Spaf's "Firsts"

• • •

In part, as Professor Spafford has been working in computing for so long, he (often working with his students) has been responsible for a number of "firsts" that have found their way into common terminology and practice but that many people do not associate with him. Here is a partial list.

Information Security

Viruses and Malware

• Spaf wrote the first English-language technical book on computer viruses and malware in 1989 (with Kathy Heaphy and David Ferbrache).
• Spaf first applied formalisms of artificial life to computer viruses in a paper in 1990.

Forensic Analysis

• Spaf defined the term and concept of software forensics (with Steve Weeber) in late 1991. *
• Applying forensic technology, and working with a group of Macintosh experts in 1992, Spaf participated in tracking down and identifying 3 students who wrote and released the MBDF virus. This resulted in the first ever criminal prosecution and conviction of authors of a computer virus.
• Spaf was an inaugural member of the Advisory Board to the FBI Regional Cybercrime Forensic Laboratory Program (2003).
• Spaf was the editor of the first computer crime book used at the FBI Academy (later published as Computer Crime: A Crime-Fighters Handbook by Seger, Von Storch, and Icove.

Security Tools & Intrusion Detection

• Dan Farmer, under Spaf's direction in 1990, developed and released COPS, the first publicly available security scanner.
• In 1991, Spaf developed the idea of target monitoring for intrusion detection. In 1992, Spaf and Gene Kim developed this idea into the first free intrusion detection system distributed on the Internet: Tripwire®, since commercialized by Tripwire, Inc..
• In 1994, Spaf (with Sandeep Kumar) first defined theoretical limits on intrusion detection based on misuse detection matching methods.
• In 1994, Spaf and Mark Crosbie first described distributed intrusion detection using agent-based methods.
• About 1999, Spaf developed a concept for measuring the integrity of a computing system. This was at the core of a commercial offering developed and marketed by SignaCert, Inc. (now defunct).

Network Security

• In 1989, Spaf designed what may have been the first honeypot system with deception to observe and capture intrusions, primarily from people who thought they were hacking into his main system. At the time, people were hoping to get his copies of the Internet Worm code, and security tools he had designed and written about.
• In 1990, Spaf used (in a security class) the word firewall ; this may have been the origin of the term for the network defense mechanism we now know today. Although the term had been used a few times before in the context of a barrier between "inside" and "outside" network components, it had not been used to describe any technology similar to the firewall of today. The 1990 presentation described the construction of a two-stage application firewall with proxies. In 1991 this design and usage appeared in print (co-authored with Simson Garfinkel) in Practical Unix Security* -- one of the first printed references.
• In 1991, in Practical Unix Security, Spaf defined the ideas of multi-part firewalls and proxies. *
• In 1991, Practical Unix Security, may have contained the first description of network denial of service attacks by flooding services with too many packets, including packets with forged source addresses. * (If anyone has an earlier citation, please let me know.)
• In 1991–1992, Spaf designed the first honeynet for a unit of the Air Force. It was classified for years, so he never published about it.
• In 1996, with several of his students, Spaf defined one of the first active monitoring techniques to counter denial of service attacks on networks.
• In 1996, C. Schuba working with Spaf as his advisor, defined the first reference model for firewalls.
• In 1996, C. Schuba working with Spaf as his advisor, developed the first native ATM firewall based on authenticated signalling.
• In 2007, Spaf was a coauthor of the AF Scientific Advisory Board, Implications of Cyber Warfare, that introduced the idea that the military should focus on resiliency rather than perfect protection.

Other

• In 1989, Professor Spafford wrote the first papers on the application of formalized ethical theory to system hacking and virus writing.
• In 1990, Spaf founded the first academic incident response team accredited by FIRST: the PCERT. (Now defunct.)
• Spaf has been credited with formalizing the concept of cyber deception in 1989.
• In 1996, with M. Atallah and K. Pantazopoulos, described non-cryptographic methods of secure outsourcing of computation. (Purdue was granted a patent on this technology for its novelty. This led to the development of the company Arxan.)

Usenet

• Spaf published the first set of newusers documents for Usenet ca. 1982 (and continued to maintain and post them for the next 11 years).
• Spaf developed the concept of the Usenet backbone ca. 1983.
• Spaf created the idea of the Usenet newgroup "ballot" ca. 1987.
• Spaf was moderator of one of the first moderated newsgroups not represented by a gated mailing list (news.newusers).

Software Engineering

• Spaf helped develop (with Hiralal Agrawal) the concept of dynamic slicing of programs for debugging, 1989.
• Spaf defined the concept of environmental bugs (faults) in software in 1989.

Selected Other Firsts

• With George Leach, Spaf was the founder and co-chair in 1989 of the Workshop on Experiences with Building Distributed and Multiprocessor Systems, later named the Symposium on Experiences with Building Distributed and Multiprocessor Systems. This is now known as the Usenix Symposium on Operating Systems Design & Implementation (OSDI).
• With Annie Antón, Spaf was the founder and co-chair of the Symposium on Requirements Engineering for Information Security (SRIES).
• In 1998, Spaf was the founder of the world's first multidisciplinary academic center for information security/assurance: CERIAS. He has also served as its first director and executive director.
• Spaf is credited with being the first person to use and describe cyber deception in defense, in 1989. He heled the Air Force develop an early honeynet in 1991, but was unable to publish about it at the time.
• Spaf is the first (and so far, only) person to receive every major award in the field of cybersecurity, including the National Computer Security Award, be inducted into the Cyber Security Hall of Fame, receive the Kristian Beckman Award, be named to the ISSA Hall of Fame, receive the SANS Lifetime Achievement Award, and receive the Hal Tipton Award.
• Spaf is the first (and so far, only) person to be named as a Fellow of the of the (ISC)², ISSA (as a Distinguished Fellow), ACM, IEEE. American Association for the Advancement of Science (AAAS), and American Academy of Arts and Sciences (AAA&S).

Top

* Note: Although these items were in a work of joint authorship, Spaf was the one who originated the term or concept in his portion of the contribution.