Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 11: Issue 60
Thursday 2 May 1991
Contents
Battle of the computers- Jerry Leichter
- The risks of risks and leverage
- Bob Frankston
- Free Speech and Government Control of Information
- Jerry Leichter
- Re: Four-digit address causes NYC death
- Flint Pellett
Ed Ravin
Bob Frankston - Re: Hacking, Civil, and Criminal Law
- Jim Giles
- Research Project [call for guinea pigs]
- P.A.Taylor
- Larry Hirschhorn, Beyond Mechanization, MIT Press, 1984 Phil Agre)
- 2nd PDCS Open Workshop, Newcastle/Tyne - 28-30 May 1991
- Nick Cook
- Info on RISKS (comp.risks)
Battle of the computers
Jerry Leichter <leichter@lrw.com>
Thu, 2 May 91 11:39:43 EDT
As some players in the economy use massive computation to improve their
position, will those without access to such resources be left behind? This
issue has arisen in the past in discussions of program trading in the stock
market. About two weeks ago, in an article in the New York Times that I
forgot to clip, an interesting new example came to light.
It seems that airlines are making heavy use of "load management" software.
An airline wants to fill as many seats on each flight as possible with
passengers paying full fare. However, if there are any seats left over,
it is better to fill them with people flying at a discount than to leave
them empty, as the incremental cost of flying the extra passengers is
essentially nil.
In the past, airlines have had to guess how many seats on each flight to
make available at a discount. These days, they have enormous amounts of
data on the past history of all their flights. Further, they have the
computational capacity to do an essentially continuous recomputation of
the optimal number of seats to offer at a discount. The result is that,
on the "desireable" flights - late Friday afternoon, for example - it's
extremely difficult to get a discount seat. On Saturday, on the other hand,
discount seats are usually no problem. The techniques involved have proved
very effective - studies show that for many airlines such load management
makes the difference between profit and loss.
Many state regulators see this as a "bait and switch" by the airlines - they
advertise seats that are simply not available to most of their customers. One
side-effect of airline deregulation, however, was to make the airlines just
about totally immune to state regulations, and the Federal government has so
far shown little interest in getting involved in this matter.
This leaves consumers on their own. Sure enough, a countervailing force
has appeared: Travel agencies have begun to develop programs that continu-
ally watch for discount seats to appear and grab them for their customers.
The computers battle it out - and anyone without computer assistance is likely
to be left on the ground.
An old cartoon shows two people standing on the ground, luggage at their
feet, looking up at a plane. The words: "If God had meant us to fly, He
would have given us tickets." Perhaps today we should substitute "a PC"
for "tickets".
-- Jerry
The risks of risks and leverage
Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com>
Wed, 1 May 91 23:44 GMT
The article in today's Wall Street Journal on Prodigy's STAGE.DAT and
CACHE.DAT files makes it very obvious how central Risks (and similar
discussion groups and journals) have become in this society. Risks itself is
very widely read, published and cited. Other lists (e.g. Telecom digest) are
read at the agencies such as the FCC.
We are what we what are talking about. Not only in the MacLuhan sense of the
media being the message but also in a more literal sense. At one level we
look at examples of bad (and sometimes good) engineering and wonder about the
design decisions. Yet here we have an example of phenomena rather than
engineering. (Are 900 numbers a phenomena or did the implementors foresee
the implications?)
I don't know if the WSJ article was a direct result of Risks (or similar media)
but all this happened within a few days. A number of the most visible
reporters do read this digest and participate in the electronic media (emedia).
Among emedia, Risks is one of the more responsible. (What is the National
Enquirer of enews?) (Let's see how long it takes the terms "emedia" and "enews"
to become popular -- start tracking).
(Rereading this letter, I'm reminded of the old ads for the Hitchcock saying
"The Birds is coming")
[Larry and his brother (Moe?) ...]
