found positive things to say about their actions and wrote a 1995 postscript.

Denning was widely criticized for her role in NSA's controversial Clipper chip initiative to give the government authorized access to encrypted private communications through a key escrow system. At the government's request Denning privately reviewed the classified Skipjack block cipher, and testified in Congress that general publication of the algorithm would enable someone to build a hardware or software product that used SKIPJACK without escrowing keys.^[36] In public forums, such as the Usenet forum comp.risks, she defended the Clipper chip and other approaches to key escrow that offered strong security while enabling law enforcement to decrypt without a warrant.^[37] However, she did not advocate making key escrow mandatory. Eventually, Clipper was dropped and Skipjack was declassified and published.

Denning served as an expert witness in the 1990 trial of United States v. Riggs. Her testimony helped lead the government to drop charges against defendant Craig Neidorf,^[38] who had taken an electronic 911 directory across state lines.

In 1992, Denning challenged the existing national standard for evaluating trusted systems (TCSEC), noting that "By the time a system is evaluated it is obsolete." She maintained that "trust is not a property but an assessment" by the real world market.^[39] This was not the only criticism, and the TCSEC has since been replaced.

Lack of product liability for software is a contentious topic. When Denning proposed software vendors accept liability for errors in their products,^[40] the industry pushed back. Steve Lipner, charged with software security at Microsoft, argued that companies with deep pockets like Microsoft would be sued to death, even if they proved repeatedly that they followed the best secure software development practices.^[41] A few large vendors, such as Volvo, have announced plans to accept both hardware and software liability in their future autonomous cars when national product liability standards are established.^[42]

Awards and honors

• In 1995 Denning was named an ACM Fellow by the Association for Computing Machinery.^[43]
• The 1999 National Computer Systems Security Award recognized her "outstanding contributions to the field of computer security".
• Time magazine named her a security innovator in 2001.^[44]
• The 2001 Augusta Ada Lovelace Award from the Association for Women in Computing acknowledged "her outstanding in computer security and cryptography as well as her extraordinary contributions to national policy debates on cyber terrorism and information warfare".
• The 2004 Harold F. Tipton Award recognized "Sustained excellence throughout [her] outstanding information security career".
• In 2008 ACM's special interest group on security, audit and control (ACM SIGSAC) bestowed their Outstanding Innovator Award upon Dr. Denning.
• She was named a fellow of the International Information Security Certification Consortium (ISC2).
• In 2010 she was named a distinguished fellow of the Information Systems Security Association (ISSA).
• In 2012 she was among the first inductees into the National Cyber Security Hall of Fame.

The New Jersey City University named its new security center the Dr. Dorothy E. Denning Center of Academic Excellence in Information Assurance Education.^[45]

Personal life

While working on her PhD in computer science at Purdue University, she married Peter J. Denning in 1974.

Books

• Dorothy Denning (1982). Cryptography and Data Security. Addison-Wesley Publishing Company. ISBN 978-0201101508.
• Dorothy Denning, with Herbert S. Lin, ed. (1994). Rights and Responsibilities of Participants in Networked Communities. National Academies Press. ISBN 978-0309050906.
• Dorothy Denning, with Peter J. Denning (1997). Internet Besieged: Countering Cyberspace Scofflaws. Addison-Wesley Professional. ISBN 978-0201308204.
• Dorothy Denning (1998). Information Warfare and Security. Addison-Wesley Professional. ISBN 978-0201433036.

