Peter G. Neumann Publication History PGN

F.P. Brooks, Jr., A.L. Hopkins, P.G. Neumann, and W.V. Wright, ``An Experiment in Musical Composition'', IRE Transactions on Electronic Computers EC-6, pp. 175-182, September 1957.

P.G. Neumann, Efficient Error-Limiting Variable-Length Codes, IRE Transactions on Information Theory IT-8, pp. 292-304, July 1962.

P.G. Neumann, On a Class of Efficient Error-Limiting Variable-Length Codes, IRE Transactions on Information Theory IT-8, pp. S260-266, September 1962.

P.G. Neumann, Error-Limiting Coding Using Information-Lossless Sequential Machines, IEEE Transactions on Information Theory IT-10, p. 108-115, April 1964.

R.C. Daley and P.G. Neumann, A General-Purpose File System for Secondary Storage, AFIPS Conference Proceedings, Fall Joint Computer Conference, pp. 213-229, November 1965. CLICK HERE

P.G. Neumann, The Role of Motherhood in the Pop Art of System Programming, Proceedings of the ACM Second Symposium on Operating Systems Principles, Princeton NJ, pp. 13-18, October 1969.

P.G. Neumann and T.R.N. Rao, Error Correction Codes for Byte-Organized Arithmetic Processors, IEEE Transactions on Computers C-24, 3, pp. 226-232, March 1975.

R.J. Feiertag and P.G. Neumann, The Foundations of a Provably Secure Operating System (PSOS), AFIPS Conference Proceedings (NCC 79), NY, NY, pp. 329-334, June 1979.

P.G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson, A Provably Secure Operating System (PSOS): The System, Its Applications, and Proofs, Second Edition, Computer Science Laboratory, SRI International, Menlo Park, California, May 7, 1980, issued as Report CSL-116. The first major report defining the system was dated June 13, 1975, and the final report was February 11, 1977. The 1980 second edition was prepared in preparation for the Ford/Honeywell implementation study contract, which eventually led Honeywell and SCC to the Secure Ada Target, LOgical Coprocessor Kernel (LOCK) and SideWinder. This report is online, URL available on request.

P.G. Neumann, Experiences with Formality in Software Development, in Theory and Practice of Software Technology, D. Ferrari, M. Bolognani, and J. Goguen, editors, North-Holland Publishing Company, pp. 203-219, 1983.

P.G. Neumann, Psychosocial Implications of Computer Software Development and Use: Zen and the Art of Computing, in Theory and Practice of Software Technology, D. Ferrari, M. Bolognani, and J. Goguen, editors, North-Holland Publishing Company, pp. 221-232, 1983.

P.G. Neumann, On Hierarchical Design of Computer Systems for Critical Applications, IEEE Transactions on Software Engineering, SE-12 9, September 1986, pp. 905-920.

P.G. Neumann, Rainbows and Arrows: How the Security Criteria Address Computer Misuse, Proc. 13th National Computer Security Conference, Baltimore MD, 1-4 October 1990.

P.G. Neumann, Beauty and the Beast of Software Complexity -- Elegance versus Elephants, in Beauty is our Business, A Birthday Salute to Edsger W. Dijkstra, pp. 346-351, Edited by W.H.J. Feijen, A.J.M. van Gasteren, D. Gries, J. Misra, published 11 May 1990, Springer Verlag (ISBN 0-387-97299-4).

D. Clark et al., Computers at Risk: Safe Computing in the Information Age, National Research Council, National Academy Press, 5 December 1990. (Authored by the 16 members of the NRC System Security Study Committee, 1989-1991.)

S. Landau, S. Kent, C. Brooks, S. Charney, D. Denning, W. Diffie, A. Lauck, D. Miller, P. Neumann, and D. Sobel, Crypto Policy Perspectives, Communications of the ACM, 37, 8, August 1994, pp. 115-121.

P.G. Neumann, Computer-Related Risks, Addison-Wesley and ACM Press, 1995.

K. Dam et al., Cryptography's Role In Securing the Information Society (a.k.a. the CRISIS report), Final Report of the National Research Council Cryptographic Policy Study Committee, National Academy Press, 2101 Constitution Ave., Washington, D.C. 20418, 1996.

Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption, 27 May 1997. ( or .ps; This article appears in the World Wide Web Journal (Web Security: A Matter of Trust) 2, 3, O'Reilly & Associates, Summer 1997, 241-257. Reissued with an incremental preface assessing what happened in the intervening year, 8 June 1998. CLICK HERE.

P.G. Neumann, Review of Privacy on the Line, by Whitfield Diffie and Susan Landau, Notices of the American Mathematics Society, June-July 1998, pp. 709, 711-712.

P.G. Neumann and P.A. Porras, Experience with EMERALD to Date, 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, 11-12 April 1999. Best Paper Award. CLICK HERE.

P.G. Neumann, Robust Nonproprietary Software, Proceedings of the 2000 Symposium on Security and Privacy, IEEE Computer Society, Oakland, California, May 2000, pp. 122--123. CLICK HERE.

P.G. Neumann, Certitude and Rectitude, position paper for IEEE International Conference on Requirements Engineering, Schaumberg, Illinois, June 20, 2000. CLICK HERE.

P.G. Neumann, Practical Architectures for Survivable Systems and Networks: Phase Two Final Report, for the ARL project, CLICK HERE.

(and .ps and .html), dated June 30, 2000. This report represents the main effort of the three-year project.

Steve Bellovin, Matt Blaze, Dave Farber, P.G. Neumann, and Eugene Spafford, Comments on the Carnivore System Technical Review, 3 December 2000, submitted to the Department of Justice at their request. CLICK HERE.

R. Mercuri and P.G. Neumann, Verification for Electronic Balloting Systems, Chapter 3 of Secure Electronic Voting, Edited by Dimitris Gritzalis, Kluwer Academic Pubishers, Boston, 2003.

PGN, U.S. Computer Insecurity Redux, Issues in Science and Technology, The National Academies, Summer 2003, pp. 75--76.

PGN and R.J. Feiertag, PSOS Revisited, Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC) 2003, Las Vegas, NV, December 2003, pp. 208-216. [Invited paper for the Classic Papers track] PGN, Chapter in Computer Ethics and Professional Responsibility, edited by Terrell Ward Bynum and Simon Rogerson, Blackwell Publishing, 2004 PGN, U.S. Computer Insecurity Redux, in The World and I, The Washington Times Corporation, February 2004, 154--157.

PGN, Network Security and Privacy, in The Computer Science and Engineering Handbook, 2nd edition, (A.B. Tucker, editor), CRC Press, Inc., 2004.

PGN, Attaining Robust Open-Source Software, Chapter 7 of Making Sense of the Bazaar: Perspectives on Open Source and Free Software, an anthology of research and analysis edited by Joseph Feller, Brian Fitzgerald, Scott Hissam and Karim Lakhani and published by MIT Press, 2005, pp. 123--126.

PGN, The Problems and Potentials of Voting Systems, introduction (as guest editor) to the CACM October 2004 special issue on voting.

P.G. Neumann, Risks of Computer-Related Technology, Chapter 1 in Cyberwar, Netwar and the Revolution in Military Affairs, edited by P.A. Trevorrow, D. Webb, E.H. Halpin, and S. Wright, Palgrave Macmillan, 2005.

P.G. Neumann, preface to a book by Clifford Berg, High-Assurance Design: Architecting Secure and Reliable Enterprise Applications, Addison-Wesley, 2006 (first printing October 2005).

P.G. Neumann, System and Network Trustworthiness in Perspective invited paper for keynote talk, Proceedings of the ACM Computer-Communication Security (CCS) conference, Alexandria VA October-November 2006, pp. 1-5. CLICK HERE.

Steven Fraser, Gregor Kiczales, Ricardo Lopez, Peter G. Neumann, Linda Northrop, Douglas Schmidt, and Kevin Sullivan, The Ultra Challenge: Software Systems Beyond Big, Proceedings, OOPSLA 2006. This was the panel statement for a session that examined the book on Ultra-Large-Scale Systems noted above.