Free Speech and Government Control of Information
Jerry Leichter <leichter@lrw.com>
Thu, 2 May 91 11:22:27 EDT
In RISKS-11.54, Larry Hunter responds to my article on control of information. His article provides examples of exactly the kinds of limited approaches that I was trying to get beyond. There are two basic areas in which we differ. First, Hunter believes I'm attempting to prescribe appropriate actions. If I gave this impression, let me correct it: I'm trying to PREDICT. My claim is not that stricter controls are a good idea. Rather, I suggest that they are an inevitable result of the direction in which our technologies are headed. (There's certainly room for a good deal of debate about "technological determinism" here. It's not that I don't believe that alternative paths are POSSIBLE; I'm just projecting what I think is by far the most likely path.) The second issue grows from the first, and Hunter's view of how the fundamental laws of our society are determined. To state it starkly: If "society" comes to believe that government controls on information are necessary, will constitutional limitations still prevent them from coming into being? Hunter believes so; I think he's being naive. The Constitution protects "speech", "religion", "the press". It never defines any of these terms; case law does. We think we know what they mean, and that the "clear meaning" will not change, but history makes it clear that these terms are quite malleable. The authors of the Constitution were mainly thinking of political speech when they wrote (though claiming that it's only political speech they intended to protect is a much different, and probably indefensible, claim). They probably thought they were protecting the right to choose one's religion, most likely so long as it was some variation of Christianity (or maybe Judaism); they were probably not thinking of a right to choose no religion at all. Curiously, their view of "the press" was probably broader than that of most people today, as "pamphleteers" were important contributers to public debate. Over the years, we've come to construe these terms in very different ways. I very much doubt any of the constitutional authors would have found even comprehensible the argument that a striptease was deserving of First Amendment protection as "symbolic speech". We've chosen to define that "in", just as we've chosen to protect atheism under "freedom of religion". On the other hand, we have also chosen to leave certain things OUT of our definitions. Television news isn't quite "the press", and is subject to FCC regulation. Freedom of religion doesn't protect Christian Scientists from child abuse claims when they refuse medical treatment for their children. Note that we don't need a constitutional amendment to effectively change the definitions of crucial terms in the Constitution - all we need is a majority of the Supreme Court. Hunter's examples - conspiracies, slander, copyright violations, and reckless endangerment, commercial speech - all illustrate "speech" that we have chosen, as a society acting through our legal system, to leave out of the definition of that single, simple word in the Constitution. This is a subtle process, and much of it is surprisingly recent: The reckless endangerment exception - the famous "shouting fire in a crowded theatre" - comes, if I recall, from an opinion by Justice Holmes, which puts it early in this century. I don't know how far back the "commercial speech" exception goes, but note that there have been a number of important decisions defining the bounds of that exception in the last 15 years. (The whole reason the commercial speech exception exists is to curb the unfairly loud voice that rich corporations have, given today's media. Before mass marketing, there was little reason to create such an exception, and in fact the traditional concept of "seller's talk" - which basically said "you can't rely on what a salesman tells you (since we all know they exagerate)" - created an area in which "commercial" speech was particularly free.) Historically, the courts have even been quite prepared to make distinctions based on communications media: Peeking through the keyhole requires a warrant but tapping a phone line - well, we needed to pass a special law for that one. Why else is Lawrence Tribe now suggesting a constitutional amendment on just this matter? So: I see little reason to suppose that the courts will blindly accept that all computerized information is "speech", if society decides that some limitations on it are necessary. In the past, we've generally been able to draw the line between things or acts and information - "mere speech": The First Amendment protects your right to publish instructions for building bombs, so we draw the line at the materials you need. In the information age, this line becomes fuzzy. For export, a description of DES is OK, a