[e-lang] Foundation papers about distributed application security

Mark S. Miller markm at caplet.com
Sat Apr 3 13:39:55 EST 2004


At 10:00 AM 4/3/2004  Saturday, David Chizmadia \(JHU\) wrote:

>Hi all,
>
>    I'm developing a university graduate level course (for JHU's
>Spring 2005 term) called "Principles and Patterns for Securing
>Distributed Applications".

I suggest that you might want to call this "Principles and Patterns for 
building (or architecting / designing / whatever) Secure Distributed 
Applications". The phrase "Securing Distributed Applications" suggests the 
misreading that corresponds too painfully to most people's mispractice -- of 
trying to add security after the fact to something conceived of without 
having already taken security into account.

In any case, as you may know from Shap, I expect to be physically present at 
JHU during that time. If you'd like to use E as a teaching language for that 
course, I'd could help.


>    My own background tends toward the TCSEC/TNI/CC and
>CORBAsecurity communities, but I recognize that they are only
>small - and probably pedagogically weak - sources of information on
>securing distributed applications. 

I suggest that their weaknesses are more than just pedagogical. ;)


>So I would like to ask for your
>help in expanding both my personal horizons and my candidate
>compilation by soliciting people's lists of the "Top 10 (or
>whatever)" papers, articles, webpages, books (or book chapters) that
>helped them learn how to design effective and secure distributed
>applications. I'll develop and maintain a webpage that archives the
>original lists that I receive - as well as the evolving list of
>documents that will be incorporated into the compilation - so that
>everyone can benefit.

My extremely parochial two cents:


Dennis and van Horn 
http://citeseer.nj.nec.com/dennis65programming.html
Not about distributed systems or security per se, but 
it's good to start with the basics.

Everything by the MIT Actors group during the '70s and early '80s. (Some of 
the most important may be hard to get.) 
http://timeline.lcs.mit.edu/tlcat.adp?gn=Message%20Passing%20Semantics&type=g
Much of this is not about security per se, but about conceiving of a general 
model of distributed computation that's "naturally" secure.

"Language Design and Open Systems" by Ken Kahn and myself

Jed Donnelley's distributed cap protocol paper: http://www.nersc.gov/~jed/papers/DCCS/

The Confused Deputy
http://www.cap-lore.com/CapTheory/ConfusedDeputy.html

Digital Silk Road
http://www.agorics.com/Library/dsr.html

The Ode, of course
http://www.erights.org/elib/capability/ode/index.html

Szabo's opus on Smart Contracts:
http://szabo.best.vwh.net/formalize.html

Paradigm Regained
http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html


-- 
Text by me above is hereby placed in the public domain

        Cheers,
        --MarkM



More information about the e-lang mailing list