P.G. Neumann, Efficient Error-Limiting Variable-Length Codes, IRE Transactions on Information Theory IT-8, pp. 292-304, July 1962.
P.G. Neumann, On a Class of Efficient Error-Limiting Variable-Length Codes, IRE Transactions on Information Theory IT-8, pp. S260-266, September 1962.
P.G. Neumann, Error-Limiting Coding Using Information-Lossless Sequential Machines, IEEE Transactions on Information Theory IT-10, p. 108-115, April 1964.
R.C. Daley and P.G. Neumann, A General-Purpose File System for Secondary
Storage, AFIPS Conference Proceedings, Fall Joint Computer
Conference, pp. 213-229, November 1965.
P.G. Neumann, The Role of Motherhood in the Pop Art of System Programming,
Proceedings of the ACM Second Symposium on Operating Systems
Principles, Princeton NJ, pp. 13-18, October 1969.
P.G. Neumann and T.R.N. Rao, Error Correction Codes for Byte-Organized
Arithmetic Processors, IEEE Transactions on Computers C-24, 3,
pp. 226-232, March 1975.
R.J. Feiertag and P.G. Neumann, The Foundations of a Provably Secure
Operating System (PSOS), AFIPS Conference Proceedings (NCC 79),
NY, NY, pp. 329-334, June 1979.
http://www.csl.sri.com/~neumann/psos.pdf
P.G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson, A
Provably Secure Operating System (PSOS): The System, Its Applications, and
Proofs, Second Edition, Computer Science Laboratory, SRI International,
Menlo Park, California, May 7, 1980, issued as Report CSL-116. The first
major report defining the system was dated June 13, 1975, and the final
report was February 11, 1977. The 1980 second edition was prepared in
preparation for the Ford/Honeywell implementation study contract, which
eventually led Honeywell and SCC to the Secure Ada Target, LOgical
Coprocessor Kernel (LOCK) and SideWinder. This report is online, URL
available on request.
P.G. Neumann, Experiences with Formality in Software Development,
in Theory and Practice of Software
Technology, D. Ferrari, M. Bolognani, and J. Goguen, editors,
North-Holland Publishing Company, pp. 203-219, 1983.
P.G. Neumann, Psychosocial Implications of Computer Software Development
and Use: Zen and the Art of Computing, in Theory and Practice of Software
Technology, D. Ferrari, M. Bolognani, and J. Goguen, editors,
North-Holland Publishing Company, pp. 221-232, 1983.
P.G. Neumann, On Hierarchical Design of Computer Systems for Critical
Applications, IEEE Transactions on Software Engineering, SE-12 9,
September 1986, pp. 905-920.
P.G. Neumann, Rainbows and Arrows: How the Security Criteria Address Computer
Misuse, Proc. 13th National Computer Security Conference, Baltimore MD, 1-4
October 1990.
P.G. Neumann, Beauty and the Beast of Software Complexity -- Elegance versus
Elephants, in Beauty is our Business, A Birthday Salute to Edsger
W. Dijkstra, pp. 346-351, Edited by W.H.J. Feijen, A.J.M. van Gasteren,
D. Gries, J. Misra, published 11 May 1990, Springer Verlag (ISBN
0-387-97299-4).
D. Clark et al., Computers at Risk: Safe Computing in the Information Age,
National Research Council, National Academy Press, 5 December 1990.
(Authored by the 16 members of the NRC System Security Study Committee,
1989-1991.)
S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck,
D. Miller, P. Neumann, and D. Sobel, Crypto Policy Perspectives,
Communications of the ACM, 37, 8, August 1994, pp. 115-121.
P.G. Neumann, Computer-Related Risks, Addison-Wesley and ACM Press, 1995.
K. Dam et al., Cryptography's Role In Securing the Information Society
(a.k.a. the CRISIS report), Final Report of the National Research Council
Cryptographic Policy Study Committee, National Academy Press, 2101
Constitution Ave., Washington, D.C. 20418, 1996.
Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze,
Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey
I. Schiller, Bruce Schneier, The Risks of Key Recovery, Key Escrow, and
Trusted Third-Party Encryption, 27 May 1997.
(ftp://research.att.com/dist/mab/key_study.txt or .ps;
http://www.crypto.com/key_study). This article appears in the World
Wide Web Journal (Web Security: A Matter of Trust) 2, 3, O'Reilly &
Associates, Summer 1997, 241-257. Reissued with an incremental preface
assessing what happened in the intervening year, 8 June 1998.
CLICK HERE.
