[e-lang] Foundation papers about distributed application security
Mark S. Miller
markm at caplet.com
Sat Apr 3 13:39:55 EST 2004
At 10:00 AM 4/3/2004 Saturday, David Chizmadia \(JHU\) wrote:
>Hi all,
>
> I'm developing a university graduate level course (for JHU's
>Spring 2005 term) called "Principles and Patterns for Securing
>Distributed Applications".
I suggest that you might want to call this "Principles and Patterns for
building (or architecting / designing / whatever) Secure Distributed
Applications". The phrase "Securing Distributed Applications" suggests the
misreading that corresponds too painfully to most people's mispractice -- of
trying to add security after the fact to something conceived of without
having already taken security into account.
In any case, as you may know from Shap, I expect to be physically present at
JHU during that time. If you'd like to use E as a teaching language for that
course, I'd could help.
> My own background tends toward the TCSEC/TNI/CC and
>CORBAsecurity communities, but I recognize that they are only
>small - and probably pedagogically weak - sources of information on
>securing distributed applications.
I suggest that their weaknesses are more than just pedagogical. ;)
>So I would like to ask for your
>help in expanding both my personal horizons and my candidate
>compilation by soliciting people's lists of the "Top 10 (or
>whatever)" papers, articles, webpages, books (or book chapters) that
>helped them learn how to design effective and secure distributed
>applications. I'll develop and maintain a webpage that archives the
>original lists that I receive - as well as the evolving list of
>documents that will be incorporated into the compilation - so that
>everyone can benefit.
My extremely parochial two cents:
Dennis and van Horn
http://citeseer.nj.nec.com/dennis65programming.html
Not about distributed systems or security per se, but
it's good to start with the basics.
Everything by the MIT Actors group during the '70s and early '80s. (Some of
the most important may be hard to get.)
http://timeline.lcs.mit.edu/tlcat.adp?gn=Message%20Passing%20Semantics&type=g
Much of this is not about security per se, but about conceiving of a general
model of distributed computation that's "naturally" secure.
"Language Design and Open Systems" by Ken Kahn and myself
Jed Donnelley's distributed cap protocol paper: http://www.nersc.gov/~jed/papers/DCCS/
The Confused Deputy
http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
Digital Silk Road
http://www.agorics.com/Library/dsr.html
The Ode, of course
http://www.erights.org/elib/capability/ode/index.html
Szabo's opus on Smart Contracts:
http://szabo.best.vwh.net/formalize.html
Paradigm Regained
http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the e-lang
mailing list