In many ways, for me, 2013 has been theyear of the Dennings. It was the end ofApril this year, after publishing a profile

piece I wrote on Dorothy Denning – a giantin the world of cybersecurity research – thatI received an email note from her husband,Peter Denning, a computer scientist with hisown impressive list of accomplishments.

“I’ve seen many interviews with Dorothy”,he tells me in a subsequent conversation,adding that my profile “was the only onethat seemed to grok her – you kind of gotwho she is.” I was flattered by the feedback,which was accompanied by his offer to haveour own chat about his views on thecomputing landscape.

Our scheduled one-hour conversationturned into a two-hour-plus marathon thattook me from the decade of Free Love rightup through today’s era of handheldsmartphones with more computing powerthan was available on the Apollo 11Command Module.

A “Pure” Computer ScientistDenning’s resume is one to be envious of:educated at Manhattan College then MIT,followed by faculty positions at Princetonand Purdue, and then onto NASA’s AmesResearch Center in California, where hefounded its Research Institute for Advanced

Computer Science (RIACS) – and that’s just asample. All the while, Denning churned outacademic papers and books on his chosen

field of computerscience – and ontopics beyond hisresearch purists.

For the past eleven years, Denning hasserved as the chair of the Computer ScienceDepartment at the Naval PostgraduateSchool in Monterey, California. Born in 1942in Queens, New York, and then raised in

Connecticut, he recalls that, a little morethan a decade ago, Dorothy “caught wind”of the NPS’ need for a department chair,“and we always had this notion that wewould return to California someday.”

Describing himself as “more of a purecomputer scientist” than his better half,the two took positions in differentdepartments at the school, where theyhave both been ever since. His expertiselies in the design, control and managementof operating systems, and the principlesthey employ.

I ask Denning to tell me about the balancehis current position at NPS requires. “I teachsix sections a year. I like being with thestudents. I like to know who are they, andwhat’s on their minds.” Recent courses hehas taught to his pupils – who at about age30, are older than your typical graduatestudent – include operating systems andGreat Principles of Computing.

“The majority of our students come to uswith Bachelor degrees in other fields. We’velearned how to help students transition intocomputer science, and then fulfill all themaster’s science degree requirements,including thesis, and graduate on time”, hetells me. “This is not a job that I’ve evercome across in other universities”, Denningsays. In his experience, at other institutions,

12 Q4 /// 2013

When Egypt’s great library in Alexandria wasdestroyed, with it went centuries of scientific andcultural knowledge. In much the same fashion, asthe PC era dawned, lost were the fundamentalsecurity principles accumulated by computing’sinnovators. Drew Amorosi recaps his historylesson as provided by Peter Denning

Interview:

Peter Denning

We wound up cultivating

a whole generation of

people who were

building computers and

operating systems, who

knew nothing about the

past, and cared nothing

about the past

Infosec Mag Q4_Infosec Mag Q4 24/09/2013 09:03 Page 12

it’s hard if not impossible to crack into themaster’s program if you don’t have abachelor’s in computer science.

Denning says the US Navy goes throughcycles of emphasis regarding its advanceddegrees. Not too long ago, the focus was onthose with business administration skills, buthe has witnessed a change in this philosophyas of late. “The Navy and the military forcesare beginning to shift back in the directionof wanting more science and technology,because they need their officers to be smartand creative in the pitch of battle.”

A Dream Come TruePeter Denning is considered a pioneer in thefields of computing and networking. It’s alabel that can be viewed both positively andnegatively. First, we think of pioneers asbeing at the cutting edge of a particulardevelopment, but as time goes by, thesesame pioneers can be characterized as out-of-touch. This is not the case with Denning,from what I can gather.

I ask Denning to take me on a trip back toMIT, and paint a picture of how the world ofcomputing as we know it today was so verydifferent during the late 1960s. “I wasinspired by all the visions that the designershad, about things that could be accomplished

with these new kinds of systems”, he relays.The need for “time sharing” on thesecomputing systems was necessary todistribute their immense cost over manyusers, and as he recounts, “personalcomputing was a dream.”

I ask him about the pocket-sized devicesmost of us carry around today, and whetherhe ever pondered such advancementsduring his time at MIT. “When I was agraduate student that was like a dream”, hereminisces. “There were people runningaround at MIT saying, ‘One day we’re goingto have a desktop computer’. It never ceasesto amaze me, that stuff I dreamed aboutwhen I was a kid, or a graduate student,actually came true!”

Early RecognitionIt is often said in the information security fieldthat as computing and networking advanced,security was an afterthought – a bolt-onfeature that lacked attention during thedevelopment and design phases. Butconsidering that both computing andnetworking had their origins in military andgovernment uses, this is likely a misconception.As Denning points out, the formative years ofcomputing lacked the widespread inter-connectivity of today’s environment. When it

comes to data protection, he affirms,connectivity “just expands the problem.”

Shortly after joining the faculty atPrinceton in the late sixties, Denning wasasked to chair a national task force todesign a core course on operating systems.“We had five main topic areas, and one ofthem was protection and security. So thiswas actually recognized from the verybeginning”, he says.

I then ask Denning what he admits is arather controversial question: How dotoday’s operating systems stack up in termsof security when compared with those likeMultics from Project MAC and the IBMcommercial systems of his early career?

