# Forum on Risks to the Public in Computers and Related Systems

## Contents

Battle of the computers
Jerry Leichter
The risks of risks and leverage
Bob Frankston
Free Speech and Government Control of Information
Jerry Leichter
Re: Four-digit address causes NYC death
Flint Pellett
Ed Ravin
Bob Frankston
Re: Hacking, Civil, and Criminal Law
Jim Giles
Research Project [call for guinea pigs]
P.A.Taylor
Larry Hirschhorn, Beyond Mechanization, MIT Press, 1984 Phil Agre)
2nd PDCS Open Workshop, Newcastle/Tyne - 28-30 May 1991
Nick Cook
Info on RISKS (comp.risks)

### Battle of the computers

Jerry Leichter <leichter@lrw.com>
Thu, 2 May 91 11:39:43 EDT
As some players in the economy use massive computation to improve their
position, will those without access to such resources be left behind?  This
issue has arisen in the past in discussions of program trading in the stock
market.  About two weeks ago, in an article in the New York Times that I
forgot to clip, an interesting new example came to light.

It seems that airlines are making heavy use of "load management" software.
An airline wants to fill as many seats on each flight as possible with
passengers paying full fare.  However, if there are any seats left over,
it is better to fill them with people flying at a discount than to leave
them empty, as the incremental cost of flying the extra passengers is
essentially nil.

In the past, airlines have had to guess how many seats on each flight to
make available at a discount.  These days, they have enormous amounts of
data on the past history of all their flights.  Further, they have the
computational capacity to do an essentially continuous recomputation of
the optimal number of seats to offer at a discount.  The result is that,
on the "desireable" flights - late Friday afternoon, for example - it's
extremely difficult to get a discount seat.  On Saturday, on the other hand,
discount seats are usually no problem.  The techniques involved have proved
very effective - studies show that for many airlines such load management
makes the difference between profit and loss.

Many state regulators see this as a "bait and switch" by the airlines - they
advertise seats that are simply not available to most of their customers.  One
side-effect of airline deregulation, however, was to make the airlines just
about totally immune to state regulations, and the Federal government has so
far shown little interest in getting involved in this matter.

This leaves consumers on their own.  Sure enough, a countervailing force
has appeared:  Travel agencies have begun to develop programs that continu-
ally watch for discount seats to appear and grab them for their customers.
The computers battle it out - and anyone without computer assistance is likely
to be left on the ground.

An old cartoon shows two people standing on the ground, luggage at their
feet, looking up at a plane.  The words:  "If God had meant us to fly, He
would have given us tickets."  Perhaps today we should substitute "a PC"
for "tickets".
— Jerry



### The risks of risks and leverage

Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com>
Wed, 1 May 91 23:44 GMT
The article in today's Wall Street Journal on Prodigy's STAGE.DAT and
CACHE.DAT files makes it very obvious how central Risks (and similar
discussion groups and journals) have become in this society.  Risks itself is
very widely read, published and cited.  Other lists (e.g. Telecom digest) are
read at the agencies such as the FCC.

We are what we what are talking about.  Not only in the MacLuhan sense of the
media being the message but also in a more literal sense.  At one level we
look at examples of bad (and sometimes good) engineering and wonder about the
design decisions.  Yet here we have an example of phenomena rather than
engineering.  (Are 900 numbers a phenomena or did the implementors foresee
the implications?)

I don't know if the WSJ article was a direct result of Risks (or similar media)
but all this happened within a few days.  A number of the most visible
reporters do read this digest and participate in the electronic media (emedia).
Among emedia, Risks is one of the more responsible.  (What is the National
Enquirer of enews?) (Let's see how long it takes the terms "emedia" and "enews"
to become popular — start tracking).

(Rereading this letter, I'm reminded of the old ads for the Hitchcock saying
"The Birds is coming")
[Larry and his brother (Moe?) ...]



