Thuy D. Nguyen

Department of Computer Science
Center for Information Systems Security Studies and Research
Naval Postgraduate School, Monterey, CA 93943
Phone: (831) 656-3989
Email: tdnguyen at nps.edu

AREAS OF EXPERTISE / RESEARCH INTERESTS

High Assurance Platform, Trusted OS, Separation Kernel
Dynamic Security Services, Multilevel Security
Hardware Security
Security Evaluation
Security Requirements Engineering, Information Systems Security Engineering

PROFESSIONAL EXPERIENCE

2002 – Present Research Associate of Computer Science, Naval Postgraduate School

1995 – 2002 Senior Manager, Gemini Computers, Inc.

1992 – 1995 Product Manager, Gemini Computers, Inc.

1985 – 1992 Senior Engineer, Gemini Computers, Inc.

1982 – 1985 Principal Programmer/Analyst, NCR Corp.

PUBLICATIONS

Book chapter

1. Levin, T. E., Irvine, C. E., and Nguyen, T. D., "Least Privilege in Separation Kernels", in E-Business and Telecommunication Networks, J. Filipe and M. S. Obaidat, eds., Vol. 9, Communications in Computer and Information Science, Springer-Verlag, 2008.

Refereed conference papers

1. T. E. Levin, C. E. Irvine, T. V. Benzel, T. D. Nguyen, P. C. Clark, and G. Bhaskara, “Trusted emergency management,” in proc. Engineering Secure Software and Systems (ESSoS) (F. Massacci, S. T. R. Jr., and N. Zannone, eds.), LNCS 5429, (Berlin), pp. 32 – 36, ACM/IEEE, Springer-Verlag, February 2009.

2. Nguyen, T. D. and Irvine, C. E., "Use of Evaluation Criteria in Security Education," 3rd International Conference on Information Warfare and Security (ICIW 2008), Omaha, Nebraska, April 2008, pp. 285-292.

3. Ong, K. L., Nguyen, T. and Irvine, C., "Implementation of a Multilevel Wiki for Cross-Domain Collaboration," 3rd International Conference on Information Warfare and Security (ICIW 2008), Omaha, Nebraska, April 2008, pp. 293-304.

4. Irvine, C. E., Levin, T. E., Clark, P. C., and Nguyen, T. D., "A Security Architecture for Transient Trust, Computer Security Architecture Workshop", Fairfax, VA, October 2008.

5. Huffmire, T., Valamehr, J., Sherwood, T, Kastner, R., Levin, T. E., Nguyen, T. D., and Irvine, C. E., "Trustworthy System Security through 3-D Integrated Hardware," Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2008), Anaheim, CA, June 2008. (Extended Abstract)

6. Chiang, K., Nguyen, T. D., Irvine C. E., "A Linux Implementation of Temporal Access Controls," Proceedings 8th IEEE Systems, Man, and Cybernetics Information Assurance Workshop, West Point, NY, June 2007, pp. 309-316. (Won best paper)

7. DeLong, R. J., Nguyen, T. D., Irvine, C. E. and Levin, T. E., "Toward a Medium-Robustness Separation Kernel Protection Profile," Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, USA, December 2007.

8. Levin, T. E., Irvine, C. E., Weissman, C., Nguyen, T. D., "Analysis of Three Multilevel Security Architectures", Proceedings of the Computer Security Architecture Workshop, ACM, Fairfax, Virginia, USA, November 2007.

9. Huffmire, T., Brotherton, B., Wang, G., Sherwood, T., Kastner, R., Levin, T., Nguyen, T., Irvine, C., "Moats and Drawbridges: An Isolation Primitive for Reconfigurable Hardware Based Systems," Proceedings of the IEEE Symposium on Security and Privacy (Oakland S&P), Oakland, CA, USA, May 2007, pp. 281-295.

10. Nguyen, T. D. and Irvine, C. E., “Ulitizing the Common Criteria for Advanced Student Research Projects,” in IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Rannenberg, K., Yngstrom, L., Lindskog, S., (Boston: Springer), 2006, pp. 317-328.

11. Nguyen, T. D., Levin, T. E., and Irvine, C. E., “High Robustness Requirements in a Common Criteria Protection Profile,” Proceedings of the 4th IEEE International Information Assurance Workshop, Royal Holloway, University of London, UK, April 2006, pp. 66-75.

