People of ACM - Elisa Bertino

May 7, 2019

You earned your PhD in Computer Science from the University of Pisa in 1980. What prompted you to pursue a degree in computing and what was the climate like for women at the time?

I have always been interested in sciences and especially in mathematics. However, when I was in high school, computer science was an emerging area with lot of job opportunities. This was the main motivation for me to choose computing as my research area. Of course, once I started studying computing, I became fascinated by this area (especially the theoretical aspects of it, such as computability theory). The climate at that time was good for women and there were many women enrolling in CS degrees. The reason for such high numbers is that in many Italian universities, CS degrees started as “spinoffs” from mathematics degrees. In Italy at the time, there were lot of women students enrolled in mathematics, and thus enrolling in CS was not “scaring” women away.

After co-authoring the 2001 paper, “TRBAC: A Temporal Role-based Access Control Model,” you continued your work in access control by co-authoring the 2007 paper, “GEO-RBAC: A Spatially Aware RBAC.” Both of these papers were written before mobile computing was a dominant paradigm. How will the global phenomena of mobile computing and Internet of Things impact the access control field going forward?

Mobile computing and IoT will enhance access control technologies by allowing one to more easily obtain detailed context information and use it to better regulate who can access a system based on these specific contextual details. The use of this information combined with the use of data analytics will allow one to avoid both permission over-provisioning (too much access) and permission under-provisioning (overly restricted access). On the other hand, there will be challenges related to ensuring that the context information is trustworthy.

You are known as someone who has published in a broad range of areas including context-based access control; digital identity management; data integrity; IoT and sensor network security; secure and privacy-preserving provenance; privacy-preserving analytics; protection from insider threats; and cloud security. What are the benefits of taking a broad approach to research?

Taking a broad approach to research helps a lot when it comes to designing innovative approaches. Sometimes, an approach used in one area when applied to a problem in another area results in a very novel approach. For example, early in my career I worked on query optimization for multimedia documents. Then I used ideas from this work for designing an efficient approach for privacy-preserving record linkage protocols.

With Danfeng Yao, you co-founded the Workshop for Women in Cybersecurity (CyberW) that is held annually at the ACM CCS conference. Why do you think the gender imbalance problem is especially pronounced in the cybersecurity field, and how can the community most effectively address it?

I think that sometimes cybersecurity has the connotation of “hacking systems,” and this may not resonate well with women. However, this is far from reality. Cybersecurity is a very broad field with many different aspects and which requires multidisciplinary research, including psychology, sociology, linguistics, communications, economics, mathematics, and physics, just to name a few. Involving more women in multidisciplinary cybersecurity research would help.

Elisa Bertino is a Professor of Computer Science at Purdue University, where she also heads the Cyber Space Security Lab. While Bertino’s research interests cover many areas in information security and database systems, her most high-profile contributions center around developing technologies that allow people to access secure systems based on factors including their role, time of day, and location. She has held positions in industry—including at the IBM Almaden Research Center—and in academia, most notably at the University of Milan.

Bertino is a Fellow of ACM, IEEE and AAAS, and has received several awards and honors, including the IEEE Computer Society Technical Achievement Award, the Tsutomu Kanai Award, and the ACM SIGSAC Outstanding Contributions Award. Bertino was named the 2019-2020 ACM Athena Lecturer for pioneering and impactful contributions to data management, security, and privacy, along with outstanding contributions to broadening participation in computing via professional leadership and mentoring.