P.G. Neumann, Risks of Untrustworthiness, invited Classic Papers Track, Proceedings of IEEE ACSAC, Miami Beach, December 13-14, 2006. CLICK HERE.

P.G. Neumann, Reflections on Trustworthy Systems, Chapter 6 in Advances in Computers, Volume 70, edited by Marvin Zelkowitz, Academic Press imprint of Elsevier Science Publishers, 2007, pp. 269-310.

P.G. Neumann, Security and Privacy in the Employment Eligibility Verification System (EEVS) and Related Systems, written testimony for the House Ways and Means Committee subcommittee on Social Security testimony, Jun 7. CLICK HERE.

Seymour E. Goodman and Herbert S. Lin (editors), Toward a Safer and More Secure Cyberspace, Committee on Improving Cybersecurity Research in the United States (D. Aucsmith, S.M. Bellovin, A. Bose, B. Fraser, J. Gosler, W. Guttman, R.B. Lee, F. Luiz, T.F. Lunt, P.G. Neumann, S. Savage, W.L. Sherlis, F.B. Schneider, A.Z. Spector, J. Wankmueller, and J. Warrior), Computer Science and Telecommunications Board, The National Academies Press, Washington DC, 2007.

P.G. Neumann, Reflections on Computer-Related Risks, invited retrospective essay, Communications of the ACM, 50th Anniversary issue, January 2008.

Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, PGN, and Jennifer Rexford, Risking Communications Security: Potential Hazards of the ``Protect America Act'', IEEE Security and Privacy, 6, 1, January-February 2008, pp. 18--27. CLICK HERE.

Peter G. Neumann, Combatting Insider Misuse, with Relevance to Integrity and Accountability in Elections and Other Applications, Dagstuhl Workshop on Insider Threats, 20-25 July 2008. CLICK HERE.

Lillie Coney, Juan E. Gilbert, Peter G. Neumann, Erik Nilsson, Jon Pincus, and Bruce Schneier, E-Deceptive Campaign Practices, Electronic Privacy Information Center and The Century Foundation, 20 October 2008. CLICK HERE.

P.G. Neumann, The Future of Information Assurance, in Computer Security Handbook, Chapter 76, edited by Mich Kabay, Wiley. 5th edition, 2009.

PGN, Computer-Related Risk Futures, ACSAC 2009, Honolulu, December 2009, invited paper (supporting the luncheon speech noted below). CLICK HERE.

PGN, Combatting Insider Threats, in Insider Threats in Cyber Security and Beyond, Christian Probst, Jeffrey Hunker, Dieter Gollmann, and Matt Bishop (editors), Springer Verlag, 2010. CLICK HERE.

PGN, Matt Bishop, Sean Peisert, and Marv Schaefer, Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy, Lead paper in the Proceedings of the IEEE SSP, May 2010. CLICK HERE.

PGN and Robert N.M. Watson, Capabilities Revisited: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems, Layered Assurance Workshop, Austin Texas, 6-7 December 2010. CLICK HERE.

P.G. Neumann, Carrying Goals to Newcastle: A Tribute to Brian Randell, published in a Festschrift for Brian Randell, Dependable and Historic Computing, Springer Verlag, 2011. CLICK HERE.

Robert Watson, PGN, Jon Woodruff, Jon Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon Moore, Steven Murdoch, Philip Paeps, Michael Roe, and Hassen Saidi, CHERI: A Research Platform Deconflating Hardware Virtualization and Protection, ASPLOS RESoLVE workshop, March 2012, London. ASPLOS 2012

Dan Thomsen, Jeremy Epstein, and PGN, editors of the special issue, Lost Treasures, IEEE Security and Privacy (Building Dependability, Reliability, and Trust), November-December 2012, pp. 17--50, and authors of its introduction (pp. 17--19), which also includes a one-page sidebar by PGN, Lost Lessons: Election Systems, on page 18. CLICK HERE.

Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan Anderson, Peter G. Neumann, and Ben Laurie. Towards a theory of application compartmentalisation. Security Protocols XXI, 21st International Workshop, Sidney Sussex College, Cambridge UK, 18-20 March 2013, published subsequently as Springer Verlag LNCS 8263, pp. 19--27, with following transcript of discussion, pp. 28--38.