P.G. Neumann, Review of Privacy on the Line, by Whitfield Diffie
and Susan Landau, Notices of the American Mathematics Society,
June-July 1998, pp. 709, 711-712.
P.G. Neumann and P.A. Porras, Experience with EMERALD to Date,
1st USENIX Workshop on Intrusion Detection and Network Monitoring,
Santa Clara, California, 11-12 April 1999. Best Paper Award.
CLICK HERE.
P.G. Neumann, Robust Nonproprietary Software, Proceedings of the
2000 Symposium on Security and Privacy, IEEE Computer Society, Oakland,
California, May 2000, pp. 122--123.
CLICK HERE.
P.G. Neumann, Certitude and Rectitude, position paper for
IEEE International Conference on Requirements Engineering,
Schaumberg, Illinois, June 20, 2000.
CLICK HERE.
P.G. Neumann, Practical Architectures for Survivable Systems
and Networks: Phase Two Final Report, for the ARL project,
CLICK HERE.
(and .ps and .html), dated June 30, 2000. This report represents
the main effort of the three-year project.
Steve Bellovin, Matt Blaze, Dave Farber, P.G. Neumann, and Eugene Spafford,
Comments on the Carnivore System Technical Review, 3 December 2000,
submitted to the Department of Justice at their request.
CLICK HERE.
R. Mercuri and P.G. Neumann, Verification for Electronic Balloting Systems,
Chapter 3 of Secure Electronic Voting,
Edited by Dimitris Gritzalis, Kluwer Academic Pubishers, Boston, 2003.
PGN, U.S. Computer Insecurity Redux, Issues in Science and
Technology, The National Academies, Summer 2003, pp. 75--76.
PGN and R.J. Feiertag, PSOS Revisited, Proceedings of the 19th Annual
Computer Security Applications Conference (ACSAC) 2003, Las Vegas, NV,
December 2003, pp. 208-216. [Invited paper for the Classic Papers
track]
PGN, Chapter in Computer Ethics and Professional Responsibility,
edited by Terrell Ward Bynum and Simon Rogerson, Blackwell Publishing, 2004
PGN, U.S. Computer Insecurity Redux, in The World and I,
The Washington Times Corporation, February 2004, 154--157.
PGN, Network Security and Privacy, in The Computer Science and
Engineering Handbook, 2nd edition, (A.B. Tucker, editor), CRC Press, Inc.,
2004.
PGN, Attaining Robust Open-Source Software, Chapter 7 of Making Sense
of the Bazaar: Perspectives on Open Source and Free Software, an
anthology of research and analysis edited by Joseph Feller, Brian
Fitzgerald, Scott Hissam and Karim Lakhani and published by MIT Press,
2005, pp. 123--126.
PGN, The Problems and Potentials of Voting Systems, introduction
(as guest editor) to the CACM October 2004 special issue on voting.
P.G. Neumann, Risks of Computer-Related Technology, Chapter 1 in Cyberwar,
Netwar and the Revolution in Military Affairs, edited by P.A. Trevorrow,
D. Webb, E.H. Halpin, and S. Wright, Palgrave Macmillan, 2005.
P.G. Neumann, preface to a book by Clifford Berg, High-Assurance Design:
Architecting Secure and Reliable Enterprise Applications,
Addison-Wesley, 2006 (first printing October 2005).
P.G. Neumann, System and Network Trustworthiness in Perspective
invited paper for keynote talk,
Proceedings of the ACM Computer-Communication Security (CCS)
conference, Alexandria VA October-November 2006, pp. 1-5.
CLICK HERE.
Steven Fraser, Gregor Kiczales, Ricardo Lopez, Peter G. Neumann, Linda
Northrop, Douglas Schmidt, and Kevin Sullivan, The Ultra Challenge:
Software Systems Beyond Big, Proceedings, OOPSLA 2006.
This was the panel statement for a session that examined the book on
Ultra-Large-Scale Systems noted above.
P.G. Neumann, Risks of Untrustworthiness, invited Classic Papers Track,
Proceedings of IEEE ACSAC, Miami Beach, December 13-14, 2006.
CLICK HERE.
P.G. Neumann, Reflections on Trustworthy Systems,
Chapter 6 in Advances in Computers, Volume 70,
edited by Marvin Zelkowitz,
Academic Press imprint of Elsevier Science Publishers, 2007, pp. 269-310.
P.G. Neumann, Security and Privacy in the Employment Eligibility
Verification System (EEVS) and Related Systems,
written testimony for the House Ways and Means Committee subcommittee
on Social Security testimony, Jun 7.
CLICK HERE.
