Prof. Ravi Sandhu

University of Texas at San Antonio

Title: What technologists should learn from the history of cyber security


Ravi Sandhu is Professor of Computer Science, Executive Director of the Institute for Cyber Security and Lead PI of the NSF Center for Security and Privacy Enhanced Cloud Computing at the University of Texas at San Antonio, where he holds the Lutcher Brown Endowed Chair in Cyber Security.  Previously he served on the faculty at George Mason University (1989-2007) and Ohio State University (1982-1989). He holds BTech and MTech degrees from IIT Bombay and Delhi, and MS and PhD degrees from Rutgers University.  He is a Fellow of IEEE, ACM, AAAS and the National Academy of Inventors. He has received numerous awards from IEEE, ACM, NSA, NIST and IFIP, including the 2018 IEEE Innovation in Societal Infrastructure award for seminal work on role-based access control (RBAC).  A prolific and highly cited author, his research has been funded by NSF, NSA, NIST, DARPA, AFOSR, ONR, AFRL, ARO and private industry.  His seminal papers on role-based access control established it as the dominant form of access control in practical systems.  His numerous other models and mechanisms have also had considerable real-world impact.  He served as Editor-in-Chief of the IEEE Transactions on Dependable and Secure Computing, and previously as founding Editor-in-Chief of ACM Transactions on Information and System Security.  He was Chairman of ACM SIGSAC, and founded the ACM Conference on Computer and Communications Security, the ACM Symposium on Access Control Models and Technologies and the ACM Conference on Data and Application Security and Privacy.  He has served as General Chair, Steering Committee Chair, Program Chair and Committee Member for numerous security conferences.  He has consulted for leading industry and government organizations, and has lectured all over the world.  He is an inventor on 31 security technology patents and has accumulated over 45,000 Google Scholar citations for his papers.  At UTSA his team seeks to pursue world-leading research in both the scientific foundations of cyber security and their applications in diverse 21st century cyber technology domains, including cloud computing, internet of things, autonomous vehicles, big data and blockchain.  Particular focus is on foundations and technology of attribute-based access control (ABAC) as a successor to RBAC in these contexts, and on converegnce of access control concepts to solve real-world challenges. His web site is at


This talk will present a personal perspective on some important lessons that cyber security technologists should learn from the roughly half century of this discipline’s history. We will discuss an eclectic collection of significant developments and propose some principles that can be derived from these. We will conclude with some speculations about the future of cyber security.