### Free Speech and Government Control of Information

Jerry Leichter <leichter@lrw.com>
Thu, 2 May 91 11:22:27 EDT
In RISKS-11.54, Larry Hunter responds to my article on control of information.
His article provides examples of exactly the kinds of limited approaches that
I was trying to get beyond.

There are two basic areas in which we differ.  First, Hunter believes I'm
attempting to prescribe appropriate actions.  If I gave this impression, let
me correct it:  I'm trying to PREDICT.  My claim is not that stricter controls
are a good idea.  Rather, I suggest that they are an inevitable result of the
direction in which our technologies are headed.  (There's certainly room for a
good deal of debate about "technological determinism" here.  It's not that I
don't believe that alternative paths are POSSIBLE; I'm just projecting what I
think is by far the most likely path.)

The second issue grows from the first, and Hunter's view of how the fundamental
laws of our society are determined.  To state it starkly: If "society" comes to
believe that government controls on information are necessary, will
constitutional limitations still prevent them from coming into being?  Hunter
believes so; I think he's being naive.

The Constitution protects "speech", "religion", "the press".  It never defines
any of these terms; case law does.  We think we know what they mean, and that
the "clear meaning" will not change, but history makes it clear that these
terms are quite malleable.  The authors of the Constitution were mainly
thinking of political speech when they wrote (though claiming that it's only
political speech they intended to protect is a much different, and probably
indefensible, claim).  They probably thought they were protecting the right to
choose one's religion, most likely so long as it was some variation of
Christianity (or maybe Judaism); they were probably not thinking of a right to
choose no religion at all.  Curiously, their view of "the press" was probably
broader than that of most people today, as "pamphleteers" were important
contributers to public debate.

Over the years, we've come to construe these terms in very different ways.  I
very much doubt any of the constitutional authors would have found even
comprehensible the argument that a striptease was deserving of First Amendment
protection as "symbolic speech".  We've chosen to define that "in", just as
we've chosen to protect atheism under "freedom of religion".

On the other hand, we have also chosen to leave certain things OUT of our
definitions.  Television news isn't quite "the press", and is subject to
FCC regulation.  Freedom of religion doesn't protect Christian Scientists
from child abuse claims when they refuse medical treatment for their children.
Note that we don't need a constitutional amendment to effectively change the
definitions of crucial terms in the Constitution - all we need is a majority
of the Supreme Court.

Hunter's examples - conspiracies, slander, copyright violations, and reckless
endangerment, commercial speech - all illustrate "speech" that we have chosen,
as a society acting through our legal system, to leave out of the definition of
that single, simple word in the Constitution.  This is a subtle process, and
much of it is surprisingly recent: The reckless endangerment exception - the
famous "shouting fire in a crowded theatre" - comes, if I recall, from an
opinion by Justice Holmes, which puts it early in this century.  I don't know
how far back the "commercial speech" exception goes, but note that there have
been a number of important decisions defining the bounds of that exception in
the last 15 years.  (The whole reason the commercial speech exception exists is
to curb the unfairly loud voice that rich corporations have, given today's
media.  Before mass marketing, there was little reason to create such an
exception, and in fact the traditional concept of "seller's talk" - which
basically said "you can't rely on what a salesman tells you (since we all know
they exagerate)" - created an area in which "commercial" speech was
particularly free.)

Historically, the courts have even been quite prepared to make distinctions
based on communications media:  Peeking through the keyhole requires a warrant
but tapping a phone line - well, we needed to pass a special law for that one.
Why else is Lawrence Tribe now suggesting a constitutional amendment on just
this matter?

So:  I see little reason to suppose that the courts will blindly accept
that all computerized information is "speech", if society decides that some
limitations on it are necessary.

In the past, we've generally been able to draw the line between things or acts
and information - "mere speech": The First Amendment protects your right to
publish instructions for building bombs, so we draw the line at the materials
you need.  In the information age, this line becomes fuzzy.  For export, a
description of DES is OK, a chip implementing it is not.  How about a good
software implementation?  Should a computer virus - simultaneously speech (pure
information) and a potentially dangerous "thing" - be freely publishable?