Seymour E. Goodman and Herbert S. Lin (editors),
Toward a Safer and More Secure Cyberspace,
Committee on Improving Cybersecurity Research in the United States
(D. Aucsmith, S.M. Bellovin, A. Bose, B. Fraser, J. Gosler,
W. Guttman, R.B. Lee, F. Luiz, T.F. Lunt, P.G. Neumann, S. Savage,
W.L. Sherlis, F.B. Schneider, A.Z. Spector, J. Wankmueller, and J. Warrior),
Computer Science and Telecommunications Board, The National Academies
Press, Washington DC, 2007.
P.G. Neumann, Reflections on Computer-Related Risks, invited retrospective
essay, Communications of the ACM, 50th Anniversary issue, January 2008.
Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau,
PGN, and Jennifer Rexford, Risking Communications Security:
Potential Hazards of the ``Protect America Act'', IEEE Security
and Privacy, 6, 1, January-February 2008, pp. 18--27.
CLICK HERE.
Peter G. Neumann, Combatting Insider Misuse, with Relevance to Integrity and
Accountability in Elections and Other Applications, Dagstuhl Workshop on
Insider Threats, 20-25 July 2008.
CLICK HERE.
Lillie Coney, Juan E. Gilbert, Peter G. Neumann, Erik Nilsson, Jon
Pincus, and Bruce Schneier, E-Deceptive Campaign Practices,
Electronic Privacy Information Center and The Century Foundation,
20 October 2008.
CLICK HERE.
P.G. Neumann, The Future of Information Assurance, in
Computer Security Handbook, Chapter 76,
edited by Mich Kabay, Wiley. 5th edition, 2009.
PGN, Computer-Related Risk Futures, ACSAC 2009, Honolulu, December 2009,
invited paper (supporting the luncheon speech noted below).
CLICK HERE.
PGN, Combatting Insider Threats, in Insider Threats in Cyber
Security and Beyond, Christian Probst, Jeffrey Hunker, Dieter
Gollmann, and Matt Bishop (editors), Springer Verlag, 2010.
CLICK HERE.
PGN, Matt Bishop, Sean Peisert, and Marv Schaefer, Reflections on
the 30th Anniversary of the IEEE Symposium on Security and Privacy,
Lead paper in the Proceedings of the IEEE SSP, May 2010.
CLICK HERE.
PGN and Robert N.M. Watson, Capabilities Revisited: A Holistic Approach
to Bottom-to-Top Assurance of Trustworthy Systems, Layered Assurance
Workshop, Austin Texas, 6-7 December 2010.
CLICK HERE.
P.G. Neumann, Carrying Goals to Newcastle: A Tribute to Brian Randell,
published in a Festschrift for Brian Randell, Dependable and Historic
Computing, Springer Verlag, 2011.
CLICK HERE.
Robert Watson, PGN, Jon Woodruff, Jon Anderson, Ross Anderson, Nirav Dave,
Ben Laurie, Simon Moore, Steven Murdoch, Philip Paeps, Michael Roe, and
Hassen Saidi, CHERI: A Research Platform Deconflating Hardware
Virtualization and Protection, ASPLOS RESoLVE workshop, March 2012, London.
ASPLOS 2012
Dan Thomsen, Jeremy Epstein, and PGN, editors of the special issue,
Lost Treasures, IEEE Security and Privacy (Building Dependability,
Reliability, and Trust), November-December 2012, pp. 17--50, and authors
of its introduction (pp. 17--19), which also includes a one-page sidebar
by PGN, Lost Lessons: Election Systems, on page 18.
CLICK HERE.
Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan
Anderson, Peter G. Neumann, and Ben Laurie. Towards a theory of
application compartmentalisation. Security Protocols XXI, 21st
International Workshop, Sidney Sussex College, Cambridge UK, 18-20
March 2013, published subsequently as Springer Verlag LNCS 8263,
pp. 19--27, with following transcript of discussion, pp. 28--38.
Leah Hoffman, Securing the Risk: Peter G. Neumann views computers and their
related issues holistically, Communications of the ACM, December
2013, p.128 and 127. This was culled down from a longer interview to two
pages in the CACM. (The text of the full interview may be online, but if
so, it is behind a paywall and not obvious.)
Jon Woodruff, David Chisnall, Robert N.M. Watson, Simon Moore, Ben Laurie,
Brooks Davis, Stacey Son, PGN, Robert Norton, and Michael Roe, The CHERI
Capability Model: Revisiting RISC in an Age of Risk, ISCA, June 2014 (ACM
International Symposium on Computer Architecture).
