Yet conspiracy theories abound. In 2005, the issue was part of a final exam in a cryptology course at the University of Virginia.Cavalier Daily. Computer science professor receives award: State Council of Higher Education honors David Evans as recipient of this year's Outstanding Faculty Award, 3 February 2009.
UVa Today. U.Va. Computer Scientist David Evans Wins Statewide Outstanding Faculty Award. 29 January 2009.
David Evans, an associate professor of computer science at the University of Virginia, is one of a dozen professors in Virginia named 2009 Outstanding Faculty Award winners by the State Council of Higher Education for Virginia. The commonwealth's highest honor for faculty at Virginia's public and private colleges and universities recognizes superior accomplishments in teaching, research and public service.UVa Today. U.Va. Engineering School Student Probes Facebook's Vulnerabilities. 30 January 2008.
"I'm especially honored to win this award, since it recognizes all the areas important to professors: teaching, research, public service and communicating and exporting knowledge beyond the University," said Evans, whose research focuses on computer security. "I've been very fortunate to be able to work at a University with such a great culture, vibrant environment, and terrific students."
Cavalier Daily. $4.6 million grant to enable network security research. September 13, 2007.
UVa Today. MURI Award Aims to Dramatically Improve System Security. September 11, 2007.
Arts & Sciences Magazine. Computer fix: Gary McGraw's work helps protect the software that makes the world go 'round. February 16, 2007.
Charlottesville Podcasting Network. Charlottesville-Albemarle Democratic Breakfast: Are Electronic Voting Machines Vulnerable?. Saturday, January 20, 2007.
Podcast of panel moderated by Jim Heilman, former registrar of Albemarle County. The other panelists were Rick Sincere, Charlottesville Electorial Board Secretary, and Will Harvey, Secretary of the Albemarle County Electorial Board).
Recording: (Charlottesville Podcasting Network)
Excerpts from this also aired on Virginia's National Public Radio stations.
Roanoke Times. Computer Expert: Scrap All Paperless Voting Machines, 16 November 2006. [Original Article] [Local Archive] (Talk slides: [PPT] [PDF])
Radio Interview: Voice of America News (with Neil Currie), 7 November 2006. (electronic voting equipment)
Arts & Sciences Magazine. Computer Science for College Students. 18 August 2006.
New Scientist. Unnatural selection in the cyber world. 22 July 2006. [Subscription Required]
An excerpt is available on Bruce Schneier's blog: Security and MonocultureThe Cavalier Daily. College to offer new Computer Science major. 27 February 2006.
Last year, a group of researchers at the University of Virginia, Charlottesville, performed a similar attack on a copy of Linux whose instruction set was protected by randomised encryption. They used a slightly more complex approach, making a series of guesses about different parts of the randomisation key. This time it took over 6 minutes to force a way in: the system was tougher, but hardly invulnerable.
These attacks set off a vibrant debate in security communities about precisely how secure operating system diversity needs to be.
InsideUVA Online. Better voting machines. November 4-18, 2005.
Radio Interview: AM Charlottesville featuring Tony Booth (AM 1260), 14 January 2004. (Windows Vulnerabilities)
Television Interview: NBC29 News at Sunrise and Today Show Cut-in (Dana Hackett), 22 December 2004. (Cellphone Malcode)
Radio Interview: AM Charlottesville featuring Tony Booth (AM 1260), 17 December 2004. (Email Worms)
Radio Interview: AM Charlottesville featuring Tony Booth (AM 1260), 27 October 2004. (Spyware)
UVa Engineering News. What Biology Can Teach Us About Computer Security, September 2004.
Across the country, University of Virginia computer scientist David Evans has taken this notion of cellular segregation one step further. Three years ago, he and his colleagues developed a program that shows how a software network might function if limited to the same rules governing cellular interaction. ...Information Security Magazine. BIOLOGY: Back to Nature?. July 2004. [Original Article] [Archive Copy]
Building cartoon spheres might seem a little frivolous, but Evans says the experiment has solid business-world roots. A security specialist, he says it was the creativity of Internet hackers that forced him to consider a more creative approach to network defense.
"The attackers have really taken advantage of the interconnectedness of the Internet," he says. "Defenders haven't."
But, David Evans warns, some of that optimism may be misplaced. "The security problems we have to solve are very different from the ones biology has solved," says the University of Virginia computer science professor.InformIT. Security Expert Gary McGraw on Black Hats, the U.S. Government, and Good vs. Evil, 11 June 2004. [Original Article] [Archive Copy]
Seth: Who are your mentors?New York Times (from CNet News). Will code check tools yield worm-proof software?, 26 May 2004. [C|Net Article] [NY Times Version Archive]
Gary: My first mentor, back in my University of Virginia days, was Richard Rorty. As an impressionable young scholar, I took a few graduate-level courses from him. He didn't know I thought of him as a mentor, although I told him so several years later when I attended a lecture of his at Indiana! My second mentor was Doug Hofstadter, whose brilliant work continues to serve as an inspiration to many people. Doug was a great advisor in grad school, and I loved working with him.
As I got into security, I developed very close relationships with many people in the community. I consider these people more colleagues than mentors, and there are too many to list here exhaustively, but among my most trusted advisors are Avi Rubin, Ed Felten, Crispin Cowan, Dave Evans, Paul Kocher, Carl Landwehr, Peter Neumann, Jon Pincus, Marcus Ranum, Fred Schneider, and Bruce Schneier. My work would not be the same without their regular input.