Let me give a non-computer example of the kind of problem we will face:  Mr. M
is a numerologist and conspiracy theorist.  He believes that he can track down
conspiracies in the world by examining various numerical data related to
people.  He starts a magazine, OutNumber, in which he regularly publishes any
numbers he can find concerning (mainly) the rich and powerful.  Mr. M has a
following, and he has money to pay for tips, so he has no problem finding all
sorts of interesting numbers concerning people.  Soon he is publishing
people's charge account numbers, checking account numbers, PIN's, private
telephone numbers, cellular phone numbers, and so on.  At no time is there any
question of Mr. M's involvement in any attempt to use this data for fraudulent
purposes - he is sincerely interested only in his numerological research.

OutNumber, and Mr. M, are probably protected under the Constitution as we
currently construe it.  My question is, should they be?  Do you think there's
really a social concensus that it's essential to protect the ravings of a Mr.
M, even in the face of (let us imagine) clear evidence of massive fraud by
OutNumber readers against those "profiled" in the magazine?  How long do you
think the courts will stand up in the face of a new concensus that says, hey,
get rid of this guy?

Finally, Hunter responds to my suggestion of some fiction stories with
readings on political theory.  I have no problem with this.  The reason I
suggest fiction is that social concensus, and ultimately law, grow as much
out of the gut as out of the head.  Good fiction lets you explore your own
gut feelings.

Along those lines, let me suggest Jack McDevitt's "The Hercules Text", which
raises the question of whether some information might be so dangerous that one
might feel morally compelled to supress it.   Also, Fred Hoyle's classic "A
For Andromeda" demonstrates how one can wage interstellar war by sending "mere
information".  (The equally good sequel, "Andromeda Breakthrough", turns the
discussion in a different direction, but the point remains.)

Since my first posting, I've found my copy of Asimov's "Earth Is Room Enough".
It was first published in 1957, and story I cited is, indeed, called "The Dead
Past".  Since a summary would destroy the "gut" impact that makes me recommend
the story to begin with, I still leave to readers the pleasure of the original.
(I'll relent if sufficiently pressed.)
— Jerry



### Re: Four-digit address causes NYC death (Nilges, RISKS-11.55)

Flint Pellett <flint@gistdev.gist.com>
1 May 91 16:50:25 GMT
One poster suggested a more limited set of operations, as in spreadsheets,
rather than what you have in "powerful" languages: I don't follow this at all,
since 1) I you can set your column width to 4 characters in the spreadsheet and
get the same sort of problem, 2) the collection of books I have on Quattro use
are about 3 times as thick as any other book I have on any of several
programming languages: if anything, a lot of spreadsheets are a lot more likely
to cause problems due to being complex than the programming languages are.

Dynamic field lengths supported by languages aren't going to prevent this type
of problem, because your screen displays are still a finite size, and operating
system utilities that have various fixed limits still abound.  (Ever try to
work with files that have 2000 characters in the file name in UNIX, and figure
out what things handle them and what ones don't?)  Availability of more
powerful ways to control screen real estate (like the ability to put up a
scroll-bar that would let you scroll thru the file name looking at 80
characters of the 2000 at a time) are a first step, but even if every variable
had infinite length and the only way you could display it was using a
scrollable method, you'd still have problems: now you have something so complex
a human can't digest it or remember it or deal with it.  5 Digit addresses may
be the same thing: maybe the problem there is that someone should have created
addresses with no more than 4 digits in the first place.  It reminds me of
people who put 2000 different files into one directory, rather than organizing
that directory into several lower level directories: why didn't someone
precincts, whatever) in which the addresses were kept smaller?  By the time you
let things grow to where you have 1000001 Fifth Ave and 100001 Fifth Ave (did
you notice those aren't the same address!?) it isn't the computers causing the
problem.

