[E-Lang] Split Capabilities Paper

Karp, Alan alan_karp@hp.com
Tue, 29 May 2001 17:51:57 -0700 

I have prepared a paper on split capabilities as used in e-speak Beta 2.2 in
response to the following call for papers.  I'd appreciate comments, and
help with the citations in particular, from anyone willing to read the
paper.  The draft is available at

	http://www.hpl.hp.com/personal/Alan_Karp/publications/keyslocks.pdf

_________________________
Alan Karp
Principal Scientist
Decision Technology Department
Hewlett-Packard Laboratories MS 1U-3
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-6278
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp/
 


Date: Mon, 7 May 2001 01:23:09 -0600 (MDT)
From: James Whittaker <jw@se.fit.edu>
To: "'seworld@cs.colorado.edu'" <seworld@cs.colorado.edu>
Subject: (SEWORLD) Call for papers for IEEE SOFTWARE special issue on
software secur ity
Sender: owner-seworld@cs.colorado.edu
Precedence: bulk
X-UIDL: CU2e9ZKJe9mp0e9G~(e9
X-Status: 

Call for Articles and Reviewers


Software Security: Building Systems Securely from the Ground Up

Publication: January/February 2002
Submission deadline: 31 July 2001


Fragile and insecure software continues to be a major threat to a society
increasingly reliant on complex software systems. The premise of this
special issue is that most security breaches in practice are made possible
by software flaws. We believe engineering secure and robust software systems
can break the penetrate-and-patch cycle of software releases all too common
today. A constructive exchange on this topic among software practitioners
and researchers is the focus of this special issue.

Specifically, our goal is to encourage a deeper, more fully integrated
understanding of how security concerns should influence all aspects of
software design, implementation, testing, and support. A notorious example
is the buffer overflow problem. Known for decades and very troublesome in
networked systems, it continues to be introduced into new software at an
alarming rate, due in part to software development habits that trace back to
isolated systems where such flaws had few security implications. 

An important aspect of this discussion is how to balance security with the
many other characteristics of a good software system. Finally, software
designers in a networked world cannot pretend to be working in isolation.
People are a critical part of the full software security equation, and
software that makes unrealistic or unreasonable security-related demands on
users (for example, requiring them to memorize too many passwords that
change too often) will inevitably fail to keep its data secure. Articles
that address the issues of how to design software that works with and
directly supports the need for such social engineering issues are also
encouraged.

Topics of interest include:

	-	Case studies that help quantify common security risks
	-	Security implications of programming languages and
development tools
	-	Techniques for balancing security with other design goals
	-	Extracting security requirements from software projects
	-	Design for security
	-	Developing secure applications
	-	Aspect-oriented programming for security
	-	Analyzing programs for vulnerabilities
	-	Testing for vulnerabilities
	-	Secure configuration and maintenance
	-	Developing trusted environments for running untrusted mobile
code
	-	Secure mobile code programming paradigms
	-	Analyzing unknown software for malicious logic
	-	Intrusion-tolerant software architectures
	-	Software application-based intrusion detection
	-	Models and techniques for quantifying tradeoffs in adding
security concerns during development

Articles must not exceed 5,400 words including figures and tables, which
count for 200 words each. Submissions in excess of these limits may be
rejected without refereeing. The articles we deem within the theme's scope
will be peer-reviewed and are subject to editing for magazine style,
clarity, and space. We reserve the right to edit the title of all
submissions. Be sure to include the name of the theme for which you are
submitting. Please contact any of the special issue guest editors for more
information about the focus or to discuss a potential submission; please
contact IEEE Software (software@computer.org) for author guidelines and
submission details.

Guest Editors:

Anup K. Ghosh
Director of Security Research, Cigital
phone +1 703 404-9293
anup.ghosh@computer.org

Chuck Howell
Chief Engineer, Joint and Defense-Wide Systems Division, MITRE Corp.
phone +1 703 883-7615
howell@mitre.org


James Whittaker
Associate Professor of Computer Science, Florida Institute of Technology
phone +1 321-674-7638
jw@se.fit.edu



===========================================================================
To contribute to seworld, send your message to seworld@cs.colorado.edu

http://www.cs.colorado.edu/serl/seworld provides more information on
seworld as well as a complete archive of the messages sent to seworld.

Requests to be added to or removed from seworld should go to
majordomo@cs.colorado.edu

  to subscribe send (in the body of the message)
     subscribe seworld <desired e-mail address>

  to unsubscribe send (in the body of the message)
     unsubscribe seworld <registered e-mail address>
===========================================================================
------- End of forwarded message -------