12. Nguyen, T. D., Irvine, C. E., and Kane, D. R., “Using Common Criteria Methodology to Express Informal Security Requirements,” Proceedings of the International Symposium on Secure Software Engineering, Arlington, VA, March 2006, pp. 75-85.

13. Afinidad, F. B., Levin, T. E., Irvine, C. E., and Nguyen, T. D., “A Model for Temporal Interval Authorizations,” Proceedings of the Hawaii International Conference on System Sciences, Software Technology Track, Information Security Education and Foundational Research, Kauai, Hawaii, January 2006, pp. 218.

14. Levin, T. E., Irvine, C. E., and Nguyen, T. D., “Least Privilege in Separation Kernels,” Proceedings of the International Conference on Security and Cryptography, Setubal, Portugal, August 2006, pp. 355-362.

15. Cone, B. D., Thompson, M. F., Irvine, C. E. and Nguyen, T. D., “Cyber Security Training and Awareness Through Game Play,” in IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, eds. Fischer-Hubner, S., Rannenberg, K., Yngstrom, L., Lindskog, S., (Boston: Springer), 2006, pp. 431-436.

16. Nguyen, T. D., Levin, T. E., and Irvine, C. E., "TCX Project: High Assurance for Secure Embedded Systems", Proceedings of the 11th IEEE Real-Time and Embedded Technology and Applications Symposium Work-In-Progress Session, San Francisco, CA, March 2005, pp. 21-25. (Also published in SIGBED Review, Volume 2, Number 2, April 2005, Special Issue on IEEE RTAS 2005 Work-in-Progress.)

17. Nguyen, T. D., Levin, T. E., and Irvine, C. E., “MYSEA Testbed,” Proceedings of the 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2005, pp. 438-439.

18. Clark, P. C., Irvine, C. E., Levin, T. E., Nguyen, T. D., Shifflett, D. J., Miller, D., “Initial Documentation Requirements for a High Assurance System: Lessons Learned,” Proceedings of the 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2005, pp. 434-435.

19. Afinidad, F. B., Levin, T. E., Irvine, C. E., and Nguyen, T. D., "Foundation for a Time Interval Access Control Model," Proceedings of the Third International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, MMM-ACNS 2005, St. Petersburg, Russia, September 2005. (Also published in Lecture Notes in Computer Science, Springer-Verlag GmbH, Volume 3685 / 2005, pp. 406, ISBN: 3-540-29113-X.)

20. Irvine, C. E., Levin, T. E., Nguyen, T. D., Shifflett, D. J., Khosalim, J., Clark, P. C., Wong, A., Afinidad, F., Bibighaus, D., and Sears, J., "Overview of a High Assurance Architecture for Distributed Multilevel Security," Proceedings of the 2004 IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2004.

21. Irvine, C. E., Levin, T. E., Nguyen, T. D., and Dinolt, G. W., "The Trusted Computing Exemplar Project," Proceedings of the 2004 IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, June 2004, pp. 109-115.

Journal articles

1. Huffmire, T. , Brotherton, B., Sherwood, T., Kastner, R., Levin, T. E., Nguyen, T. D., and Irvine, C. E., "Managing Security in FPGA-Based Embedded Systems", IEEE Design and Test of Computers, Vol 25, No. 6, pp 590-598.

2. Cone, B. D., Irvine, C. E., Thompson, M. F., and Nguyen, T. D., "A Video Game for Cyber Security Training and Awareness," Computers & Security, Vol. 26, Issue 1, pp. 63-72, February 2007.

3. Dodge, C., Irvine, C.E., and Nguyen, T. D., "A Study of Initialization in Linux and OpenBSD," ACM SIGOPS Operating Systems Review, Vol. 39, Issue 2, pp. 79-93, April 2005.

Technical reports

1. Nguyen, T. D., Irvine, C. E. and Levin, T. E., "A Testbed for High Assurance and Dynamic Security," NPS Technical Report NPS-CS-08-010, May 2008.

2. Nguyen, T. D., Khosalim, J., Shifflett, D. J., and Irvine, C. E., “Monterey Security Architecture: STOP OS 7 Migration Analysis,” NPS Technical Report NPS-CS-08-013, July 2008.