Flint Pellett, Global Information Systems Technology, Inc.  1800 Woodfield
Drive, Savoy, IL 61874 217-352-1165 uunet!gistdev!flint flint@gistdev.gist.com



### Four Digit Addresses in NYC

Ed Ravin <eravin@panix.UUCP>
Wed, 1 May 91 12:31:18 EDT
I can't believe this one — large sections of Queens have addresses along
the lines of XXX-YY, where XXX is the number of the cross street, and YY is
the address unique only within that block.  For example, if you lived on
89th Avenue in the Jamaica section of Queens and the nearest numbered
street was 169th Street, your address might be 169-25 89th Avenue.  The
house on the next block, near 170th Street, could have an address 170-25.
And so on.  Although it's easy to see how an incompetent or poorly trained
emergency operator could mix up one of these addresses that sound more like
IBM error messages than places to live, I don't think it's possible that
the computer system the operators and dispatchers use could have a fixed
limitation to four digits on an address — as you can see, the address above
(and there are plenty like it in Jamaica and nearby) is six characters if
you include the hyphen.

Remember, the original posting came from a press report, where the reporter may
well have just repeated without critical examination of what someone said, or
mixed up what someone said.  This kind of inaccuracy in reporting extends to
all fields, not just technical.

Ed Ravin    cmcl2!panix!eravin    philabs!trintex!elr   +1 914 993 4737



### Re: Four-digit address causes NYC death

Bob Frankston <Bob_Frankston%Slate_Corporation@mcimail.com>
Wed, 1 May 91 16:02 GMT
Representation is a nontrivial issue.  While it may be "obvious" that one
subdivided lots (how do you say "384 3/8e 1St SW" in ASCII, how does it
Americas)?  Why not require full color graphics and then discover you can't
present it on a belt-mounted radio?

Then there are the problems of real design against performance and cost
constraints?  And design cycles that involve committees and 20 years of
studiously ignoring technology change

I'm more concerned with superhuman requirements and a "hang 'em by their
thumbs" attitude discouraging attempts at system design.  Safer to kill by
omission than commission.  While it is necessary to encourage and even enforce
responsible system design, it is not magic.

While much is made of better techniques for creating bug free systems through
better technical tools, you can't anticipate all the quirks of mapping the
design to the real world.  I'm much more interested in the whole design cycle
including reintegrating experience from the field.  How does a fix like
supporting 5 digit addresses get integrated back into the E911 system?  How
long does it take?

At some point in a system's life cycle fixing bugs tends to increase the total
number of bugs.  What methodologies mitigate this problem and, in effect,
continually refresh a system?  Part of the problem is that engineering and
learning does involve taking risks (as Petrovsky as noted in some of his
books).  Systems where risk is not allowed do not grow and refresh.  At least
not internally.  (I better stop here, otherwise I'll get into a discussion of
the dangers of military/government procurement vs comme rcial/academic
experimentation).



### Re: Hacking, Civil, and Criminal Law

Jim Giles <jlg@woodsy.lanl.gov>
Wed, 1 May 91 09:44:40 MDT
"Herman J. Woltring" <UGDIST@nici.kun.nl> writes:
> [...]
> If you open your vaults, dismiss the guards, turn off the alarm, and if your
> name is Dagobert Duck, you are equally liable for solliciting criminal
> behaviour as is #789-123 for committing a felony while he purloins your
> bullion.  [...]

Not by the laws of any modern nation.  What Mr. Woltring is saying is the
same as: "If a woman puts on a dress and walks into a bar, she's as guilty
of gang-rape as the men in the bar."  To be sure, the bank manager who
dismisses the guards and the woman who enters the sleazy bar are negligent,
perhaps criminally so, but that doesn't mitigate the guilt of the robbers
or the rapists.

> or not plugging known, remote-access loopholes are tantamount to the same.

To take Mr. Woltring's analogy between physical property and computer
networks into account, what are the analogous structures?  Simplistic
emergency access doors, remote-access loopholes: loose boards in the
wall.  Now, if I leave the door open, and you come in - you are _still_
guilty of trespass.  If I lock the door and you come in, you are quilty
of breaking and entering.  This is a much more serious crime than trespass
since the fact that you entered in spite of the lock shows intent.  It doesn't
matter how easily the lock was to pick, the emergency exit to break, or the
loose board was to find, the fact of breaking through any of those shows
that you _intend_ to trespass.