ISCA 2014.>p>
Peter G Neumann, Sean Peisert, and Marv Schaefer, The IEEE Symposium on
Security and Privacy in Retrospect, IEEE Security and Privacy (introduction
to the best SSP papers from 2013, as a special issue), June 2014.
David Chisnall, Colin Rothwell, Brooks Davis, Peter G. Neumann,
Robert N.M. Watson, Jonathan Woodruff, Simon W. Moore, and Michael Roe,
Beyond the PDP-11: Architectural Support for a Memory-Safe Abstract Machine,
ASPLOS 2015, Istanbul, Turkey, 14--18 March 2015.
ASPLOS 2015
PGN, How Might System and Network Security Interact with Privacy? in
Visions of Privacy in the Modern Age, Marc Rotenberg and Jeramie Scott
(editors), produced under a MacArthur Foundation grant to the Electronic
Privacy Information Center, 2015.
Jong Hun Han, Prashanth Mundkur, Charalampos Rotsos, Gianni Antichi, Nirav
Dave, Andrew W. Moore, PGN, Blueswitch: Enabling provably consistent
configuration of network switches, The ACM/IEEE Symposium on Architectures
for Networking and Communications Systems (ANCS 2015), Oakland,
California, 7--8 May 2015.
Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore,
Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Ben Laurie,
Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj
Vadera, CHERI: A Hybrid Capability-System Architecture for Scalable
Software Compartmentalization, IEEE Symposium on Security and Privacy, San
Jose, CA, 18-20 May 2015.
IEEE SSP 2015
Khilan Gudka (University of Cambridge), Robert N. M. Watson (University of
Cambridge), Jonathan Anderson (Memorial University of Newfoundland), David
Chisnall (University of Cambridge), Brooks Davis (SRI International), Ben
Laurie (Google UK Ltd.), Ilias Marinos (University of Cambridge), Peter
G. Neumann (SRI International), Alex Richardson (University of Cambridge),
SOAAP: Reasoning About Application Compartmentalization, 22nd ACM
Conference on Computer and Communications Security (CCS 2015), 12-16
October, Denver, Colorado.
CLICK HERE.
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt
Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter
G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael
Specter, Daniel J. Weitzner Keys Under Doormats (abstract and executive
summary of the report version), CACM Inside Risks series, October 2015.
CLICK HERE.
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze,
Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter
G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael
Specter, Daniel J. Weitzner, Keys Under Doormats.
Online pdf.
PGN, Reminiscences on the 25th SOSP's History Day Workshop, on the
History Day website, October 2015:
CLICK HERE.
Robert N. M. Watson, Simon W. Moore, and Peter G. Neumann, CHERI: a
hardware-software system to support the principle of least privilege,
ERCIM News, The European Research Consortium for Informatics and
Mathematics, June 2016. (Subtitle: The CHERI hardware-software system
has the potential to provide unprecedented security, reliability,
assurance, ease of programmability, and compatibility.) This article
provides a short summary of our clean-slate hardware-software
co-design for the CHERI system, published in a journal that has
frequent articles on trustworthiness, safety, security, reliability,
and related topics. http://ercim-news.ercim.eu/en106
Robert N. M. Watson, Robert Norton, Jonathan Woodruff, Alexandre Joannou,
Simon W. Moore, Peter G. Neumann, Jonathan Anderson, David Chisnall, Nirav
Dave, Brooks Davis, Khilan Gudka, Ben Laurie, A. Theodore Markettos, Ed
Maste, Steven J. Murdoch, Michael Roe, Colin Rothwell, Stacey Son, and
Munraj Vadera, Fast Protection-Domain Crossing in the CHERI
Capability-System Architecture, special Issue of IEEE Micro journal,
vol. 36, no. 5, pp. 38--49, Sept/Oct 2016,
This paper is an extension and refinement of last year's
paper for the IEEE Symposium on Security and Privacy.
http://www.qmags.com/R/?i=3355a12&e=771639&doi=63528695&uk=2FE1161B16B0D7E013144E421115BC6382FF14E57D.htm
David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre
Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste,
Robert Norton, Stacey Son, Michael Roe, Simon W. Moore, Ben Laurie,
Peter G. Neumann, and Robert N. M. Watson, CHERI JNI: Sinking the Java
security model into the C, Proceedings of the 22nd ACM International
Conference on Architectural Support for Programming Languages and
Operating Systems (ASPLOS 2017). Xi'an, China, April 8--12, 2017.