3. Levin, T. E., Nguyen, T. D., Clark, P. C., Irvine, C. E, Shifflett, D. J., and Vidas, T. M., “Use of Trusted Software Modules for High Integrity Data Display,” NPS Technical Report NPS-CS-08-012, June 2008.

4. Shifflett, D. J., Clark, P. C., Irvine, C. E., Nguyen, T. D., Vidas, T. M., Levin, T. E., "SecureCore Software Architecture: Trusted Management Layer (TML) Kernel Extension Module Interface Specification," NPS Technical Report NPS-CS-07-021, January 2008.

5. Nguyen, T. D., Irvine, C. E., Levin, T. E., "Initial Review of NC3A XML Guard Draft Security Target," NPS Technical Report NPS-CS-07-011, October 2007.

6. Nguyen, T. D., "Security Requirements Analysis for NC3A XML Guard Security Target," NPS Technical Report NPS-CS-07-019, December 2007.

7. Levin, T. E., Bhaskara, G., Nguyen, T. D., Clark, P. C., Benzel, T. V., and Irvine, C. E., "SecureCore Security Architecture: Authority Mode and Emergency Management," NPS-CS-07-012, Naval Postgraduate School, October 2007.

8. Clark, P. C., Irvine, C. E., Nguyen, T. D., Levin, T. E., Vidas, T. M., Shifflett, D. J., "SecureCore Software Architecture: SecureCore Operating System (SCOS) Functional Specification", NPS-CS-07-018, December 2007.

9. Clark, P. C., Irvine, C. E., Levin, T. E., Nguyen, T. D., Vidas, T. M., "SecureCore Software Architecture: Trusted Path Application (TPA) Requirements," NPS Technical Report NPS-CS-07-001, December 2007.

10. Shifflett, D. J., Clark, P. C., Irvine, C. E., Nguyen, T. D., Vidas, T. M., Levin, T. E., "SecureCore Software Architecture: Trusted Management Layer (TML) Kernel Extension Module Integration Guide," NPS Technical Report NPS-CS-07-022, December 2007.

11. Levin, T. E., Irvine, C. E., Benzel, T. V., Bhaskara, G., Clark, P. C., and Nguyen, T. D., "Design Principles and Guidelines for Security", NPS Technical Report NPS-CS-07-014, Naval Postgraduate School, November 2007.

12. Nguyen, T. D., Levin, T. E., Irvine, C. E., Benzel, T. V. and Bhaskara, G., “Preliminary Security Requirements for SecureCore Hardware,” Naval Postgraduate School Technical Report, NPS-CS-06-01, September 2006.

13. Levin, T.E., Irvine, C. E. and Nguyen, T. D., “An Analysis of Three Kernel-based Multilevel Security Architectures,” Naval Postgraduate School Technical Report, NPS-CS-06-001, August 2006.

14. Bhaskara, G., Levin, T. E., Nguyen, T. D., Benzel, T. V., Irvine, C. E. and Clark, P. C., “Integration of User Specific Hardware for SecureCore Cryptographic Services,” Naval Postgraduate School Technical Report, NPS-CS-06-012, July 2006.

15. Clark, P. C., Irvine, C. E., Levin, T. E. and Nguyen, T. D., “The GIG Information Access Control Policy: An Interpretation, Analysis and Conceptual Design,” Naval Postgraduate School Technical Report, NPS-CS-06-018, June 2006.

16. Clark, P. C., Irvine, C. E., Levin, T. E., Nguyen, T. D., Shifflett, D. J. and Miller, D., “Initial Documentation Requirements for a High Assurance System: Lessons Learned,” Naval Postgraduate School Technical Report, NPS-CS-06-007, February 2006.

17. Benzel, T. V., Irvine C. E., Levin, T. E., Bhaskara, G., Nguyen, T. D., Clark, P. C., “Design Principles for Security,” NPS-CS-05-010, Naval Postgraduate School, Monterey, California, September 2005.

18. Afinidad, F., Irvine, C. E., Nguyen, T. D., and Levin, T. E., “A Time Interval Memory Protection System,” NPS-CS-06-002, Naval Postgraduate School, Monterey, California, November 2005.