Back in the late 1960s to early 1970s, hesays, computers were highly expensivemachines – each costing a couple of milliondollars in a time when a million dollarsmeant something. These forerunners to thepersonal computing era – the commercialoperating systems he referred to – “had allthis fantastic functionality” and addressedfundamental security issues. Denning adds,however, that others in the field ofcomputer science were looking for cheaperalternatives to help bring this price down,yet still maintain the functionality of thecommercial mainframe systems.

www.infosecurity-magazine.com /// 13

@InfosecurityMag

Denning earned his master’s from MIT, where heworked on the school’s Project MAC

INTERVIEW

Infosec Mag Q4_Infosec Mag Q4 24/09/2013 09:03 Page 13

Power to the People“They called it Unix”, Denning says,referring to Bell Labs' colleagues’ firstattempts to scale down computers – both inprice and size. “They really wanted theinteractive features of Multics…and theprotection and security and sharingfeatures, but they didn’t want to pay hugesums of money to get them.”

What Denning describes to me sounds a lotlike an earlier version of the consumerizationtrend of the last several years – albeit on ahigher level. It brings us to the late 1970s toearly 1980s timeframe, “when the chipsstarted to come out”, Denning continues.“Apple Computer, and Atari and all thosecompanies, were little garage kind of things,and they said, ‘We want to make thecomputer so simple that you can have one,and you can be an ordinary person in yourhouse, and own one.’”

So that’s what companies like Apple setout to do, Denning says in reflection. “Theircomputers were so small and simple thatthey couldn’t really hold an operatingsystem, the memories were too small. It wasmore like ham radio.”

I then ask Denning if he was one ofthose garage-based tinkerers, in the spirit ofa Steve Wozniak. “I was interested in it, bigtime”, he responds.

“By the time the PC revolution started,operating systems had got pretty big”, butDenning admits that in today’s terms, theywere a “historical curiosity. So the folks whowere trying to pioneer [PCs] had a kind ofanimosity against operating systems,because they thought that it resulted incorporations blocking the small guy out ofusing computers.”

Let History be Your GuideI then transition our conversation to thecontemporary era of computing – thehandheld, smartphone/mobile era wecurrently occupy – and ask Denning how thisevolution has affected both security and hisapproach to teaching about the operatingsystems that underlie them.

“I think there’s a deeper issue here, whenyou’re talking about security, which is that

these people produced a new generation ofcomputer builders who started out dislikingoperating systems and anything having todo with big computers, and disavowingthem, and trying to go down their ownpath”, Denning observes.

The issue here, he concludes, is that thisnew group of PC builders lacked a historicalknowledge of the security issues thatconfronted an older generation ofmainframe technologists. “So, we wound upcultivating a whole generation of peoplewho were building computers andoperating systems, who knew nothing aboutthe past, and cared nothing about the past.”

The result, as he sees it, was a decades-long delay in confronting the security issuesthat forbearers of the PC contemplated –and in many cases addressed.

With history as a guide, nevertheless,Denning says recent years have witnessed areturn to these fundamental security issuesthat the old mainframers encountered.“There’s been a lot of security research inthe last few years, which is basically orientedon resurrecting old knowledge and adaptingit to the new world.” He then issues aclarification: “It’s not simply going to theACM [Association for Computing Machinery]digital library and looking up the old papers,it’s kind of like re-discovering and re-inventing the knowledge.”

Sometimes Older is BetterIt’s with more than a bit of nostalgia thatDenning laments the rise of the mobileoperating system, regardless of its securityissues. Take Apple’s OS X, which he calls“one of his favorite operating systems”. Auser of this for years, Denning regrets thatApple is adapting newer versions to mirrorthe appearance and functionality of iPhonesand iPads.

I ask him about the progress of securityover the last two decades or so, specificallythe progress made by that other popularvendor of operating systems. “Microsoft hadstarted with DOS, a really, really awful andinsecure operating system, and then theycame out with Windows as a way to try andrespond to Apple”.

Microsoft wasn’t serious about securityduring the formative years of the Windowsoperating system, Denning remembers. Thischanged soon enough, he admits, as thecompany realized that security issues wereresulting in big hits to its reputation – thetrust factor. “So Microsoft started to getvery serious about this, and they brought inSteve Lipner, who seems to have been a biggodsend for them…they made some verysignificant improvements in the security oftheir systems.”

As we close the conversation – at least thesecurity portion – I ask Denning if, from hisperspective, there is one operating systemthat stands out as being the most secure. Hisresponse is certainly diplomatic, if not basedon decades of experience.

“I don’t think it’s completely theoperating system anymore”, he tells me.“We worry about the network as a whole,we worry about the way we organize theservers at the network.”

Security, in the view of this operatingsystem ‘expert’, is more about networking,connectivity, and the people who use andoperate these devices. “These issuestranscend individual operating systems.”

Perhaps the most important lesson Ilearned from this accomplished teacher isthat there are basic constants we can’tforget if we expect to enjoy success in anyfield – data security included. “Althoughtechnologies have changed a lot, we stillkeep on using the same fundamentalprinciples for design. And the more weunderstand those principles the better offwe’ll probably be”, Denning concludes. Ican’t help but recall the great Americanfootball coaches like Vince Lombardi orChuck Knoll, who stressed that soundfundamentals are the underlyingcomponent to any successful endeavor,regardless of how the game changes.

The issues facing security professionals,software designers, hardwaremanufacturers, and end-users are “notsomething that one operatingsystem is going to solve”, hecontends. “Each one has to makeits little contribution.”

14 Q4 /// 2013

Infosec Mag Q4_Infosec Mag Q4 24/09/2013 09:03 Page 14