Security 7 award winner Dorothy Denning:
Fresh out of college and working in computer security in the late '80s, Paul Proctor was toying with some ideas...
about an emerging technology called intrusion detection. But it wasn't until he read Dorothy Denning's groundbreaking 1987 paper, "An Intrusion Detection Model," that he knew he was on the right track.
"That was like a spark that made me go very heavily into intrusion detection. She provided that spark with her ideas," recalls Proctor, who went on to write a book on the subject and is now a research vice president with Gartner.
He also remembers how much time Denning spent talking with him--when Proctor was 22--at a series of IDS workshops held by research institute SRI International. "Here's this Ph.D. who has done all this seminal work, and she was giving me not only the time of day, but engaging me in real conversations."
Proctor is one among scores in information security who have been influenced by Denning, who pioneered the field as a writer, researcher and professor. In the infosecurity world, Denning is like actor Kevin Bacon and has six degrees of separation from anyone, says Amit Yoran, former cybersecurity chief at the Department of Homeland Security.
"You'd probably find that many people in the field, at one point or other, were students or colleagues of hers," says Yoran, a student of Denning's in the early 1990s when she taught at Georgetown University.
Today, a professor of defense analysis at the Naval Postgraduate School in Monterey, Calif., Denning has penned more than 120 articles and four books, including Cryptography and Data Security and Information Warfare and Security. She's won numerous awards, and was named a Time magazine innovator in 2001. She's also held many leadership and advisory roles, including serving on the boards of companies formerly headed by Yoran and Proctor.
Her work, she says, has been mostly driven by intellectual curiosity rather than a sky-is-falling complex: "I can honestly say I'm not motivated by some sense of doom--that I've got to do this or the Internet is going to fall apart," Denning says.
Growing up in Grand Rapids, Mich., Denning excelled at math and spent summers working at her father's wholesale building supply business. When she headed to the University of Michigan, she figured on becoming a high school math teacher.
But as a computer science doctoral student at Purdue University in 1972, she took a class on operating systems that proved life-changing. Security was one of the topics the class studied, and Denning was hooked. She chose it for her thesis topic, and produced what became the influential lattice model for secure information flow. The class changed her life in more ways than one--she later married the man who taught it.
Denning has been a visionary, says Peter Neumann, principal scientist at SRI's computer science laboratory. In addition to her pioneering work in cryptography and intrusion detection, Denning broke ground in database security. At SRI, she and Neumann worked on SeaView, a project to develop a model for a multilevel secure database system.
"She's been keenly aware of emerging problems early on," Neumann says.
Denning also doesn't shy away from controversial positions. "She's not afraid to stand up to anyone and justify her position," Yoran says. In the '90s, her support of the ill-fated Clipper chip, which would have allowed U.S. officials to decipher coded messages, brought her heavy criticism. "Clipper Chick" was one of the monikers bestowed on her.
"I don't regret anything I did," Denning says. "But I think the right decisions were made by the government to liberalize [encryption] export controls. That period led to a lot of innovation in cryptography."
More recently, she's known for inventing geo-encryption, a technology for scrambling data until it reaches a certain location.
A major focus for Denning these days is cyberterrorism. After much study, she's concluded that terrorists aren't close to posing a major threat on the Web. "You won't see the power grid shut down by terrorists anytime soon, at least not from the indicators I've found," she says.
This story was originally published by Information Security Magazine, part of the TechTarget network.