19. Irvine, C. E., Nguyen, T. D. and Levin, T. E., “High Assurance Testbed For Multilevel Interoperability 2004 Developments,” NPS Technical Report NPS-CS-05-002, October 2004.

20. Irvine, C. E., Levin, T. E. and Nguyen, T. D., “Trusted Computing Exemplar 2004 Developments,” NPS Technical Report NPS-CS-05-001, October 2004.

21. Levin, T. E., Irvine, C. E. and Nguyen, T. D., “A Least Privilege Model for Static Separation Kernels,” NPS Technical Report NPS-CS-05-003, October 2004.

22. Nguyen, T. D. and Levin, T. E., "Policy Enforced Remote Login," NPS Technical Report NPS-CS-03-004, February 2003.

Refereed conference presentations (not associated with papers above)

1. Nguyen, T. D., Irvine, C. E., Khosalim, J. and Shifflett, D. J., "An Architecture for Multilevel Secure Dynamic Services," The Open Group, Real-Time Embedded Systems Forum, San Diego, CA, February 2009.

2. Irvine, C. E., Nguyen, T. D., Levin, T. E., Clark, P. C., Vidas, T. M., and Shifflett, D. J, “Towards An Open Source Least Privilege Architecture,” The Open Group, Real-Time Embedded Systems Forum, San Francisco, CA, January 2008.

3. Nguyen, T. D., Irvine, C. E., Levin, T. E., and McEvilley, M., "Assurance Considerations for a Highly Robust TOE," Proceedings of the 8th International Common Criteria Conference (ICCC), Rome, Italy, September 2007.

4. Nguyen, T. D., Irvine, C. E., and Harkins, R. M., “An Experiment with CC Version 3.0 Migration,” 7th International Common Criteria Conference (ICCC 06), September 19-21, 2006.

5. Levin, T. E., Irvine, C. E., and Nguyen, T. D., “A Note on High Robustness Requirements for Separation Kernels,” Proceedings of the 6th International Common Criteria Conference 2005, Tokyo, Japan, September 2005, pp. 301-305.

PROFESSIONAL ACTIVITIES

2008 – Present Course Developer, “Applied Information Systems Security Engineering,” Department of Computer Science, Naval Postgraduate School

2007 – Present Co-Author, “Computing Platform Architecture & Security Criteria,” High Assurance Platform program, National Security Agency

2004 – Present Lead Architect, Monterey Security Architecture and MLS Testbed, Naval Postgraduate School

2005 – 2008 Co-Principal Investigator, “Collaborative Research: CT-T: Adaptive Security and Separation in Reconfigurable Hardware,” National Science Foundation

2004 – 2007 Co-Author, “U.S. Government Protection Profile for Separation Kernels in Environments Requiring High Robustness,” National Security Agency

2007 Course Developer and Instructor, “Application of Security Evaluation Criteria for Information and Software Assurance,” Department of Computer Science, Naval Postgraduate School

2004 – 2006 Co-Instructor, “Advance Topics in Computer Security,” Department of Computer Science, Naval Postgraduate School

1995 – 2000 NSA-Certified Vendor Security Analyst for TCSEC Class A1 Gemini Trusted Network Processor, Gemini Computers, Inc.

ADVISORY ACTIVITIES

Ph. D. Dissertation Committee Member

2005 Francis Afinidad

Master’s Thesis Co-Advisor

2008 Claire LaVelle, Thomas Tenhunen

2007 Kar Leong Ong, Andrew Portner, Brian Wiese

2006 Jeremiah Bradney, Ken Chiang, Melissa Egan, Patrick Whitehorn

2005 Sonia Bui, Robert Cooper, John Horn, Douglas Kane, James Lysinger, Lily Tse

2004 Trevor Baumgarten, Catherine Dodge, Christopher Herbig, Matthew Phillips, Joseph Sears

2003 Matthew O’Neal

DISCLAIMER

Material contained herein is made available for the purpose of peer review and discussion and does not necessarily reflect the views of the Department of the Navy or the Department of Defense.

The appearance of external hyperlinks does not constitute endorsement by the United States Department of Defense, the United States Department of the Navy and the Naval Postgraduate School of the linked web sites, or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation (MWR) sites, the United States Department of Defense, the Department of the Navy and the Naval Postgraduate School does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD Web site.