Reflections on systems trustworthiness

Abstract We examine here a range of concerns relating to computer systems and networks, with particular attention to difficulties in system development, and the resulting vulnerabilities, threats, and risks. We examine some approaches that might achieve dramatic improvements in the ability to develop, operate, and use trustworthy systems. The problems and their solutions typically require a combination of technology and social policy.

[1]  Jonathan M. Ford,et al.  Modular Certification , 2002 .

[2]  Lawrence Robinson,et al.  Proof techniques for hierarchically structured programs , 1977, CACM.

[3]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[4]  Ajay Chander,et al.  Reconstructing Trust Management , 2004, J. Comput. Secur..

[5]  RICHARD J. FEIERTAG,et al.  The foundations of a provably secure operating system (PSOS) , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[6]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[7]  Peter G. Neumann,et al.  PSOS revisited , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[8]  Elliott I. Organick,et al.  The multics system: an examination of its structure , 1972 .

[9]  Peter G. Neumann Illustrative risks to the public in the use of computer systems and related technology , 1992, SOEN.

[10]  Eugene H. Spafford,et al.  Crisis and aftermath , 1989, Commun. ACM.

[11]  Hermann Kopetz Composability in the Time–Triggered Architecture , 2000 .

[12]  Vitaly Shmatikov,et al.  Unifying Equivalence-Based Definitions of Protocol Security , 2004 .

[13]  Frank S. de Boer,et al.  Formal Methods for Components and Objects, 4th International Symposium, FMCO 2005, Amsterdam, The Netherlands, November 1-4, 2005, Revised Lectures , 2006, FMCO.

[14]  Amir Pnueli,et al.  VOC: A Translation Validator for Optimizing Compilers , 2002, COCV@ETAPS.

[15]  Martín Abadi,et al.  A core calculus of dependency , 1999, POPL '99.

[16]  D. Chaum Secret-Ballot Receipts and Transparent Integrity , 2002 .

[17]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[18]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[19]  Virgil D. Gligor,et al.  Application-Oriented Security Policies and Their Composition (Position Paper) , 1998, Security Protocols Workshop.

[20]  Steffen Becker,et al.  Performance Prediction of Component-Based Systems A Survey from an Engineering Perspective , 2006 .

[21]  Senator,et al.  The ThreeBallot Voting System , 2006 .

[22]  Eugene H. Spafford,et al.  The internet worm: crisis and aftermath , 1989 .

[23]  Henry Petroski,et al.  To Engineer Is Human: The Role of Failure in Successful Design , 1986 .

[24]  Michael Alan Smith,et al.  Portals: toward an application framework for interoperability , 2004, CACM.

[25]  C. Andrew Neff,et al.  Ballot Casting Assurance , 2006, EVT.

[26]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[27]  Edsger W. Dijkstra,et al.  The structure of the “THE”-multiprogramming system , 1968, CACM.

[28]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[29]  F. J. Corbató,et al.  Multics: the first seven years , 1972, AFIPS '72 (Spring).

[30]  Ralf Reussner,et al.  Architecting Systems with Trustworthy Components, International Seminar, Dagstuhl Castle, Germany, December 12-17, 2004. Revised Selected Papers , 2006, Architecting Systems with Trustworthy Components.

[31]  P. Neumann Holistic Systems , 2006 .

[32]  Peter G. Neumann The role of motherhood in the pop art of system programming , 1969, SOSP '69.

[33]  C. Andrew Neff,et al.  A verifiable secret shuffle and its application to e-voting , 2001, CCS '01.

[34]  Peter G. Neumann,et al.  Principled assuredly trustworthy composable architectures , 2003 .

[35]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[36]  Virgil D. Gligor,et al.  Application-oriented security policies and their composition. Discussion. Author's reply , 1999 .

[37]  Rein Turn Advances in Computer System Security , 1988 .

[38]  Leslie Lamport,et al.  Artificial Intelligence and Language Processing ]acques Cohen Editor a Simple Approach to Specifying Concurrent Systems , 2022 .

[39]  Eric C. Rosen Vulnerabilities of network control protocols: an example , 1981, SOEN.

[40]  F. J. Corbató,et al.  On building systems that will fail , 1991, CACM.

[41]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[42]  C RosenEric Vulnerabilities of network control protocols , 1981 .

[43]  Rebecca T. Mercuri,et al.  Electronic vote tabulation checks and balances , 2001 .

[44]  Peter G. Neumann,et al.  Computer-related risks , 1994 .

[45]  Jon A. Rochlis,et al.  With microscope and tweezers: the worm from MIT's perspective , 1989, Commun. ACM.

[46]  David F. Ferraiolo,et al.  On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[47]  Dirk Krafzig,et al.  Enterprise SOA: Service-Oriented Architecture Best Practices , 2004 .

[48]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[49]  Josh Benaloh,et al.  Simple Verifiable Elections , 2006, EVT.

[50]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[51]  Heiko Mantel,et al.  On the composition of secure systems , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[52]  Peter G. Neumann,et al.  Practical Architectures for Survivable Systems and Networks , 1999 .