[e-lang] Foundation papers about distributed application security

Sun Apr 4 05:48:19 EDT 2004

Hi,

I want to present one paper by our colleagues at SICS/KTH, that you  
might maybe not consider "foundational" but it  gives a good account of  
the possible attack scenarios in distributed systems, and provides the  
way to make any language (transparently) distributed in such a way that  
it respects capability-security. (assuming the non-distributed version  
of the language is capability secure)

The Distribution SubSystem (DSS)  described will be used in one of the  
next versions Mozart (the implementation of the language "Oz"),  
replacing the current built-in distribution system.

http://www.sics.se/pepito/D4.4/d44_report.pdf

Fred.

On 03 Apr 2004, at 10:39, Mark S. Miller wrote:

> At 10:00 AM 4/3/2004  Saturday, David Chizmadia \(JHU\) wrote:
>
>> Hi all,
>>
>>    I'm developing a university graduate level course (for JHU's
>> Spring 2005 term) called "Principles and Patterns for Securing
>> Distributed Applications".
>
> I suggest that you might want to call this "Principles and Patterns for
> building (or architecting / designing / whatever) Secure Distributed
> Applications". The phrase "Securing Distributed Applications" suggests  
> the
> misreading that corresponds too painfully to most people's mispractice  
> -- of
> trying to add security after the fact to something conceived of without
> having already taken security into account.
>
> In any case, as you may know from Shap, I expect to be physically  
> present at
> JHU during that time. If you'd like to use E as a teaching language  
> for that
> course, I'd could help.
>
>
>>    My own background tends toward the TCSEC/TNI/CC and
>> CORBAsecurity communities, but I recognize that they are only
>> small - and probably pedagogically weak - sources of information on
>> securing distributed applications.
>
> I suggest that their weaknesses are more than just pedagogical. ;)
>
>
>> So I would like to ask for your
>> help in expanding both my personal horizons and my candidate
>> compilation by soliciting people's lists of the "Top 10 (or
>> whatever)" papers, articles, webpages, books (or book chapters) that
>> helped them learn how to design effective and secure distributed
>> applications. I'll develop and maintain a webpage that archives the
>> original lists that I receive - as well as the evolving list of
>> documents that will be incorporated into the compilation - so that
>> everyone can benefit.
>
> My extremely parochial two cents:
>
>
> Dennis and van Horn
> http://citeseer.nj.nec.com/dennis65programming.html
> Not about distributed systems or security per se, but
> it's good to start with the basics.
>
> Everything by the MIT Actors group during the '70s and early '80s.  
> (Some of
> the most important may be hard to get.)
> http://timeline.lcs.mit.edu/tlcat.adp? 
> gn=Message%20Passing%20Semantics&type=g
> Much of this is not about security per se, but about conceiving of a  
> general
> model of distributed computation that's "naturally" secure.
>
> "Language Design and Open Systems" by Ken Kahn and myself
>
> Jed Donnelley's distributed cap protocol paper:  
> http://www.nersc.gov/~jed/papers/DCCS/
>
> The Confused Deputy
> http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
>
> Digital Silk Road
> http://www.agorics.com/Library/dsr.html
>
> The Ode, of course
> http://www.erights.org/elib/capability/ode/index.html
>
> Szabo's opus on Smart Contracts:
> http://szabo.best.vwh.net/formalize.html
>
> Paradigm Regained
> http://www.hpl.hp.com/techreports/2003/HPL-2003-222.html
>
>
> -- 
> Text by me above is hereby placed in the public domain
>
>         Cheers,
>         --MarkM
>
> _______________________________________________
> e-lang mailing list
> e-lang at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/e-lang
>
-----------------
Fred Spiessens
Researcher Software Security
Université catholique de Louvain
Louvain-la-Neuve
Belgium
fsp at info.ucl.ac.be
http://www.info.ucl.ac.be/people/fsp/fred.html