"Down the road, you want everyone to be using these tools in their compilers," said David Evans, assistant professor for computer science at the University of Virginia and the creator of some of the code analysis technology used by Reflective. "It is a real embarrassment to the industry that people still produce code with buffer overflows."
Monticello News. Electronic Wheel Cipher is Added to Monticello Site, 30 April 2004. [Archive Copy]
The three students - Matthew John Spear, Chalermpong Worawannotai,and Edward Mitchell- created the electronic Wheel Cipher as an assignment for a class taught by Professor David Evans. ...Network World Fusion, Security holes force firms to rethink coding processes, 19 April 2004. [Archive Copy] [Original Article]
Much security review remains manual - and might be more art than science - though automated tools for application and source-code analysis are becoming more available. Freeware tools, such as Splint or the Rough Auditing Tool for Security ("Rats") maintained by Secure Software, also can be of help.TechNewsWorld, Security: What's Good About Computer Viruses, 5 March 2004. [Archive Copy] [Original Article]
While we await evolutionary changes in computer-human relations, new threats in our current computing environment appear almost daily.The Cavalier Daily, Professors utilize more technology, 2 March 2004.
As Evans put it, "The key to having secure systems is to have designs where the impact of a single vulnerability is limited, and where the system can recover from attacks faster than the attackers can launch them."
"The links aren't entirely applicable to the class itself but allow us to expand out knowledge if we so desire," Ensele said.
Technology Review, From Artificial Intelligence to Artificial Biology?, November 2003. [Archive Copy] [Original Article]
This shift is not only transforming the research of leading academic groups at places like Stanford University, the University of California, Berkeley, and the University of Virginia but also influencing the development of commercial products...The Wall Street Journal, Web Privacy Services Complicate Feds' Job, Sean Marciniak, 3 July 2003.
"We need to move towards a programming philosophy where we look at the global system and understand what properties it needs to have, rather than thinking about programming as a sequence of instructions," says David Evans, who is pursuing biologically inspired programming methods as a computer science professor at the University of Virginia. "It's really a different way of approaching problems."
Evans notes that software today is written linearly, with each step depending on the previous one, more or less guaranteeing that bugs will wreak havoc: in biological terms, organisms with no redundancy don't survive long if one means of accomplishing a task fails. More robust software would include many independent components so that it will continue to work even if several of its components fail.
David Evans, assistant professor of computer science at the University of Virginia, says that today's encryption techniques demoralize code-breakers. "Based on a pure brute-force search, typical modern encryption systems would require not just thousands of years, but quadrillions of quadrillions of years to break," he says.
Cavalier Daily, A new generation of students (Letter to the Editor), 24 March 2003.
It was surprising to find various faculty members and College Dean Edward L. Ayers quoted in the article on "grade inflation" (Making the Grade, March 19) stating that today's University students are no better than those of the past only a few weeks after Dean Ayers suggested learning about our university's history. In 1970, admission to the University was primarily available only to those who were white, male and Christian. Admission today is open to everyone, yet the size of incoming classes has grown slower than the population. As a result, admission to the University is approximately 5 times more competitive than it was in 1970. Further, today's students are far better prepared that those of 30 years ago — unlike 1970s students, many of today's students had parents who went to college and nearly all had grade school teachers with college degrees.
As a result, nearly all University students today are bright, creative and hard-working, and I find most of them are able to understand concepts no one understood in 1970. It should not be surprising, then, that many faculty have a hard time failing enough students to keep average grades consistent with historical grade distribution patterns.
Assistant Professor, Department of Computer Science
"There's too much pressure on software vendors to get to market quicker," says David Evans, a computer science professor at the University of Virginia. "And there's not enough pressure from the government or legal system for them to get it right."
UVa Top News Daily, Computer Students Offer Novel Look at Jefferson's Rotunda by Joanna Gluckman, 29 May 2002. [Archive Copy]
Life imitates art, but does art imitate computer science?
The only defense is to make passwords nearly impossible to guess, but such strength requires that the password be selected in a totally random fashion. That's a tall order for humans, said David Evans, an assistant professor of computer science at the University of Virginia.
"When humans make passwords, (they) are not very good at making up randomness," he said.
Virginia Alumni News, Booting Up: Better technology through soccer, Winter 2001.
Daily Progress, Coaches preparing players for RoboCup2001, 8 August 2001.
The serendipity of the Web is a wonderful thing. When I returned from the meeting where I raised this concern, I plied Google with the four-word search group, "security isolation aggregation policy." One click later, I was reading someone's trip notes on last May's IEEE Symposium on Security and Privacy, which included two promising papers: "Hardening [Off-the-Shelf] Software with Generic Software Wrappers," by employees of Trusted Information Systems Inc., and "Flexible Policy-Directed Code Safety," by MIT researchers David Evans and Andrew Twyman.
The Code Analyser LCLint. By David Santo Orcero, May 2000.
Debugging code is never fun, but this tool makes it a bit easier.
Linux Gazette, Static
checking of C programs with LCLint. By Pramode C E and Gopakumar
C E. Issue 51, March 2000.
LCLint is justifiably angry at such amateurish use of C, but he is gentle in his admonishments.
Ix (German Linux Magazine), includes LCLint in an article, Lint als C-Syntax-Prufer in the July 96 issue.