Leah Hoffman, Securing the Risk: Peter G. Neumann views computers and their related issues holistically, Communications of the ACM, December 2013, p.128 and 127. This was culled down from a longer interview to two pages in the CACM. (The text of the full interview may be online, but if so, it is behind a paywall and not obvious.) Jon Woodruff, David Chisnall, Robert N.M. Watson, Simon Moore, Ben Laurie, Brooks Davis, Stacey Son, PGN, Robert Norton, and Michael Roe, The CHERI Capability Model: Revisiting RISC in an Age of Risk, ISCA, June 2014 (ACM International Symposium on Computer Architecture). ISCA 2014.>p> Peter G Neumann, Sean Peisert, and Marv Schaefer, The IEEE Symposium on Security and Privacy in Retrospect, IEEE Security and Privacy (introduction to the best SSP papers from 2013, as a special issue), June 2014.

David Chisnall, Colin Rothwell, Brooks Davis, Peter G. Neumann, Robert N.M. Watson, Jonathan Woodruff, Simon W. Moore, and Michael Roe, Beyond the PDP-11: Architectural Support for a Memory-Safe Abstract Machine, ASPLOS 2015, Istanbul, Turkey, 14--18 March 2015. ASPLOS 2015 PGN, How Might System and Network Security Interact with Privacy? in Visions of Privacy in the Modern Age, Marc Rotenberg and Jeramie Scott (editors), produced under a MacArthur Foundation grant to the Electronic Privacy Information Center, 2015.

Jong Hun Han, Prashanth Mundkur, Charalampos Rotsos, Gianni Antichi, Nirav Dave, Andrew W. Moore, PGN, Blueswitch: Enabling provably consistent configuration of network switches, The ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS 2015), Oakland, California, 7--8 May 2015.

Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera, CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, IEEE Symposium on Security and Privacy, San Jose, CA, 18-20 May 2015. IEEE SSP 2015

Khilan Gudka (University of Cambridge), Robert N. M. Watson (University of Cambridge), Jonathan Anderson (Memorial University of Newfoundland), David Chisnall (University of Cambridge), Brooks Davis (SRI International), Ben Laurie (Google UK Ltd.), Ilias Marinos (University of Cambridge), Peter G. Neumann (SRI International), Alex Richardson (University of Cambridge), SOAAP: Reasoning About Application Compartmentalization, 22nd ACM Conference on Computer and Communications Security (CCS 2015), 12-16 October, Denver, Colorado. CLICK HERE.

Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner Keys Under Doormats (abstract and executive summary of the report version), CACM Inside Risks series, October 2015. CLICK HERE.

Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner, Keys Under Doormats. Online pdf.
This article won the 2015 J.D. Falk Award from the Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG) at the M3AAWG meeting in Atlanta, 20-22 Oct 2015: ``The M3AAWG J.D. Falk Award seeks to recognize people who are committed to making a better online world... The award seeks to recognize efforts for a particularly meritorious item of work... The recipient must also embody the spirit of J.D.'s volunteerism and community building. The J.D. Falk Award winners have a vigilant eye on the broader perspective of Internet systems and communities and call upon thoughtful humor when things get tough.'' [PGN contributed a three-minute video that was shown at the award ceremony.]
The entire Keys Under Doormats report, slightly edited for the journal, was then published in the (fully open-access) online new Journal of Cybersecurity, vol 1 no 1, Oxford University Press. ONLINE

PGN, Reminiscences on the 25th SOSP's History Day Workshop, on the History Day website, October 2015: CLICK HERE.

