New York, NY, November 8, 2006 - ACM's Special Interest Group on Security, Audit and Control (SIGSAC) has awarded its top honors to Dr. Michael Schroeder of Microsoft Research and Dr. Eugene Spafford of Purdue University for their contributions to advancing and understanding the use of computer security technologies. Schroeder was presented with the SIGSAC Outstanding Innovation Award for his research, which has been implemented in industry practices and continues to shape the direction of security. Spafford was given the SIGSAC Outstanding Contributions Award for his role in influencing national cyberseccurity policy, education, and research.

Schroeder is co-inventor of the Needham-Schroeder authentication protocol, which has become the basis for industry standards, and is widely used in today's commercial security products. This standard protocol provides mutual authentication between two parties communicating over an insecure network. As a professor at MIT, he was involved in the design of Multics, the Multiplexed Information and Computing Service, a mainframe timesharing operating system begun in 1965. His publications on protection mechanisms and authentication are among the world's most widely cited sources. Schroeder also helped design and build the Grapevine distributed email system, the Cedar distributed file system, the Topaz distributed operating system, and the Pachyderm web-based email system.

The assistant director at Microsoft Research Silicon Valley since its inception in 2001, Schroeder was a faculty member at MIT, and conducted research at the Xerox PARC Computer Science Lab as well as the Digital/Compaq Systems Research Center. He was named an ACM Fellow in 2004. He received a BS from Washington State University, and an MS, EE, and PhD in Computer Science from MIT.

Spafford established the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, one of the first successful security education and research facilities in the world. His research is focused on the prevention, detection, and remediation of information system failures and misuse. He has represented the security community on several national panels responsible for establishing the nation's cybersecurity policy. His most recent appointment was the President's Information Technology Advisory Committee (PITAC) in 2003-2005. Spafford serves as Chairman of ACM's U.S. Public Policy Committee (USACM) and chaired the Computing Research Association Grand Challenges Conference in 2003, which called for eliminating epidemic-style attacks from viruses, worms, and email spam within 10 years.

A professor of computer science and electrical and computer engineering at Purdue University, Spafford has served on the faculty since 1987. The Executive Director of CERIAS, he was named an ACM Fellow in 1998. He received a BA degree from the State University College at Brockport, and an MS and PhD from Georgia Institute of Technology.

The awards, which carry a $1,000 prize, were presented at the Computer and Communications Security Conference in Alexandria, VA Oct. 30-Nov.3, 2006.

About ACM
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world's computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.

About SIGSAC
SIGSAC, the ACM Special Interest Group on Security, Audit and Control http://www.acm.org/sigs/sigsac/ sponsors research conferences and workshops on security technologies, systems, applications, and policies. Technology topics include access control, assurance, authentication, cryptography, intrusion detection, penetration techniques, risk analysis, and secure protocols. These technologies apply to operating systems, database systems, networks and distributed systems, and middleware. Applications for these systems are critical to the operation of information and workflow systems, electronic cash and commerce, copyright and intellectual property protection, telecommunications systems, and healthcare. These applications provide confidentiality, integrity, availability, privacy, and survivability policies that benefit science, business and society.