chip implementing it is not. How about a good software implementation? Should a computer virus - simultaneously speech (pure information) and a potentially dangerous "thing" - be freely publishable? Let me give a non-computer example of the kind of problem we will face: Mr. M is a numerologist and conspiracy theorist. He believes that he can track down conspiracies in the world by examining various numerical data related to people. He starts a magazine, OutNumber, in which he regularly publishes any numbers he can find concerning (mainly) the rich and powerful. Mr. M has a following, and he has money to pay for tips, so he has no problem finding all sorts of interesting numbers concerning people. Soon he is publishing people's charge account numbers, checking account numbers, PIN's, private telephone numbers, cellular phone numbers, and so on. At no time is there any question of Mr. M's involvement in any attempt to use this data for fraudulent purposes - he is sincerely interested only in his numerological research. OutNumber, and Mr. M, are probably protected under the Constitution as we currently construe it. My question is, should they be? Do you think there's really a social concensus that it's essential to protect the ravings of a Mr. M, even in the face of (let us imagine) clear evidence of massive fraud by OutNumber readers against those "profiled" in the magazine? How long do you think the courts will stand up in the face of a new concensus that says, hey, get rid of this guy? Finally, Hunter responds to my suggestion of some fiction stories with readings on political theory. I have no problem with this. The reason I suggest fiction is that social concensus, and ultimately law, grow as much out of the gut as out of the head. Good fiction lets you explore your own gut feelings. Along those lines, let me suggest Jack McDevitt's "The Hercules Text", which raises the question of whether some information might be so dangerous that one might feel morally compelled to supress it. Also, Fred Hoyle's classic "A For Andromeda" demonstrates how one can wage interstellar war by sending "mere information". (The equally good sequel, "Andromeda Breakthrough", turns the discussion in a different direction, but the point remains.) Since my first posting, I've found my copy of Asimov's "Earth Is Room Enough". It was first published in 1957, and story I cited is, indeed, called "The Dead Past". Since a summary would destroy the "gut" impact that makes me recommend the story to begin with, I still leave to readers the pleasure of the original. (I'll relent if sufficiently pressed.) -- Jerry
Re: Four-digit address causes NYC death (Nilges, RISKS-11.55)
Flint Pellett <flint@gistdev.gist.com>
1 May 91 16:50:25 GMT
One poster suggested a more limited set of operations, as in spreadsheets, rather than what you have in "powerful" languages: I don't follow this at all, since 1) I you can set your column width to 4 characters in the spreadsheet and get the same sort of problem, 2) the collection of books I have on Quattro use are about 3 times as thick as any other book I have on any of several programming languages: if anything, a lot of spreadsheets are a lot more likely to cause problems due to being complex than the programming languages are. Dynamic field lengths supported by languages aren't going to prevent this type of problem, because your screen displays are still a finite size, and operating system utilities that have various fixed limits still abound. (Ever try to work with files that have 2000 characters in the file name in UNIX, and figure out what things handle them and what ones don't?) Availability of more powerful ways to control screen real estate (like the ability to put up a scroll-bar that would let you scroll thru the file name looking at 80 characters of the 2000 at a time) are a first step, but even if every variable had infinite length and the only way you could display it was using a scrollable method, you'd still have problems: now you have something so complex a human can't digest it or remember it or deal with it. 5 Digit addresses may be the same thing: maybe the problem there is that someone should have created addresses with no more than 4 digits in the first place. It reminds me of people who put 2000 different files into one directory, rather than organizing that directory into several lower level directories: why didn't someone organize the hierarchy of addresses so that they had groupings (towns, precincts, whatever) in which the addresses were kept smaller? By the time you let things grow to where you have 1000001 Fifth Ave and 100001 Fifth Ave (did you notice those aren't the same address!?) it isn't the computers causing the problem. Flint Pellett, Global Information Systems Technology, Inc. 1800 Woodfield Drive, Savoy, IL 61874 217-352-1165 uunet!gistdev!flint flint@gistdev.gist.com
Four Digit Addresses in NYC