Robert N. M. Watson, Simon W. Moore, and Peter G. Neumann, CHERI: a hardware-software system to support the principle of least privilege, ERCIM News, The European Research Consortium for Informatics and Mathematics, June 2016. (Subtitle: The CHERI hardware-software system has the potential to provide unprecedented security, reliability, assurance, ease of programmability, and compatibility.) This article provides a short summary of our clean-slate hardware-software co-design for the CHERI system, published in a journal that has frequent articles on trustworthiness, safety, security, reliability, and related topics. Robert N. M. Watson, Robert Norton, Jonathan Woodruff, Alexandre Joannou, Simon W. Moore, Peter G. Neumann, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, A. Theodore Markettos, Ed Maste, Steven J. Murdoch, Michael Roe, Colin Rothwell, Stacey Son, and Munraj Vadera, Fast Protection-Domain Crossing in the CHERI Capability-System Architecture, special Issue of IEEE Micro journal, vol. 36, no. 5, pp. 38--49, Sept/Oct 2016, This paper is an extension and refinement of last year's paper for the IEEE Symposium on Security and Privacy. David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W. Moore, Ben Laurie, Peter G. Neumann, and Robert N. M. Watson, CHERI JNI: Sinking the Java security model into the C, Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2017). Xi'an, China, April 8--12, 2017. Alexandre Joannou, Jonathan Woodruff, Simon W. Moore, Robert Kovacsics, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Peter G. Neumann, Edward Napierala, John Baldwin, A. Theodore Markettos, Khilan Gudka, Alfredo Mazzinghi, Alexander Richardson, Stacey Son, Alex Bradbury, Efficient Tagged Memory, International Conference on Computer Design, ICCD 2017, Boston, 5-8 November 2017. Robert N. M. Watson, Peter G. Neumann, and Simon W. Moore, Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA), in New Solutions for Cybersecurity, Howie Shrobe, David Shrier, Alex Pentland, eds., MIT Press/Connection Science: Cambridge MA, 2018. Peter G. Neumann, Fundamental Trustworthiness Principles, in New Solutions for Cybersecurity, Howie Shrobe, David Shrier, Alex Pentland, eds., MIT Press/Connection Science: Cambridge MA. 2018. See the entire collection of Inside Risks articles in the Communications of the ACM, edited by and often authored by PGN. CLICK HERE.

Some Other Items

P.G. Neumann, Security Risks in the Computer-Communication Infrastructure, written testimony for the U.S. Permanent Subcommittee on Investigations of the Senate Committee on Governmental Affairs, 25 June 1996, included in Security in Cyberspace, Hearings, S. Hrg. 104-701 (see ISBN 0-16-053913-7, 1996, pp. 350-363. My oral testimony is on pages 106-111 of that volume, and there are several other references to me elsewhere.

PGN attended the fifth government-sponsored Highlands Forum at the U.S. Naval Academy, 3 Dec 1996, and served on a panel on vulnerabilities in the information infrastructure. Several members of the President's Commission on Critical Infrastructures were present.

P.G. Neumann, Computer Security in Aviation: Vulnerabilities, Threats, and Risks, Gore Commission Conference on Aviation Safety and Security, 13-15 Jan 1997 (

PGN participated on 10-11 Mar 1997 in a Workshop on Protecting and Assuring Critical National Infrastructure, at the Center for International Security and Arms Control at Stanford. PGN was on a panel with the President's Commission on Critical Infrastructure Protection (PCCIP) Commissioner Brenton Greene and Ray Leadabrand. Several other PCCIP Commissioners were also on the program including the Chairman Tom Marsh.

P.G. Neumann, The Social Security Internet Website: Technology and Privacy Implications, written testimony for the House Ways and Means subcommittee on the Social Security Administration hearing on 6 May 1997. ( Also, appeared on a Social Security Administration panel relating to computer security and risks related to SSA databases, 28 May 1997, at San Jose State. See ``The Social Security Administration: PEBES, Identity Theft, and Related Risks'' (

PGN testified on 6 Nov 1997 for the House Subcommittee on Technology, Committee on Science, chaired by Connie Morella, on the subject of protecting the information infrastructure. (The written testimony, oral testimony, and ensuing responses to written questions are published by the Government Printing Office, ISBN 0-16-056151-5; the written testimony is also on-line at and the responses to questions at .) More recent House testimonies are noted on my main Web pages.

PGN testified on 19 May 1998 for the U.S. Senate Governmental Affairs Committee, Computer-Related Infrastructure Risks for Federal Agencies. CLICK HERE. More recent Senate, House, and California State testimonies are noted on my main Web pages.