The only difference between this and the computer network issue is that some
countries have not yet extended the laws of property to computational
facilities.  In my book, breaking into a system that is guarded by passwords
should be criminal.  I shouldn't matter how easy the passwords were to guess or
to crack.  That is an issue of negligence on the the part of the authorized
users - it does not mitigate the guilt of the hacker that breaks in.
J. Giles



### Research Project

<P.A.Taylor@edinburgh.ac.uk>
01 May 91 14:16:14 bst
I'm in the second year of a PhD which is looking at the rise of the computer
security industry and the various groups which make up the "computer
underground" or whatever term should be used.

There are two questionnaires I've been using in the research. The first is
a very short yes/no type one, designed to produce a data-base of raw
statistical information. The second gives a lot more room for opinions and if
the respondents are amenable could form the basis of e-mail discussions/
interviews.

If you would like to help in the research then please drop me a line.

ALL RESPONSES WILL BE TREATED IN TOTAL CONFIDENCE, THE WORK IS FOR SOLELY
ACADEMIC PURPOSES. A FULL ANALYSIS OF RESULTS WILL BE MADE AVAILABLE TO
ANYONE WHO IS INTERESTED.

Verification of my academic status can be sought from my main supervisor Dr. R.
Williams, Director of the Research Centre for Social Sciences, here at
Edinburgh University, at the same e-mail site as myself.

Paul A. Taylor, Depts of Economics and Politics, Edinburgh University.



### Larry Hirschhorn, Beyond Mechanization, MIT Press, 1984.

Phil Agre <phila@cogs.sussex.ac.uk>
Tue, 30 Apr 91 14:56:36 +0100
Larry Hirschhorn, {\em Beyond Mechanization: Work and Technology in a
Postindustrial Age}, Cambridge: MIT Press, 1984.

This is an extremely relevant book that I don't recall seeing mentioned on
RISKS before.  It's by a management professor, about the new styles of work
that are required by new market structures and by the risks inherent in
feedback-based technologies.  Here are some quotes about RISKS:

We see that watchfulness and attention must be mobilized, because
cybernetic-automatic systems introduce new and unexpected ways of failing.
Work takes on a new meaning in this context.  ... in cybernetic systems
machines and workers complement each other with respect to a typology of
errors: machines control expected or first-order' errors, while workers
control unanticipated or second-order' errors (page 72).

If, as I believe to be the case, error is inevitable in automatic systems---if
there are always to be modes of failure that cannot be automatically regulated
by feedback-based controls---then learning must be instituted in order to
prepare workers for intervening in moments of unexpected systematic failure.
Failure, in turn, is a specific example of discontinuity and developmental
change.  Thus we could define postindustrial work as management at the
boundaries of systems and physical realities.  Historically, we would then see
the worker moving from being the controlled element in the production process
to operating the controls to controlling the controls (page 73).

We can find an analogy in daily life.  A young child, learning to walk,
constantly trips over her own feet.  Once she has mastered walking, she may
still hurt herself; indeed, because she has mastered walking, she enters new
environments that strain her skill in new ways.  Each increase in
self-regulating capacity is matched by a new context that stretches the newly
developed capacity to new limits.  Thus the system, always functioning at its
limits, is always vulnerable to failure (pages 82-83).

The new technologies do not constrain social life and reduce everything to a
formula.  On the contrary, they demand that we develop a culture of learning,
an appreciation of emergent phenomena, an understanding of tacit knowledge, a
feeling for interpersonal processes, and an appreciation of our organizational
design choices.  It is paradoxical but true that even as we are developing the
most advanced, mathematical, and abstract technologies, we must depend
increasingly on informal modes of learning, design, and communication (page
169).



