Search Results

We describe a research program on design techniques to enable the cost-effective construction of trustworthy systems. The focus is on single-machine systems that can be formally verified to provide desired system-wide security and safety properties. ...

Many real-time operating systems (RTOSes) offer very small interrupt latencies, in the order of tens or hundreds of cycles. They achieve this by making the RTOS kernel fully preemptible, permitting interrupts at almost any point in execution except for ...

Hard real-time systems are typically written to execute either on bare metal or on a small real-time executive that offers no memory protection. This model scales poorly as systems become more complex and integrated, as is the trend in industry today. ...

Computer systems are routinely deployed in life- and mission-critical situations, yet their security, safety or dependability can in most cases not be assured to the degree warranted by the application. In other words, trusted computer systems are ...

Mobile Ad-Hoc Networks (MANETs) are adaptive and self-organizing, and as a consequence, securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fundamental assumptions regarding the trustworthiness of ...

The potential for development and deployment of trusted health information systems (HIS) based upon intrinsically more secure computer system architectures than those in general use, as commodity level systems, in today's marketplace is investigated in ...

A thread of research has emerged to investigate the interactions of replication with threshold cryptography for use in environments that satisfy weak assumptions. The result is a new paradigm known as distributed trust; this article attempts to survey ...

A panel was held at the 2005 AAAI Spring Symposium on AI Technologies and Homeland Security at Stanford University. This issue's essays stem from that panel and aim to facilitate the dialogue between policy makers and information security technology ...

Despite decades of research, the takeup of formal methods for developing provably correct software in industry remains slow. One reason for this is the high cost of proof construction, an activity that, due to the complexity of the required proofs, is ...

The self defending object (SDO) approach to the development of security aware applications represents a change in the object oriented paradigm, whereby the software objects that encapsulate sensitive data or provide security sensitive functionality are ...

The SIGMA project is researching the integration and interoperation of security technologies into distributed computing environments based on CORBA, the Common Object Request Broker Architecture. The architectural results described in the paper are ...

New standards for trusted systems propose multiple security policies and multiple policy domains. My experience building a Mutipolicy Machine prototype illustrated that multiple policy domains and complex policies push current policy administration ...