Charles Payne, Jr.

Research & Engineering

High Assurance Computing, Policy Management and Definition, Formal Methods


Charlie Payne has over thirty years’ experience performing computer security research at industry and government laboratories. He is currently the technical lead of development teams producing cybersecurity analysis tools supporting the US Army’s Model-Based Systems Engineering (MBSE) activity for future mission systems. These tools reduce the cost and effort to qualify systems against US Department of Defense (DoD) cybersecurity standards, including the Risk Management Framework (DoDI 8510.01) and Cross Domain Policy (DoDI 8540.01).

Since joining Adventium (now Galois) in 2004, Charlie has also supported multi-company teams investigating the design and validation of secure, survivable distributed systems (DARPA), streamlined policy management for distributed enforcement technologies (DHS), investigated the prevention and detection of insider threat (DARPA), developed high assurance architectures for virtualized cross domain transfer solutions (OSD/Navy), and developed the policy architecture for Galois’s Magrana virtualization server, a cross domain access solution (AFRL).

Charlie was a Principal Computer Scientist at Secure Computing Corporation for eight years. His accomplishments include developing policy management technology for the EAL4-rated 3Com Embedded Firewall, investigating a framework for secure product release (DARPA), investigating the synergy of workflow with role-based access control (NIST), and various studies in trustworthy operating systems, security policy composition and secure system design.

Before that, Charlie worked eight years in the Center for High Assurance Computer Systems at the US Naval Research Laboratory in Washington, DC, where he led the TCSEC B3 evaluation of the formal security policy model for a NATO Command and Control Information System (CCIS) and researched improved assurance methods for secure systems, such as improved modeling techniques and strategies for constructing and presenting assurance arguments for system certifiers.

Charlie is Senior Fellow with the Applied Computer Security Associates, is past conference chair and past program chair for the Annual Computer Security Applications Conference (ACSAC), and has published over thirty conference papers and technical reports.

He holds an M.S. in Computer Science and a B.A. in Government from the College of William and Mary.