Dr. David Elliott Bell

A mathematician and computer security pioneer who co-developed the highly influential Bell-LaPadula security model, his management experience ranges from line management up to executive and Board of Directors responsibilities. For the MITRE Corporation, he ran a site, a major acquisition, and a group. For NSA, he was Deputy Chief of the Research Office of the Computer Security Center, Acting Chief of the Research Office, and COR for a major acquisition. At Trusted Information Systems, he was the senior Vice President and Corporate Secretary. He ran his own consulting company (BBND, Incorporated) before returning to the technical path at Mitretek Systems and EDS. He was born in Liberal, Kansas, and grew up in Winston-Salem, North Carolina. He graduated from high school in 1963 and attended Davidson College in Davidson, NC, graduating with a B.S. degree in Mathematics in 1967. He then attended graduate school at Vanderbilt University, receiving his M.S. degree in Mathematics in1969 and his Ph.D. in 1971. After graduation, he joined the MITRE Corporation in Bedford, Massachusetts and in the early 1970's, he co-developed the Bell-La Padula security model with Leonard J. La Padula. This model provided tools for guiding and analyzing computer systems under development. The last step in the model development was the application of the general model to the Multics operating system. When the Computer Security Center at the Department of Defense published its Trusted Computer System Evaluation Criteria in 1983, the Bell-La Padula model was the only security model included to illustrate the "security model" required at the B2 level and above. This development on a schedule resulted in a contract annex (Annex O) that specified the requirements levied on the contractor while laying out the security requirements levied on the entire system and on each of the three components. When work on the Trusted Network Interpretation began with the 1985 New Orleans workshop, he got public release on Annex O so that it could be used in developing general security requirements for networks. During the development of the Trusted Network Interpretation, Blacker's Annex O was the principal "worked example" of an A1 security network. Between 1986 and 1991, he was an active participant in the working group seeking to develop an "interpretation" of the Trusted Computer System Evaluation Criteria for trusted databases. In the final two years, he was the technical editor of the Trusted Database Interpretation, pulling together comments and suggestions into the final text. In 1991 and 1992, he published two papers, "Lattices, Policies and Implementations" and "Putting Policy Commonalities to Work", that together, showed that all the apparently different security policies that had been published were Boolean-Lattice policies, and were thus identical under the skin. His constructive result demonstrated how to realize each of the published policies using a single "Universal Lattice Machine." This work consolidated the apparently different security policies and made them one. He has served as FFRDC support to the Federal government on acquisitions; directly as a Federal employee; and both as prime and sub-contractor. At Trusted Information Systems, he performed final review of all proposals before submission. Among publications he has authored or co-authored are: "Some Observations on the Use of Internet Technology in Financial Services", 1998; "Generic Model Interpretation," 1996; "Modeling the 'Multipolicy Machine'?, 1994; "Putting Policy Commonalities to Work", 1991; "Lattices, Policies and Implementations", 1990; "Trusted Xenix Interpretation: Phase 1", 1990; "Concerning 'Modeling' of Computer Security", 1988; "Security Policy Modeling for the Next-Generation Packet Switch", 1988; "Working Towards A1", 1984; "Network Security Assurance", 1983 (with M. Schaefer); "Secure Computer Systems: Unified Exposition and Multics Interpretation", 1974 (with L. La Padula); "Secure Computer Systems: A Refinement of the Mathematical Model", 1974; "Secure Computer Systems: A Mathematical Model", 1973 (with L. La Padula); and "Secure Computer Systems: Mathematical Foundations", 1973 (with L. La Padula).