Ed Ravin <eravin@panix.UUCP>
Wed, 1 May 91 12:31:18 EDT
I can't believe this one -- large sections of Queens have addresses along the lines of XXX-YY, where XXX is the number of the cross street, and YY is the address unique only within that block. For example, if you lived on 89th Avenue in the Jamaica section of Queens and the nearest numbered street was 169th Street, your address might be 169-25 89th Avenue. The house on the next block, near 170th Street, could have an address 170-25. And so on. Although it's easy to see how an incompetent or poorly trained emergency operator could mix up one of these addresses that sound more like IBM error messages than places to live, I don't think it's possible that the computer system the operators and dispatchers use could have a fixed limitation to four digits on an address -- as you can see, the address above (and there are plenty like it in Jamaica and nearby) is six characters if you include the hyphen. Remember, the original posting came from a press report, where the reporter may well have just repeated without critical examination of what someone said, or mixed up what someone said. This kind of inaccuracy in reporting extends to all fields, not just technical. Ed Ravin cmcl2!panix!eravin philabs!trintex!elr +1 914 993 4737
Re: Four-digit address causes NYC death
Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com>
Wed, 1 May 91 16:02 GMT
Representation is a nontrivial issue. While it may be "obvious" that one should allow for five digit addresses, what about fractional addresses due to subdivided lots (how do you say "384 3/8e 1St SW" in ASCII, how does it sort?? Apartment addresses? Alternative addresses (6th Ave vs Avenue of the Americas)? Why not require full color graphics and then discover you can't present it on a belt-mounted radio? Then there are the problems of real design against performance and cost constraints? And design cycles that involve committees and 20 years of studiously ignoring technology change I'm more concerned with superhuman requirements and a "hang 'em by their thumbs" attitude discouraging attempts at system design. Safer to kill by omission than commission. While it is necessary to encourage and even enforce responsible system design, it is not magic. While much is made of better techniques for creating bug free systems through better technical tools, you can't anticipate all the quirks of mapping the design to the real world. I'm much more interested in the whole design cycle including reintegrating experience from the field. How does a fix like supporting 5 digit addresses get integrated back into the E911 system? How long does it take? At some point in a system's life cycle fixing bugs tends to increase the total number of bugs. What methodologies mitigate this problem and, in effect, continually refresh a system? Part of the problem is that engineering and learning does involve taking risks (as Petrovsky as noted in some of his books). Systems where risk is not allowed do not grow and refresh. At least not internally. (I better stop here, otherwise I'll get into a discussion of the dangers of military/government procurement vs comme rcial/academic experimentation).
Re: Hacking, Civil, and Criminal Law
Jim Giles <jlg@woodsy.lanl.gov>
Wed, 1 May 91 09:44:40 MDT
"Herman J. Woltring" <UGDIST@nici.kun.nl> writes:
> [...]
> If you open your vaults, dismiss the guards, turn off the alarm, and if your
> name is Dagobert Duck, you are equally liable for solliciting criminal
> behaviour as is #789-123 for committing a felony while he purloins your
> bullion. [...]
Not by the laws of any modern nation. What Mr. Woltring is saying is the
same as: "If a woman puts on a dress and walks into a bar, she's as guilty
of gang-rape as the men in the bar." To be sure, the bank manager who
dismisses the guards and the woman who enters the sleazy bar are negligent,
perhaps criminally so, but that doesn't mitigate the guilt of the robbers
or the rapists.
> [...] In my book, simplistic passwords, retaining known system passwords
> or not plugging known, remote-access loopholes are tantamount to the same.
To take Mr. Woltring's analogy between physical property and computer
networks into account, what are the analogous structures? Simplistic
passwords are analogous to easily picked locks, known system passwords:
emergency access doors, remote-access loopholes: loose boards in the
wall. Now, if I leave the door open, and you come in - you are _still_
guilty of trespass. If I lock the door and you come in, you are quilty
of breaking and entering. This is a much more serious crime than trespass
since the fact that you entered in spite of the lock shows intent. It doesn't
matter how easily the lock was to pick, the emergency exit to break, or the
loose board was to find, the fact of breaking through any of those shows
that you _intend_ to trespass.
