Gligor was born in
Zalău and lived in
Bucharest, Romania, until his late teens. He received his high school degree and baccalaureate at the
Gheorghe Lazăr National College. After completing the first year as a student in the Faculty of Automatic Control and Computer Science at
Politehnica University of Bucharest, he earned a national scholarship to study in the United States, where he received his
B.Sc.,
M.Sc., and
Ph.D. degrees from the
University of California at Berkeley. While a graduate student he was a Lecturer in EECS at the
University of California, Santa Barbara. Between 1976 and 2007 he taught at the
University of Maryland, College Park, and since 2008 he has been a Professor in the Department of Electrical and Computer Engineering at
Carnegie Mellon University (CMU). Until 2015, he was also the co-director of CyLab, CMU’s security and privacy research institute. He was a visiting professor at
University of Cambridge, UK, ETH Zurich and EPF Lausanne in Switzerland, SMU in Singapore, and a long-time consultant to Burroughs and IBM corporations. He served on Microsoft’s Trusted Computing Academic Advisory Board and SAP’s Security Advisory Board. He has been an advisory board member of several security and privacy institutes including those of Johns Hopkins University and Pennsylvania State University in the US, CISPA Saarbrucken, Germany, and KTH Stockholm, Sweden. Gligor co-chaired several conferences and symposia, including the ACM Computer and Communication Security, IEEE Security and Privacy, the
Internet Society’s Network and Distributed Systems Security, the IEEE Dependable Computing for Critical Applications, and IEEE-ACM Symposium on Reliability in Distributed Software and Databases. He was an editorial-board member of Information Systems, Journal of Computer Security, ACM Transactions on Information System Security,
IEEE Transactions on Computers, IEEE Transactions on Mobile Computing, and was the Editor in Chief of the IEEE Transactions on Dependable and Secure Computing.
Research Gligor’s research in computer and network security spans over four decades. He began his career with work on the design of protection mechanisms of capability-based systems. In particular, he initiated the area of protection-mechanism verification of complex instruction set architectures and processor security testing. In the early 1980s, Gligor provided the first precise definition of the
denial-of-service (DoS) problem in operating systems and extended it to network protocols thus helping establish
availability as a first-class security concern. He and his students published all DoS research papers during the 1980s, including the Yu-Gligor model. In the mid’ 80s he and Gary Luckenbaugh were the principal designers of the
Secure Xenix, which was the first Unix-class commodity operating system to be evaluated at the B2 security level according to the NSA’s TCSEC. He and his students co-designed the first automated tools for storage-channel analysis, penetration analysis for C-language programs, pattern-oriented (i.e., signature-based) intrusion detection tool for Unix systems. During the 1990s, Gligor co-designed
secure message authentication codes for Kerberos v5 and
inter-domain authentication for OSF’s Distributed Computing Environment. His research also led to new
formal models of access control, mainly for separation-of-duty and application-oriented policies. He was the principal author of several security guidelines in NSA’s NCSC
Rainbow Series for TCSEC, including those on security testing, trusted facility management, covert channel analysis, and trusted recovery. In early 2000s, his research focused on lightweight cryptographic schemes and protocols. He is a co-inventor of the first efficient
authenticated-encryption scheme in one pass over the data and
random-key pre-distribution in large sensor networks. The later scheme, which was co-designed with his student L. Eschenauer, gave rise to a
uniform random intersection graph, or simply a
random key graph. Its k-connectivity and k-robustness are properties of interest in social networks, recommender systems, clustering and classification analysis, circuit design, cryptanalysis of hash functions, trusted and small-world networks, and epidemics modeling. He also co-authored of the first distributed algorithms for detecting sensor-node replication attacks. In the 2010s, Gligor’s research was on
trustworthy computer systems and the design of micro-hypervisors, trusted paths, I/O channel isolation, trust establishment for networks of humans and computers, and on protection against distributed denial of service on the Internet. In 2019 he designed the first method for software root of trust establishment in a computer system that is
unconditionally secure; i.e., without secrets, trusted hardware modules/tokens, or bounds on the adversary’s computation power. Most recently, Gligor co-authored the first
I/O separation model for formal verification of kernels implementations. Over the years, Gligor’s research papers received several conference awards.
Notable Awards In 1995, Gligor was awarded the
Doctor Honoris Causa degree at Universitatea Politehnica. In 2005, he received the 2006 National Information Systems Security Award jointly given by the United States
National Security Agency (NSA) and
National Institute of Standards and Technology (NIST) for contributions to access control mechanisms, penetration analysis, denial-of-service protection, cryptographic protocols, and applied cryptography. In 2011, he was awarded the ACM SIGSAC Outstanding Innovation Award for innovations in secure operating systems as well as covert channel analysis, intrusion detection, and secure wireless sensor networks. In 2013, he was given Technical Achievement Award by the
IEEE Computer Society for his pioneering work and leadership in the area of computer and network security. In 2019 he was inducted in the National Cybersecurity Hall of Fame, and in 2020, together with B.Parno and A. Perrig, he received a Test of Time Award from the IEEE Security an Privacy Symposium for their 2005 work on distributed detection of node replication attacks in sensor networks. == References ==