References

1. Dorothy E. Denning publications indexed by Google Scholar
2. Dorothy E. Denning at the Mathematics Genealogy Project
3. faculty.nps.edu/dedennin/
4. Denning, Dorothy Elizabeth Robling (1982). Cryptography and Data Security. Addison-Wesley. ISBN 0-201-10150-5.
5. Denning, Dorothy E. and Denning Peter J., editors, Internet Besieged: Countering Cyberspace Scofflaws, publisher ACM Press, Addison-Wesley, 1997, ISBN 0201308207
6. Denning, Dorothy Elizabeth Robling; Lin, Herbert S. (1994). Rights and responsibilities of participants in networked communities. National Academies Press. ISBN 978-0-309-05090-6.
7. Denning, Dorothy E. (1999). Information Warfare and Security. Addison-Wesley. ISBN 0-201-43303-6.
8. Denning Dorothy E. Testimony Before the Subcommittee on Technology, Environment, and Aviation of the Committee on Science, Space, and Technology, U.S. House of Representatives, May 3, 1994
9. Denning, Dorothy E. Testimony Before the Subcommittee on Aviation of the Committee on Transportation and Infrastructure, June 8, 1995
10. Denning, Dorothy E. Statement Before the Subcommittee on Courts and Intellectual Property Committee on the Judiciary, U.S. House of Representatives, March 4, 1999.
11. Denning, Dorothy E. "Cyberterrorism" Testimony Before the Special Oversight Panel on Terrorism, Committee on Armed Forces, U.S. House of Representatives, May 23, 2000
12. Denning, Dorothy E. and Baugh, W.E, Jr., Testimony Before the Senate Committee on the Judiciary, Subcommittee on Technology, Terrorism, and Government Information, Sept. 3, 1997
13. Denning, Dorothy E. Comm. ACM Vol 19, No. 5, May 1976
14. Denning D. and Neumann, P. "Requirements and Model for IDES- A Real-Time Intrusion-Detection Expert System, Final Report, SRI International, Aug. 1985
15. Excerpted from Intrusion detection
16. Tsirka, Maria, IDS portal, 12 May 2016
17. Denning Dorothy E. Comm. ACM Vol. 24 No. 8, Aug. 1981
18. Denning, Dorothy E. Proc. 1984 Symp. on Security and Privacy, April pp 52-61)
19. Denning, Dorothy E. Comm ACM 27,4, April 1984
20. "Descriptions of Key Escrow Systems" Feb. 26, 1997
21. "A Taxonomy for Key Escrow Encryption" with D. Branstad, Comm. ACM, vol. 39, No.3 March 1996,
22. "Crime and Crypto on the Information Superhighway"J. Criminal Justice Education, Vol. 6, No. 2 Fall 1995
23. Concerning Hackers Who Break into Computer Systems, Proc. 13th National Computer Security Conf, p.p. 653-654, 1990.
24. Denning, Dorothy E. Addison Wesley, May 1982.
25. " Commutative Filters for Reducing Inference Threats in Multilevel Database Systems, Proc. 1985 Symposium of Security and Privacy, April 1985, p.p. 52-61.
26. "Lessons learned from Modeling a Secure Multilevel Relational Database System", IFIP Working Group 11.3, Database Security, IFIP, 1987
27. Scott, L. and Denning Dorothy E., "Geo-Encryption: Using GPS to Enhance Data Security", GPS World, April 2003
28. Scott, L. and Denning, Dorothy E. "A Location Based Encryption Technique and Some of Its Applications", Institute of Navigation National Technical Meeting, 2003, January 22–24, 2003, Anaheim, CA, p.p. 734-740.
29. Denning, Dorothy E. (March 1993). "To Tap or Not to Tap". Communications of the ACM. 36 (3): 24–33, 42–44. doi:10.1145/153520.153523. S2CID 2403711.
30. Dorothy E. and Denning P. J. Internet Besieged: Countering Cyberspace ScofflawsACM Press Addison Wesley, 1997
31. Denning Dorothy E. "Whither Cyber Terror? 10 Years After September 11, A Social Science Research Council Essay Forum, September 2011
32. Denning, Dorothy E. Information Warfare and Security, Addison Wesley, 1998
33. Denning, Dorothy E. "North Korea's Growing Cyber Threat", The Conversation, February 20, 2018
34. Denning Dorothy E. "Cybersecurity's next phase: Cyber-deterrence", The Conversation, December 13, 2016
35. Denning, Dorothy E. "Concerning Hackers Who Break Into Computer Systems", Proc. 13th National Computer Security Conf. p.p. 653-664, Oct. 1990.
36. Brickell, Ernest F.; Denning, Dorothy E.; Kent, Stephen T.; Maher, David P.; Tuchman, Walter (1993-07-28). "SKIPJACK Review Interim Report The SKIPJACK Algorithm". Archived from the original on 1999-02-19.
37. Denning, Dorothy (1994-02-09). "Re: Campaign and Petition Against Clipper". RISKS Digest. 15 (48). Retrieved 2015-01-28.
38. Denning, Dorothy E. (March 1991). "The United States vs. Craig Neidorf: A Debate on Electronic Publishing, Constitutional Rights, and Hacking". Communications of the ACM. 34 (3): 24–32, 42–43. doi:10.1145/102868.102869. S2CID 14005171. Retrieved 7 April 2022.
39. Denning, Dorothy E. (1993). A New Paradigm for Trusted Systems. New Security Paradigms Workshop. doi:10.1145/283751.283772.
40. Denning, Dorothy E. "Towards More Secure Software", Communications of the ACM, 58(4), April 2015, 24-26
41. Steven B. Lipner at http://cacm.acm.org/magazines/2015/11/193336-security-assurance/abstract.
42. "Volvo CEO: We will accept all liability when our cars are in autonomous mode". Fortune. Retrieved 2022-05-08.
43. "ACM Fellows Award: Dorothy Denning". The Association for Computing Machinery. 1995. Retrieved 2008-04-01.
44. Cooper, Matthew (November 18, 2001). "Making The World Safer". Time.
45. http://www.nicu.edu/professional-security-studies/national-center-academic-excellence%5B%5D

External links

• Dorothy Denning oral history, Charles Babbage Institute, University of Minnesota.
• The Future of Cryptography, a 1996 essay in which Denning gave her view of the future
• Afterward to The Future of Cryptography, a 1999 essay in which Denning updated her view
• Dorothy Denning's Home Page at Georgetown University, not updated since 2002
• The Silver Bullet Security Podcast interview of Denning by Gary McGraw
• Gifts of Speech Testimony Concerning Computer Encryption by Dorothy Denning
• Ruritania, a classic Internet satire of Denning's opposition to citizen cryptography
• Declaration on Encryption Policy, a 1997 declaration in which Denning said that she did not recommend domestic restrictions on the use encryption within the United States, so long as all crypto keys are legally required to be accessible to the government by court order.