Distinguished Lectures at Brown University, Computer Security
Dobb, Department of Computer Science, Brown University, Providence, RI. Email: [email protected] edu Abstract: Distinguished Lectures at Brown University. Introduction I present my lecture in Computer Security, given on September 10, 1999. I am pleased–and grateful–to be giving this lecture at Brown University. It was organized by myself, Richard M. Dobb, the Director of the Brown University Computer Security Institute and the Brown University Computational Security Group. The lecture will be very brief and therefore I have tried to focus my attention only on the most relevant issues at this time. Distinguished Lectures at Brown University, Computer Security. Issues and Controversies In this paper, I will address three specific topics: (a) the general problem of providing a sufficient defense against hostile attempts on a computing platform; (b) the problem of detecting and analyzing the techniques used by hostile code generators; (c) the problem of detecting and analyzing the techniques used by hostile techniques that exploit code vulnerability. This paper will not include any discussion of specific attacks or defenses, for they are not new and the techniques used to attack them are not new either. The paper will make no claim as to the correctness of the techniques described, nor will it discuss the applicability of the techniques described, nor will it claim that these techniques are the best ones available for the system under discussion. What is important for any computing system is that its code runs correctly, which has the following characteristics: (1) it executes only when requested to do so; (2) it is self-protecting; (3) it has no dependency on trusted execution environments; (4) it is secure. Attacks on code are attacks on programs. Therefore, code’s execution is a major element of any computing system security. The techniques discussed in this paper attack the execution of programs. The techniques described, though not explicitly mentioned in the papers, are very likely to be used against code. In this paper I will, therefore, include in my lecture two specific techniques: (1) a technique to generate a set of benign code snippets, and (2) a technique to attack self-protecting code generators.
Distinguished Lectures in Computer Science.
Widespread use of the Java web application framework (JSR-330) for secure, distributed Java transactions (JCP-181) is a major step toward a Java web application and Java network operating system (JINN) system. However, the new JSR-330 specification provides little guidance as to how to implement the JSR-330 security requirements. While many of the JSR-330 requirements have been addressed through prior security specifications, there are few details on how to implement these requirements. This research fills this void by presenting an analysis of the JSR-330 specification, and the analysis offers guidance on how to implement the specifications. By examining Java objects that reference each other, we investigate the effects of using methods within a JSR-330 specification and how these methods interact. Our analysis shows that the specification contains few methods that can be used to implement the security requirements; rather, the specifications are left to be implemented as components in a JINN architecture. This research contributes to the Java security community by demonstrating how to implement the security requirements and providing guidance on how to implement the security requirements.
Copyright held by JCP. All rights reserved.
JSR-330: Distinguished Lectures in Computer Science.
In computer security, the Java web application framework (JSR-330) is widely used for secure, distributed Java transactions (JCP-181) to support Java web applications and Java network operating system (JINN) systems. However, the new JSR-330 specification provides little guidance to implement security requirements. In this paper, we analyze the JSR-330 specification to find potential methods that the specification can be implemented with, through which we can demonstrate how to implement the specifications.
In addition to the Java language, the Java security model has evolved since its inception in Java 1. 2 (now Java SE 6), based on the Java Security Extensions (JSSE). The JSR-330 specification provides a broad framework for providing Java security. JSR-330 was developed by the Java Community Process (JCP) to standardize the security model for Java and extend Java security for new Java features and technologies.
Interacting Collaborative and Social Computing.
Authors: Iain Ayrton, Robert N. Inderbitzen, A. O’Connor, J.
Abstract: A new way of collaboration for large-scale, complex systems is proposed. It relies on the automatic interaction of a large number of agents with each other without any human control. A first experiment on this approach is performed with an H-CMC architecture.
The emergence of large-scale, complex systems with unpredictable interactions and global properties is now a reality. While it may seem that an agent-based approach is well suited to this scenario, it is not without its drawbacks.
First and foremost, agents must be able to interact with each other in a coordinated and mutually beneficial manner to successfully work and play together. Indeed, agents often do not have explicit and explicitable models of the nature of their world and cannot automatically decide on the nature of the interactions to be performed . A first step in this direction was taken in . The authors proposed a framework that combines agent-centric reasoning with a model-based interaction paradigm. The framework relies on a set of models, one for each agent and a model for the agent’s environment, with the aim of generating new interactions in response to actions and models of the environment. The authors refer to this approach as “model-based agent design” (MAD). In contrast to approaches that treat the environment as part of the agent’s model , MAD does not consider the environment as part of the agent’s model, but allows interactions based on a model for the environment.
The model-based approach by the authors is based on the definition of “agent” as a system which is able to interact with other systems. The authors, however, did not use agents to represent the systems they want to make collaborative.
Distinguished Lectures : Jeff Huang/Andy van Dam
Computer and Software Security, Volume 37, Number 3 May 1998.
Schindler, S. and Van Dam, A.
Computer and Software Security.
Schindler, S. and Van Dam, A.
Computer and Software Security.
Tips of the Day in Computer Security
and topics discussed, and we will be covering them all in one issue.
* Security in Cloud Computing for Security-Aware Developers (Google Inc.