An Interview with Carl E. Landwehr, interview by Jeffrey R. Yost, 21 April 2014, Computer Security History Project, Center for the History of Information Technology, Charles Babbage Institute, University of Minnesota, Minneapolis.
Computer security pioneer Carl Landwehr discusses his educational training (Ph.D. University of Michigan), his research as computer scientist/supervisory computer scientist at the Naval Research Laboratory in the second half of the 1970s, 1980s and 1990s, and subsequent work as a research program officer for computer security at the National Science Foundation (over two separate tenures) and IARPA (where he served as a Division Chief). Among the topics discussed are the Secure Military Message System Project, survey work analyzing early security models, his work on application-based security models, and the role of federal research programs in advancing the field of computer security.
Yost: My name is Jeffrey Yost from the Charles Babbage Institute at the University of Minnesota, and I’m here to day on April 21, 2014 with Carl Landwehr in McLean, Virginia. This is for CBI’s NSF-sponsored project, Building an Infrastructure for Computer Security History. Carl, can you begin by just giving me a little biographical information, when and where you were born?
Landwehr: I was born in Evanston, Illinois, on September 3, 1946. I spent the first six or seven years of my life in Northbook, Illinois, where my father had grown up. We moved to Elmhurst in 1953 and I continued to live there until I went away to college and started a career.
Yost: How did you decide to go to Yale University and when you first went there, had you already set on studying engineering and applied mathematics or did that come later?
Landwehr: I went there because my brother was already there and I had a couple of cousins there. I actually interviewed a lot of places, some other places, and might’ve gone elsewhere but in the end, I think, my father considered it simpler for us to be in the same place on the same schedule, and so that’s how I wound up there.
Landwehr: . . . So I think I started out in the engineering program but engineering at Yale — Yale has had a mixed history with science, in a way, and at the time, engineering was no longer a school it was a department. It was Engineering and Applied Science, and so the curriculum was pretty science oriented. But they did have a professor who was very influential, I’d say, on several of us there, named Bob Rosin, who was a graduate of MIT and Michigan, actually, the Communication Sciences program at Michigan. And he taught undergraduate computing courses. It wasn’t, I guess, the first programming course I had but maybe the second, and I basically took as many courses as I could find that were computing related. But there was no computer science department at that time at Yale, They made an effort to recruit some computer scientists, but I think they didn’t offer enough; they felt that it was sufficient that they were coming to Yale, they didn’t offer a lot else. So no department got created until later when they finally recruited Alan Perlis and started a computer science program. But Bob Rosin was a strong influence and we did a lot of work at the computing center there.
Yost: Do you recall what systems you used there?
Landwehr: Yes, I actually have a core plane from an old [IBM] 709. They were replacing a 709 with a [IBM] 7094, and they had a, was it [IBM] 7040, [IBM] 7090 direct coupled system, which had batch programming and these giant disks you could watch move, and it was a lot of fun there. And I had friends in the engineering program. One I went to high school with, Dean Kloker, also was with that program; he is now in Minneapolis. So we enjoyed that a lot and I think partly because of Bob Rosin’s influence, I was interested in the program at Michigan, which at that time was not actually a computer science program. It was called communication sciences. Michigan had a very fragmented computing situation at the time. There was computing at a number of different places. In the electrical engineering department there was some; in the industrial engineering department was where most of the graphics was going on; there was the computing center, which developed the Michigan Time-sharing System [Michigan Terminal System], and that interested me. Anyway, the program itself was an interdisciplinary program, which included electrical engineering aspects. It was about information processing, really, in all kinds of systems, so it included information processing in human systems, so biological systems. We had some introductory courses in psychology, and in linguistics, and philosophy. It was a fascinating program to be part of but it also was described by some as a mile wide and an inch deep; you had to specialize when you were going to do the dissertation research after you did this. This was a program that was the child of; I think the creation, really, of John Holland. And Art Burks was there at the time, also.
Yost: Bernie Galler?
Landwehr: Yes, Bernie Galler.
Yost: Bernie was a good friend of our institute and a personal friend. I worked with him on a software history project funded by NSF.
Landwehr: Yes indeed, Bernie was very interested in history. His passing was a blow. Bernie was a very popular professor, and he and Bruce Arden were actually chairs of my dissertation committee. But in fact, my dissertation really was about numerical simulations of queuing theory and so I worked actually with Ralph Disney, who was in the industrial engineering department; queuing guy. So what I ended up doing in grad school was working for the MERIT Computer Network. I think Michigan wasn’t willing to pony up the money for an ARPANET IMP, and so they were going to build their own, and they did. That gave me an opportunity to participate in developing an operating system for a packet processing machine, set up with a number of people. I worked at the computing center doing that and my dissertation was partly motivated by that.
Yost: Can you expand a little bit on what specifically you worked on with MERIT?