### 2nd PDCS Open Workshop, Newcastle/Tyne - 28-30 May 1991.

Nick Cook <Nick.Cook@newcastle.ac.uk>
Mon, 29 Apr 91 12:34:24 BST
ESPRIT BASIC RESEARCH ACTION 3092
PREDICTABLY DEPENDABLE COMPUTING SYSTEMS (PDCS)
ANNOUNCEMENT - 2ND PDCS OPEN WORKSHOP
(WORKSHOP PROGRAMME INCLUDED)

28-30 MAY 1991
THE COPTHORNE HOTEL, THE QUAYSIDE, NEWCASTLE UPON TYNE, UK

The Workshop Programme, details of venue etc., Registration Form and PDCS
Project Synopsis follow.

There are still places at the Workshop and there is still time to register for
a place. So if you wish to be considered for a place, or have any queries,
simply contact me for registration form, information, etc. (by s-mail, email,
phone or fax - details below).

The Computing Laboratory, The University,
Newcastle upon Tyne NE1 7RU, UK Tel:    +44-91-222-7827 Fax:    +44-91-222-8232
Email:  Nick.Cook@newcastle.ac.uk

--------------WORKSHOP PROGRAMME---------------------------------
2ND PDCS OPEN WORKSHOP, 28-30 MAY, 1991

THE COPTHORNE HOTEL, QUAYSIDE
NEWCASTLE UPON TYNE

The Workshop will be based on presentations from PDCS grouped under eight
Workshop, Assessment of Very High Dependability Software, will include
prepared responses from two guest speakers.

The presentation sessions will be introduced by a moderator, who will also
conduct the discussions that follow. They will be held in series and consist of
a number of talks from PDCS covering: Dependability Requirements, Fault
Tolerance, Real-Time Issues, Proving and Testing, Software Engineering
Environments, Security, Evaluation and Ultra-high Dependability.

Demonstrations currently planned are: Paralex (Universita' Bologna),
Recalibrating Software Reliability Models (City University), Authentication -
secure LAN (EISS/Universitaet Karlsruhe), Statistical Testing and SOREL
(LAAS-CNRS), Tool for Relating Dependability Requirements to Organisational
Structure and a demonstration based on the Laboratory's train-set (as seen at
FTCS-20) (University of Newcastle upon Tyne), Design Environment for Real-Time
Systems and a video presentation of rolling ball experiment (Technische
Universitaet Wien), Z-checking (University of York).

In addition to the main Workshop business there will be a reception by the Lord
Mayor of Newcastle at 18.00 on Tuesday and a banquet dinner at approx.  20.00
on Wednesday (leaving Newcastle at 18.45).

The full, preliminary, programme is given on the following pages. Please note:
some details are not available yet, such as exact session/presentation titles,
and will change before the Workshop.  However, all the subject areas indicated
will be covered. Also, at this stage the timings are given as indicators of
session/presentation length only and are liable to change.

TUESDAY 28 MAY 1991

10.30-11.15 Welcome address  and Overview of PDCS and the Workshop
- Brian Randell, University of Newcastle upon Tyne

11.15-12.00 DEPENDABILITY REQUIREMENTS
Moderator: Brian Randell, University of Newcastle upon Tyne
Presentations and speakers:
11.15-11.45 Frameworks for expressing non-functional requirements
- John  McDermid, University of York
11.45-12.00 Discussion conducted by the moderator

13.30-15.30 METHODS AND PARADIGMS  FOR FAULT-TOLERANT SYSTEM DESIGN
Moderator: Jean Arlat, LAAS-CNRS
Presentations and speakers:
13.30-14.00 Fault Assumptions and Assumption Coverage - David Powell,
LAAS-CNRS
14.00-14.30 Structuring Fault Tolerance in Software Design
- Lorenzo Strigini, IEI del CNR
14.30-15.00 Frameworks for Fault Tolerance - Tom Anderson,
University of Newcastle upon Tyne
15.00-15.30 Discussion conducted by the moderator