Alexandre Joannou, Jonathan Woodruff, Simon W. Moore, Robert Kovacsics,
Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis,
Peter G. Neumann, Edward Napierala, John Baldwin, A. Theodore Markettos,
Khilan Gudka, Alfredo Mazzinghi, Alexander Richardson, Stacey Son, Alex
Bradbury, Efficient Tagged Memory, International Conference on Computer
Design, ICCD 2017, Boston, 5-8 November 2017.
Robert N. M. Watson, Peter G. Neumann, and Simon W. Moore, Balancing
Disruption and Deployability in the CHERI Instruction-Set Architecture
(ISA), in New Solutions for Cybersecurity, Howie Shrobe, David Shrier,
Alex Pentland, eds., MIT Press/Connection Science: Cambridge MA, 2018.
Peter G. Neumann, Fundamental Trustworthiness Principles, in New Solutions
for Cybersecurity, Howie Shrobe, David Shrier, Alex Pentland, eds., MIT
Press/Connection Science: Cambridge MA. 2018.
See the entire collection of Inside Risks articles in the Communications
of the ACM, edited by and often authored by PGN.
CLICK HERE.
P.G. Neumann, Security Risks in the Computer-Communication
Infrastructure, written testimony for the U.S. Permanent Subcommittee
on Investigations of the Senate Committee on Governmental Affairs, 25 June
1996, included in Security in Cyberspace, Hearings,
S. Hrg. 104-701
(see http://www.csl.sri.com/~neumann/senate.html). ISBN
0-16-053913-7, 1996, pp. 350-363. My oral testimony is on pages 106-111 of
that volume, and there are several other references to me elsewhere.
PGN attended the fifth government-sponsored Highlands Forum at the
U.S. Naval Academy, 3 Dec 1996, and served on a panel on vulnerabilities in
the information infrastructure. Several members of the President's
Commission on Critical Infrastructures were present.
P.G. Neumann, Computer Security in Aviation: Vulnerabilities, Threats, and
Risks, Gore Commission Conference on Aviation Safety and Security, 13-15 Jan
1997
(http://www.csl.sri.com/~neumann/air.html).
PGN participated on 10-11 Mar 1997 in a Workshop on Protecting and Assuring
Critical National Infrastructure, at the Center for International Security
and Arms Control at Stanford. PGN was on a panel with the President's
Commission on Critical Infrastructure Protection (PCCIP) Commissioner
Brenton Greene and Ray Leadabrand. Several other PCCIP Commissioners were
also on the program including the Chairman Tom Marsh.
P.G. Neumann, The Social Security Internet Website: Technology and Privacy
Implications, written testimony for the House Ways and Means subcommittee on
the Social Security Administration hearing on 6 May 1997.
(http://www.csl.sri.com/~neumann/ssa.html). Also, appeared on a Social
Security Administration panel relating to computer security and risks
related to SSA databases, 28 May 1997, at San Jose State. See ``The Social
Security Administration: PEBES, Identity Theft, and Related Risks''
(http://www.csl.sri.com/~neumann/ssaforum.html).
PGN testified on 6 Nov 1997 for the House Subcommittee on Technology,
Committee on Science, chaired by Connie Morella, on the subject of
protecting the information infrastructure. (The written testimony, oral
testimony, and ensuing responses to written questions are published by the
Government Printing Office, ISBN 0-16-056151-5; the written testimony is
also on-line at
http://www.csl.sri.com/~neumann/house97.html
and the responses to questions at
http://www.csl.sri.com/~neumann/house97.ans .)
More recent House testimonies are noted on my main Web pages.
PGN testified on 19 May 1998 for the U.S. Senate Governmental Affairs
Committee, Computer-Related Infrastructure Risks for Federal Agencies.
CLICK HERE.
More recent Senate, House, and California State testimonies are noted on my
main Web pages.
This article won the 2015 J.D. Falk Award from the Messaging Malware
Mobile Anti-Abuse Working Group (M3AAWG) at the M3AAWG meeting in Atlanta,
20-22 Oct 2015: ``The M3AAWG J.D. Falk Award seeks to recognize people who
are committed to making a better online world... The award seeks to
recognize efforts for a particularly meritorious item of work... The
recipient must also embody the spirit of J.D.'s volunteerism and community
building. The J.D. Falk Award winners have a vigilant eye on the broader
perspective of Internet systems and communities and call upon thoughtful
humor when things get tough.'' [PGN contributed a three-minute video that
was shown at the award ceremony.]
The entire Keys Under Doormats report, slightly edited for the journal,
was then published in the (fully open-access) online new Journal of
Cybersecurity, vol 1 no 1, Oxford University Press.
ONLINESome Other Items