The only difference between this and the computer network issue is that some
countries have not yet extended the laws of property to computational
facilities. In my book, breaking into a system that is guarded by passwords
should be criminal. I shouldn't matter how easy the passwords were to guess or
to crack. That is an issue of negligence on the the part of the authorized
users - it does not mitigate the guilt of the hacker that breaks in.
J. Giles
Research Project
<P.A.Taylor@edinburgh.ac.uk>
01 May 91 14:16:14 bst
I'm in the second year of a PhD which is looking at the rise of the computer security industry and the various groups which make up the "computer underground" or whatever term should be used. There are two questionnaires I've been using in the research. The first is a very short yes/no type one, designed to produce a data-base of raw statistical information. The second gives a lot more room for opinions and if the respondents are amenable could form the basis of e-mail discussions/ interviews. If you would like to help in the research then please drop me a line. ALL RESPONSES WILL BE TREATED IN TOTAL CONFIDENCE, THE WORK IS FOR SOLELY ACADEMIC PURPOSES. A FULL ANALYSIS OF RESULTS WILL BE MADE AVAILABLE TO ANYONE WHO IS INTERESTED. Verification of my academic status can be sought from my main supervisor Dr. R. Williams, Director of the Research Centre for Social Sciences, here at Edinburgh University, at the same e-mail site as myself. Paul A. Taylor, Depts of Economics and Politics, Edinburgh University.
Larry Hirschhorn, Beyond Mechanization, MIT Press, 1984.
Phil Agre <phila@cogs.sussex.ac.uk>
Tue, 30 Apr 91 14:56:36 +0100
Larry Hirschhorn, {\em Beyond Mechanization: Work and Technology in a
Postindustrial Age}, Cambridge: MIT Press, 1984.
This is an extremely relevant book that I don't recall seeing mentioned on
RISKS before. It's by a management professor, about the new styles of work
that are required by new market structures and by the risks inherent in
feedback-based technologies. Here are some quotes about RISKS:
We see that watchfulness and attention must be mobilized, because
cybernetic-automatic systems introduce new and unexpected ways of failing.
Work takes on a new meaning in this context. ... in cybernetic systems
machines and workers complement each other with respect to a typology of
errors: machines control expected or `first-order' errors, while workers
control unanticipated or `second-order' errors (page 72).
If, as I believe to be the case, error is inevitable in automatic systems---if
there are always to be modes of failure that cannot be automatically regulated
by feedback-based controls---then learning must be instituted in order to
prepare workers for intervening in moments of unexpected systematic failure.
Failure, in turn, is a specific example of discontinuity and developmental
change. Thus we could define postindustrial work as management at the
boundaries of systems and physical realities. Historically, we would then see
the worker moving from being the controlled element in the production process
to operating the controls to controlling the controls (page 73).
We can find an analogy in daily life. A young child, learning to walk,
constantly trips over her own feet. Once she has mastered walking, she may
still hurt herself; indeed, because she has mastered walking, she enters new
environments that strain her skill in new ways. Each increase in
self-regulating capacity is matched by a new context that stretches the newly
developed capacity to new limits. Thus the system, always functioning at its
limits, is always vulnerable to failure (pages 82-83).
The new technologies do not constrain social life and reduce everything to a
formula. On the contrary, they demand that we develop a culture of learning,
an appreciation of emergent phenomena, an understanding of tacit knowledge, a
feeling for interpersonal processes, and an appreciation of our organizational
design choices. It is paradoxical but true that even as we are developing the
most advanced, mathematical, and abstract technologies, we must depend
increasingly on informal modes of learning, design, and communication (page
169).
2nd PDCS Open Workshop, Newcastle/Tyne - 28-30 May 1991.
