Charles P. Pfleeger

ASSIST-V: A tool for studying the implementation of operating systems

This paper describes a program called ASSIST-V which is designed to provide students and other researchers with an environment in which they may write and analyze operating systems for the IBM 360/370 series of machines. ASSIST-V is an extended version of a student-oriented assembler/interpreter called ASSIST. A user of ASSIST-V is presented with a machine which simulates the full set of S/360 machine instructions (including privileged instructions): the standard 360/370 interrupt structure, I/0 channels, and I/0 devices. Since the machine environment is simulated, ASSIST-V can provide debugging and statistics-gathering features not available on an actual “bare” machine.

Crypto: Not Just for the Defensive Team

Cryptography has long been a useful, important tool for defensive computer security. Increasingly, however, attackers are using cryptographic techniques for the same reason as the defenders: to protect codes confidentiality and integrity. But in this case, the code is malicious. This paper reviews uses of encryption by writers of malicious code, through some recent examples. Malicious-code writers are using state-of-the-art cryptography, just as commercial security engineers are.

Harmonizing privacy with security principles and practices

During the development of a software system, the process of requirements elicitation gathers both functional requirements (i.e., what the system should do) and nonfunctional requirements (i.e., what the system should be). Computer science and software engineering education have traditionally addressed the former more than the latter, because it is easier to test that functional requirements have been properly implemented. Within the category of nonfunctional requirements, the privacy requirements engineering process is less mature than that of security engineering, and underlying engineering principles can give little attention to privacy requirements. In this paper, we discuss how security and privacy requirements engineering can be taught as necessary aspects of software development. We suggest that the best way to harmonize security and privacy requirements is to link information systems experts with computer scientists with the goal of addressing the key issues that prevent systems from implementing effective security and privacy.

ORACLE a tool for learning compiler writing

This paper describes a compiler called ORACLE which allows a student to examine the actions performed by a simple compiler. Two features are provided to assist the student. The first called replacement mode, provides the necessary conditions to simulate the replacement of three compiler components: symbol table management, lexical analysis, and syntax analysis. Each replacement module is monitored by ORACLE in order to detect errors and to verify correct operation. The second, a trace option, permits source statements to initiate or terminate a selective monitoring of the actions of the compiler.

A transaction flow approach to software security certification for document handling systems

A security certification method is described for a document handling system for a major government organization. The security evaluation process includes identification of the exposures of the system, determination of the controls that cover those exposures, and evaluation of the appropriateness and effectiveness of the controls. Included are the details of the analysis performed and the types of results expected in that analysis, both of which constitute the basic evaluation of the document handling system. The certification analysis approach can be extended naturally to other types of computing systems.

ASSIST-V: An Environment Simulator for IBM 360 Systems Software Development

This paper describes ASSIST-V, a software tool designed for use in the teaching of operating systems, fie management, and machine architecture courses. ASSIST-V is a program that provides an environment for the implementation, testing, and evaluation of systems software for the IBM 360 series machines. This capability is achieved by simulating all relevant aspects of the machines architecture. In particular, ASSIST-V simulates interrupts, I/O channels, and I/O devices, as well as all IBM 360 machine instructions. In addition, ASSIST-V provides extensive debugging and statistics-gathering aids.

Lesson Learned: Security is Inevitable

The history of computing shows simple ideas that caught on: personal computers, the Internet, cloud computing, and smartphones were timely inventions that became successful, sometimes beyond the expectations of their original designers and developers. But ideas that work for one mode of use sometimes show serious limitations in other environments. Creators must anticipate unintended uses, even though predicting change is difficult. Designers must document expectations and limitations of products so that adapters will know when an expanded use threatens security. And developers must accept responsibility for the security of their products. The relatively small group of security professionals can no longer be assumed responsible for anticipating and countering all security threats.

Mathematics and Physics Build a New Future for Secure Communication [Guest editors' introduction]

Cryptography keeps data secret while in transit or at rest, and this property underlies the notions of secure communication, secure identities, and access control on the Internet. These are well-known uses implemented by algorithms and protocols that are the subject of ongoing research and refinement. The field grows with the steady discovery of new forms of and uses for secure communication. These developments make for a vibrant, emerging landscape for privacy and authentication on an ever-shifting physical substrate. In this special magazine issue, four different parts of that landscape are explored.

Why We Won't Review Books by Hackers

Why we decided against reviewing books by convicted computer criminals.

Pascal program development aids

In this paper we describe a set of tools we have devised to aid in the development and maintenance of PASCAL programs. PASCAL has been chosen as a target language since it is gaining increasing interest as a language for use on mini- and microcomputers.