Landwehr: So MERIT produced a communications device which was designed to sit in front of each host system. There were three host systems: Wayne State, University of Michigan, and Michigan State. They all had, let’s see; Michigan State, I think had Control Data equipment. Michigan had IBM equipment. Michigan State I think also had IBM equipment but Michigan was running MTS and I think Wayne was running — I’m not 100 percent sure what Wayne was running. Anyway, the idea was that this device; there was a packet switching device called a Communications Computer (CC) that sat in front of each one and then there was some—
Yost: So the equivalent of the IMPs with ARPANET?
Landwehr: Yes, the equivalent of that. And so there was development of the operating system for the CC; I don’t know if I generated code for that, but we had designed and discussed it. In fact we decided to use semaphores. Someone else decided that [Brian Read and Al Cocanower, probably], it wasn’t my decision. So then we built everything around that sort of coordination structure. But the part I worked on was primarily; there was a piece of software, a device support routine, which in MTS talked to that device. And so I wrote the code for that; both the main code on that host [MTS] side and also on the MERIT Communications Computer [CC] side. I had to write the code on both sides of that interface.
Yost: I don’t suppose there was discussion of computer security issues with that network?
Landwehr: Security was actually an issue in the air around there, and at that time, of course, to debug the operating system and so on, I mean, there was one computing system for the campus. And so virtual machines were used, in fact that was really — from my perspective at the time anyway — why they were created. It was so that you could debug the operating system without taking the system over and running it by yourself. Michigan had a very well-developed accounting system for rationing time and students had rations of time they could use on courses, and so occasionally students would try to get extra resources one way or another, and sometimes people would play games. So there were definitely thoughts about security, and in the context of MERIT [pause]
Yost: So that was with the Michigan Terminal System?
Landwehr: Yes, that was with MTS. In the context of MERIT, I don’t remember explicit security discussions,
Yost: And what year did you start in the Michigan computer center?
Landwehr: I started Michigan in the fall of 1968 and left in the fall of 1974. So, I didn’t start working for MERIT until, I think; let’s see, the first summer I spent actually at Lawrence Livermore Lab, the summer of 1969, and then the summer of 1970 I think I started working for MERIT. It was either work for MERIT or to take a job with the tennis coach teaching tennis in Ohio someplace.
Yost: And in 1969, for Livermore, was that a programming position?
Landwehr: . . . I spent the summer there working with Control Data equipment at Livermore. They were, I think, just getting a CDC 7600 in and they had a lot of CDC 6600s. What was interesting there was it seemed very backwards, compared to Michigan. They had these amazing online card punches that would suck in an entire box of cards in a matter of seconds. But they needed them because they didn’t have enough storage to store their files overnight, so at the end of the day, they would punch out their cards and then in the morning they would read them in. Actually, that’s what I ended up doing there: support for the online card punch.
Yost: You completed your dissertation the summer of 1974, and it was entitled “Load Sharing in Computer Networks: A Queuing Model.” Can you describe that dissertation?
Landwehr: I suspect that you can count the number of people who’ve actually read that dissertation on the fingers of two hands, at most, [Laughs.] It built on work of other Michigan grad students who had developed queuing models. Kip Moore had developed queuing models primarily for optimizing paging drums, as I remember, on the system and other people built on that. Vic Wallace had developed some numerical analysis software. The issue at that time — this is before the famous queuing papers from Baskett, Chandy, Muntz and Palacios about how to compose queues, if you put a lot of constraints on them. The proclaimed reason for these computing efforts, including the ARPANET was to share these expensive computers that weren’t located in too many places, so the idea was you’re going to do load sharing. So I was trying to do that modeling, and also at that time, time-sharing was beginning to take over from batch, but the load sharing really meant, you know, people thought well, I’ll send a batch job over there and have it done. So I created a model where there was both a time-sharing queuing component and a batch sharing queuing component for a network of only three systems, which is what MERIT had, and then try to model the queuing behavior of that. I did publish one paper out of that, eventually, with Erol Gelenbe who was on the committee as well, was still around and working. So it was for me, a challenging thing to do, and I was happy to find another area to explore afterwards, I guess is the right way to put it. In working on MERIT, it was interesting because I learned a lot about how networking was going to work.
Yost: Can you talk a little bit about your mentors on that project?
Landwehr: As I had mentioned already, I think Ralph Disney was probably the primary one from the standpoint of the queuing theory and the numerical analysis of queues. And Bernie Galler was a steadfast advisor; and Bruce Arden helped out, but Bruce at that time took a sabbatical in France for a year, maybe even longer, at Grenoble and so he was absent for a fair chunk of the work. Al Cocanower, who was full time on the MERIT project, also served on the committee and advised me. So a lot of it I can remember trying to work out various stochastic formulas for that stuff and, you know, the idea of being able to measure the system and measure the performance seemed to me, and still seems to me, that that’s an important thing to be able to do. Other people have been more successful at queuing theory than I was.