15.45-17.25 REAL-TIME ISSUES
Moderator: Luca Simoncini, Universita' di Pisa
Presentations and speakers:
15.45-16.25 Time Triggered Architectures - Hermann Kopetz and
Peter Puschner, Technische Universitaet Wien
16.25-16.55 Predictability and Flexibility in Hard Real-Time Systems
- Alan Burns, University of York
16.55-17.25 Discussion conducted by the moderator

18.00       Reception by the Lord Mayor of Newcastle upon Tyne
at the Civic Centre

WEDNESDAY 29 MAY 1991

08.45-10.15 PROVING AND TESTING
Moderator: Norman Fenton, City University
Speakers:
08.45-09.15 Marie-Claude Gaudel, LRI-Universite de Paris Sud et CNRS
09.15-09.45 Pascale Thevenod-Fosse, LAAS-CNRS
09.45-10.15 Discussion conducted by the moderator

10.30-12.00 SOFTWARE ENGINEERING ENVIRONMENTS
Moderator: Santosh Shrivastava,
University of Newcastle upon Tyne
Presentations and speakers:
10.30-11.00 An Engineering Approach to Hard Real-Time System Design
- Ralph Zainlinger, Technische Universitaet Wien
11.00-11.30 Paralex: An Environment for Parallel Programming in
Distributed Systems - Ozalp Babaoglu,
Universita' di Bologna
11.30-12.00 Discussion conducted by the moderator

13.00-13.30 Buses (or walk) to Computing Laboratory for Demonstrations

13.30-18.00 DEMONSTRATIONS IN COMPUTING LABORATORY
Including in groups of 3 (exact arrangements to be
determined):
Paralex (Universita' Bologna)
Recalibrating Software Reliability Models (City University)
Authentication - secure LAN (EISS/Universitaet Karlsruhe)
Statistical Testing and SOREL (LAAS-CNRS)
Tool for Relating Dependability Requirements to
Organisational Structure  and a demonstration based on
the Laboratory's train-set - as seen at FTCS-20
(University of Newcastle upon Tyne)
Design Environment for Real-Time Systems
and a video presentation of rolling ball experiment
(Technische Universitaet Wien)
Z-checking (University of York).

18.45       Buses leave for Banquet at Redworth Hall, County Durham

THURSDAY 30 MAY 1991

08.45-10.15 SECURITY
Moderator: John Dobson, University of Newcastle upon Tyne
Speakers:
08.45-09.15 Yves Deswarte, LAAS-CNRS
09.15-09.45 Dieter Gollmann, EISS/Universitaet Karlsruhe
09.45-10.15 Discussion conducted by the moderator

10.30-12.00 EVALUATION
Moderator: Pierre-Jacques Courtois, Philips Research
Laboratory Brussels
or Isi Mitrani, University of Newcastle upon Tyne
Presentations and speakers:
10.30-11.00 Analysis of Software Failure Data - Sarah Brocklehurst,
City University and Karama Kanoun, LAAS-CNRS
11.00-11.15 Discussion conducted by the moderator
11.15-11.45 Towards Cost Models for Security Evaluation
- Bev Littlewood, City University
and John McDermid, University of York
11.45-12.00 Discussion conducted by the moderator

13.30-15.40 ASSESSMENT OF VERY HIGH DEPENDABILITY SOFTWARE
Moderator: Alain Costes LAAS-CNRS
Speakers:
13.30-14.00 Jean-Claude Laprie, LAAS-CNRS
14.00-14.30 Bev Littlewood, City University
Discussants responding to presentations:
14.30-14.50 John Meyer, University of Michigan
14.50-15.10 Martyn Thomas, PRAXIS plc
15.10-15.40 Discussion conducted by the moderator

15.40       Closing address - Brian Randell,
University of Newcastle upon Tyne

Mr Nick Cook, Administrative Co-ordinator, PDCS
The Computing Laboratory, The University,
Newcastle upon Tyne NE1 7RU, UK
Tel:    +44-91-222-7827
Fax:    +44-91-222-8232
Email:  Nick.Cook@newcastle.ac.uk



Please report problems with the web pages to the maintainer

Top