Nick Cook <Nick.Cook@newcastle.ac.uk>
Mon, 29 Apr 91 12:34:24 BST
ESPRIT BASIC RESEARCH ACTION 3092
PREDICTABLY DEPENDABLE COMPUTING SYSTEMS (PDCS)
ANNOUNCEMENT - 2ND PDCS OPEN WORKSHOP
(WORKSHOP PROGRAMME INCLUDED)
28-30 MAY 1991
THE COPTHORNE HOTEL, THE QUAYSIDE, NEWCASTLE UPON TYNE, UK
The Workshop Programme, details of venue etc., Registration Form and PDCS
Project Synopsis follow.
There are still places at the Workshop and there is still time to register for
a place. So if you wish to be considered for a place, or have any queries,
simply contact me for registration form, information, etc. (by s-mail, email,
phone or fax - details below).
Nick Cook, Administrative Coordinator, PDCS
The Computing Laboratory, The University,
Newcastle upon Tyne NE1 7RU, UK Tel: +44-91-222-7827 Fax: +44-91-222-8232
Email: Nick.Cook@newcastle.ac.uk
--------------WORKSHOP PROGRAMME---------------------------------
2ND PDCS OPEN WORKSHOP, 28-30 MAY, 1991
THE COPTHORNE HOTEL, QUAYSIDE
NEWCASTLE UPON TYNE
The Workshop will be based on presentations from PDCS grouped under eight
subject headings pl.us about ten demonstrations. The final session of the
Workshop, Assessment of Very High Dependability Software, will include
prepared responses from two guest speakers.
The presentation sessions will be introduced by a moderator, who will also
conduct the discussions that follow. They will be held in series and consist of
a number of talks from PDCS covering: Dependability Requirements, Fault
Tolerance, Real-Time Issues, Proving and Testing, Software Engineering
Environments, Security, Evaluation and Ultra-high Dependability.
Demonstrations currently planned are: Paralex (Universita' Bologna),
Recalibrating Software Reliability Models (City University), Authentication -
secure LAN (EISS/Universitaet Karlsruhe), Statistical Testing and SOREL
(LAAS-CNRS), Tool for Relating Dependability Requirements to Organisational
Structure and a demonstration based on the Laboratory's train-set (as seen at
FTCS-20) (University of Newcastle upon Tyne), Design Environment for Real-Time
Systems and a video presentation of rolling ball experiment (Technische
Universitaet Wien), Z-checking (University of York).
In addition to the main Workshop business there will be a reception by the Lord
Mayor of Newcastle at 18.00 on Tuesday and a banquet dinner at approx. 20.00
on Wednesday (leaving Newcastle at 18.45).
The full, preliminary, programme is given on the following pages. Please note:
some details are not available yet, such as exact session/presentation titles,
and will change before the Workshop. However, all the subject areas indicated
will be covered. Also, at this stage the timings are given as indicators of
session/presentation length only and are liable to change.
TUESDAY 28 MAY 1991
10.30-11.15 Welcome address and Overview of PDCS and the Workshop
- Brian Randell, University of Newcastle upon Tyne
11.15-12.00 DEPENDABILITY REQUIREMENTS
Moderator: Brian Randell, University of Newcastle upon Tyne
Presentations and speakers:
11.15-11.45 Frameworks for expressing non-functional requirements
- John McDermid, University of York
11.45-12.00 Discussion conducted by the moderator
13.30-15.30 METHODS AND PARADIGMS FOR FAULT-TOLERANT SYSTEM DESIGN
Moderator: Jean Arlat, LAAS-CNRS
Presentations and speakers:
13.30-14.00 Fault Assumptions and Assumption Coverage - David Powell,
LAAS-CNRS
14.00-14.30 Structuring Fault Tolerance in Software Design
- Lorenzo Strigini, IEI del CNR
14.30-15.00 Frameworks for Fault Tolerance - Tom Anderson,
University of Newcastle upon Tyne
15.00-15.30 Discussion conducted by the moderator
15.45-17.25 REAL-TIME ISSUES
Moderator: Luca Simoncini, Universita' di Pisa
Presentations and speakers:
15.45-16.25 Time Triggered Architectures - Hermann Kopetz and
Peter Puschner, Technische Universitaet Wien
16.25-16.55 Predictability and Flexibility in Hard Real-Time Systems
- Alan Burns, University of York
16.55-17.25 Discussion conducted by the moderator
18.00 Reception by the Lord Mayor of Newcastle upon Tyne
at the Civic Centre
WEDNESDAY 29 MAY 1991
08.45-10.15 PROVING AND TESTING
Moderator: Norman Fenton, City University
Speakers:
08.45-09.15 Marie-Claude Gaudel, LRI-Universite de Paris Sud et CNRS
09.15-09.45 Pascale Thevenod-Fosse, LAAS-CNRS
09.45-10.15 Discussion conducted by the moderator
10.30-12.00 SOFTWARE ENGINEERING ENVIRONMENTS
Moderator: Santosh Shrivastava,
University of Newcastle upon Tyne
Presentations and speakers:
10.30-11.00 An Engineering Approach to Hard Real-Time System Design
- Ralph Zainlinger, Technische Universitaet Wien
11.00-11.30 Paralex: An Environment for Parallel Programming in
Distributed Systems - Ozalp Babaoglu,
Universita' di Bologna
11.30-12.00 Discussion conducted by the moderator
13.00-13.30 Buses (or walk) to Computing Laboratory for Demonstrations
13.30-18.00 DEMONSTRATIONS IN COMPUTING LABORATORY
Including in groups of 3 (exact arrangements to be
determined):
Paralex (Universita' Bologna)
Recalibrating Software Reliability Models (City University)
Authentication - secure LAN (EISS/Universitaet Karlsruhe)
Statistical Testing and SOREL (LAAS-CNRS)
Tool for Relating Dependability Requirements to
Organisational Structure and a demonstration based on
the Laboratory's train-set - as seen at FTCS-20
(University of Newcastle upon Tyne)
Design Environment for Real-Time Systems
and a video presentation of rolling ball experiment
(Technische Universitaet Wien)
Z-checking (University of York).
18.45 Buses leave for Banquet at Redworth Hall, County Durham
THURSDAY 30 MAY 1991
08.45-10.15 SECURITY
Moderator: John Dobson, University of Newcastle upon Tyne
Speakers:
08.45-09.15 Yves Deswarte, LAAS-CNRS
09.15-09.45 Dieter Gollmann, EISS/Universitaet Karlsruhe
09.45-10.15 Discussion conducted by the moderator
10.30-12.00 EVALUATION
Moderator: Pierre-Jacques Courtois, Philips Research
Laboratory Brussels
or Isi Mitrani, University of Newcastle upon Tyne
Presentations and speakers:
10.30-11.00 Analysis of Software Failure Data - Sarah Brocklehurst,
City University and Karama Kanoun, LAAS-CNRS
11.00-11.15 Discussion conducted by the moderator
11.15-11.45 Towards Cost Models for Security Evaluation
- Bev Littlewood, City University
and John McDermid, University of York
11.45-12.00 Discussion conducted by the moderator
13.30-15.40 ASSESSMENT OF VERY HIGH DEPENDABILITY SOFTWARE
Moderator: Alain Costes LAAS-CNRS
Speakers:
13.30-14.00 Jean-Claude Laprie, LAAS-CNRS
14.00-14.30 Bev Littlewood, City University
Discussants responding to presentations:
14.30-14.50 John Meyer, University of Michigan
14.50-15.10 Martyn Thomas, PRAXIS plc
15.10-15.40 Discussion conducted by the moderator
15.40 Closing address - Brian Randell,
University of Newcastle upon Tyne
Mr Nick Cook, Administrative Co-ordinator, PDCS
The Computing Laboratory, The University,
Newcastle upon Tyne NE1 7RU, UK
Tel: +44-91-222-7827
Fax: +44-91-222-8232
Email: Nick.Cook@newcastle.ac.uk
Report problems with the web pages to the maintainer